ocsp.pki.goog/gts1c3
471 B IP
Hash 7db097f893ccccdf9eb9965042f0bb6b
a8e67cd2ae56b2b6c1d26ce6086248438c4b56f7
de5094c53d67a0682706df853cf35c2dd886b0cfc99af5f5de2a3fe408626cd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 04 Oct 2023 04:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
471 B IP
Hash 3522928ea9c56868851612bdca530265
49f00c90f0fed0d08dc02437869973d575681a20
b6637fe8fbbd6803a33988cb075c7692a63ee86f336e0101a681aaa851e24f4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 04 Oct 2023 04:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.depositfiles.com/images/no.png
200 OK 3.1 kB URL GET HTTP/2 static.depositfiles.com/images/no.png
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 1724ae7b4437c460dafe40dfe9f96d41
8dc80d5b802f180254a8ee1bf1edf0b843205f1e
9b95b8f24b2b0808d611f4fd9bf5f3c548b352ae6100ab7b298b99a86905db79
GET /images/no.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
date: Wed, 04 Oct 2023 04:26:17 GMT
etag: "65154db0-c4a"
last-modified: Thu, 28 Sep 2023 09:56:00 GMT
server: nginx
content-length: 3146
X-Firefox-Spdy: h2
static.depositfiles.com/images/speed_small.gif
200 OK 24 kB URL GET HTTP/2 static.depositfiles.com/images/speed_small.gif
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type GIF image data, version 89a, 200 x 200\012- data
Hash 5cbc96bbb7230dd17ed38b5dd6e3271c
6ee1f0b9e29ac3e824cccd6e5135d51c8d3aaea1
01edcbb65e514def555b1e999d3a72f118f67e572f628293b91893b3758c6991
GET /images/speed_small.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=432000
content-type: image/gif
date: Wed, 04 Oct 2023 04:26:17 GMT
etag: "65154db0-5dac"
expires: Mon, 09 Oct 2023 04:26:17 GMT
last-modified: Thu, 28 Sep 2023 09:56:00 GMT
server: nginx
content-length: 23980
X-Firefox-Spdy: h2
static.depositfiles.com/images/speed_small_gold.gif
200 OK 14 kB URL GET HTTP/2 static.depositfiles.com/images/speed_small_gold.gif
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type GIF image data, version 89a, 200 x 200\012- data
Hash c5f8f0e9ecd16637e267912376c24bed
324567a641d318ecfafe6374dfba86ccb2f90dd7
13678b229b6c4224bcb9578a2f29bc3686958f4bea73af7645eb39af4246e6a9
GET /images/speed_small_gold.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=432000
content-type: image/gif
date: Wed, 04 Oct 2023 04:26:17 GMT
etag: "65154db0-389c"
expires: Mon, 09 Oct 2023 04:26:17 GMT
last-modified: Thu, 28 Sep 2023 09:56:00 GMT
server: nginx
content-length: 14492
X-Firefox-Spdy: h2
static.depositfiles.com/images/yes.png
200 OK 3.3 kB URL GET HTTP/2 static.depositfiles.com/images/yes.png
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 3055b8489aeb385fb40b27f0bf0a5ae7
4cfbe45a0ba393ab8ad535cc04af30debef0a1ab
b325d6cb153b02050e59230e2abfb01e05f4bda708ad54bd8f6d9693fa9c2dac
GET /images/yes.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
date: Wed, 04 Oct 2023 04:26:17 GMT
etag: "65154db1-ccb"
last-modified: Thu, 28 Sep 2023 09:56:01 GMT
server: nginx
content-length: 3275
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-BL9163LYG1
200 OK 92 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-BL9163LYG1
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18
ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File type ASCII text, with very long lines (4179)
Hash 88d7a021589b7f61cfd338938f086354
4e8c77475ede5b70a8ed3880bbb6d3583026a9d0
450b97804081e2a2f7db06c4f0c472edc014edc762df1626b0ef3b58d0678419
GET /gtag/js?id=G-BL9163LYG1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 04 Oct 2023 04:26:17 GMT
expires: Wed, 04 Oct 2023 04:26:17 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 91801
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.depositfiles.com/js/jquery.validate.js
200 OK 38 kB URL GET HTTP/2 static.depositfiles.com/js/jquery.validate.js
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type Unicode text, UTF-8 text, with very long lines (1238)
Hash d5231b6378847ebdb55f64c77d5a234f
eed97aa0b2aa9486b6f6831ed8a85dc729ad6b9c
95434a8a2568a6481a1fbcf5808a75dd58e77348ed6d70b4f7aeda8842e8f0c7
GET /js/jquery.validate.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=300
content-type: application/javascript
date: Wed, 04 Oct 2023 04:26:17 GMT
etag: "65154db1-957d"
expires: Wed, 04 Oct 2023 04:31:17 GMT
last-modified: Thu, 28 Sep 2023 09:56:01 GMT
server: nginx
content-length: 38269
X-Firefox-Spdy: h2
static.depositfiles.com/js/download_utils.js
200 OK 13 kB URL GET HTTP/2 static.depositfiles.com/js/download_utils.js
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type ASCII text, with very long lines (2250)
Hash 90a706006bc709cdc974ff3e0e01b34f
89585d2c7cac44c9c03c118bbb38aefba1d8a1e4
16f1515b9938fc7de086c504fe214484d97e237647a5d7fa2cb742a93f00c1ea
GET /js/download_utils.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=300
content-type: application/javascript
date: Wed, 04 Oct 2023 04:26:17 GMT
etag: "65154db1-3447"
expires: Wed, 04 Oct 2023 04:31:17 GMT
last-modified: Thu, 28 Sep 2023 09:56:01 GMT
server: nginx
content-length: 13383
X-Firefox-Spdy: h2
static.depositfiles.com/js/gold_offer.js
200 OK 9.9 kB URL GET HTTP/2 static.depositfiles.com/js/gold_offer.js
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type HTML document text\012- HTML document, ASCII text
Hash 041bdbbe3ac15bc57b14933e164b55f8
790f921426d0b602424fb3077ca900af94b5ad9e
a86d8d81e5c254822628c578c40d2d62956ab3060632d1884b5080093365b97b
GET /js/gold_offer.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=300
content-type: application/javascript
date: Wed, 04 Oct 2023 04:26:17 GMT
etag: "65154db1-269f"
expires: Wed, 04 Oct 2023 04:31:17 GMT
last-modified: Thu, 28 Sep 2023 09:56:01 GMT
server: nginx
content-length: 9887
X-Firefox-Spdy: h2
static.depositfiles.com/js/function.js
200 OK 35 kB URL GET HTTP/2 static.depositfiles.com/js/function.js
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type ASCII text, with very long lines (4240)
Hash a5779d2f560cd50376dbba372b0fd15b
07b08e35b9254288c1372e37577db8b9e4da01b4
51d26403861d61a7842bc73f518d4a4351a7027c40c9f0347f61421226950b84
GET /js/function.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=300
content-type: application/javascript
date: Wed, 04 Oct 2023 04:26:17 GMT
etag: "65154db1-8863"
expires: Wed, 04 Oct 2023 04:31:17 GMT
last-modified: Thu, 28 Sep 2023 09:56:01 GMT
server: nginx
content-length: 34915
X-Firefox-Spdy: h2
dfiles.eu/files/peo8zx000/CODMW2.exe
200 OK 405 kB URL User Request GET HTTP/2 dfiles.eu/files/peo8zx000/CODMW2.exe
IP
Certificate IssuerLet's Encrypt
Subjectdfiles.eu
Fingerprint73:8B:6E:11:8B:1A:0A:62:8B:36:6D:0E:47:AE:11:64:99:18:9A:3D
ValidityWed, 06 Sep 2023 05:19:12 GMT - Tue, 05 Dec 2023 05:19:11 GMT
File type gzip compressed data, max speed, from Unix\012- data
Size 405 kB (405192 bytes)
Hash 29d4358c6984c298d8fc9494a5d09fbf
42df4d103299bfb9e86d75030d178deb30bc984b
75c1d76c4c9cb54793d4cc683578273823de0cbef98ed4ec04244dd575d8418f
GET /files/peo8zx000/CODMW2.exe HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 04 Oct 2023 04:26:16 GMT
server: nginx
set-cookie: uprand=5f9e1f04b9d8074ba7c041a14434c9b2; path=/; domain=.dfiles.eu
last_file=peo8zx000; path=/; domain=.dfiles.eu
lang_current=en; expires=Thu, 03-Oct-2024 04:26:16 GMT; Max-Age=31536000; path=/; domain=.dfiles.eu; secure
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash da615d2cdb433fa27f09a91148e7bac9
87e2570821d15934795a75a0a7077a4ab19bf617
ddde51f9103bee53b78813e794367cfd4f2f31162db06e89d61efb5e201d7c0b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 04 Oct 2023 04:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
471 B IP
Hash 7db097f893ccccdf9eb9965042f0bb6b
a8e67cd2ae56b2b6c1d26ce6086248438c4b56f7
de5094c53d67a0682706df853cf35c2dd886b0cfc99af5f5de2a3fe408626cd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 04 Oct 2023 04:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
audienceravagephotocopy.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
200 OK 14 kB URL GET HTTP/1.1 audienceravagephotocopy.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectaudienceravagephotocopy.com
Fingerprint5F:C9:60:70:B1:E5:B8:DC:A5:5F:EC:E4:34:C1:1A:C5:94:FA:0B:2E
ValidityTue, 05 Sep 2023 00:49:44 GMT - Mon, 04 Dec 2023 00:49:43 GMT
File type ASCII text, with very long lines (40530), with no line terminators
Hash 6fcad69bb0f5f3e2c3aff0294508d13a
46754f9e1eaefd64ad08022fc7e9bb1aa9c367a5
1ee3b12947592e90faf19d530c3685d7a5f143d5ed77580f7d37cecfe9abb245
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js HTTP/1.1
Host: audienceravagephotocopy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 04 Oct 2023 04:26:18 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b6b1d40331b22d4aa050637d112979dd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.depositfiles.com/images/logo.png
200 OK 3.6 kB URL GET HTTP/2 static.depositfiles.com/images/logo.png
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type PNG image data, 176 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash c41fdd84b04e45a91cb17cfdeccb1b38
fec7fffe104c7e169aeb159032078c4b71ff2cdc
7f89eb8ab03684f4db282ca30eb231b1e254bca10c7b511950df5e0eab0a68a0
GET /images/logo.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
date: Wed, 04 Oct 2023 04:26:18 GMT
etag: "65154db0-e27"
last-modified: Thu, 28 Sep 2023 09:56:00 GMT
server: nginx
content-length: 3623
X-Firefox-Spdy: h2
static.depositfiles.com/images/sprite.png
200 OK 37 kB URL GET HTTP/2 static.depositfiles.com/images/sprite.png
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type PNG image data, 102 x 630, 8-bit/color RGBA, non-interlaced\012- data
Hash 2333675d7e431d5313c6dbb5230a14cd
93c4032e5b8b85793a9cda7167804445d950dd96
b287134a60667ce8e2c3fa1603e3a8f2ffa59c64e746d026d1a13ef19f3f38a0
GET /images/sprite.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
date: Wed, 04 Oct 2023 04:26:18 GMT
etag: "65154db0-8fc2"
last-modified: Thu, 28 Sep 2023 09:56:00 GMT
server: nginx
content-length: 36802
X-Firefox-Spdy: h2
static.depositfiles.com/images/member_menu_bg.gif
200 OK 78 B URL GET HTTP/2 static.depositfiles.com/images/member_menu_bg.gif
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type GIF image data, version 89a, 1 x 48\012- data
Hash 20a24b56dcedf6a71a71ebec771e1f7d
d7bed493d5d4eeaed5dbbf7d30d45107840790a0
6f57f29224d8e9e51ed0839e329055426fba7dcd97ef31e93ed495f93a6063df
GET /images/member_menu_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=432000
content-type: image/gif
date: Wed, 04 Oct 2023 04:26:18 GMT
etag: "65154db0-4e"
expires: Mon, 09 Oct 2023 04:26:18 GMT
last-modified: Thu, 28 Sep 2023 09:56:00 GMT
server: nginx
content-length: 78
X-Firefox-Spdy: h2
static.depositfiles.com/images/sprite64.png
200 OK 29 kB URL GET HTTP/2 static.depositfiles.com/images/sprite64.png
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type PNG image data, 64 x 1088, 8-bit/color RGBA, non-interlaced\012- data
Hash e50649ecf6a2094c25da755ea0ea7bd1
e1c3e229a62f049442fa16cf43ec07f384b27362
a9ed59ab3bbcfdf66224664aeb14fa0f0e8f034d8472a58dadcf65cfff17685d
GET /images/sprite64.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
date: Wed, 04 Oct 2023 04:26:18 GMT
etag: "65154db0-704b"
last-modified: Thu, 28 Sep 2023 09:56:00 GMT
server: nginx
content-length: 28747
X-Firefox-Spdy: h2
static.depositfiles.com/css/main.css
200 OK 56 kB URL GET HTTP/2 static.depositfiles.com/css/main.css
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type gzip compressed data, max speed, from Unix\012- data
Hash d6dad0af2deb952c4b523a74f82e338b
553898376ceabcedba4594c583948294621ce16f
451a7a5113bedad3dae3d031dae559471c608ac7886c5a496ee86802c6681a54
GET /css/main.css HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=300
content-encoding: gzip
content-type: text/css
date: Wed, 04 Oct 2023 04:26:17 GMT
etag: W/"65154dac-2f719"
expires: Wed, 04 Oct 2023 04:31:17 GMT
last-modified: Thu, 28 Sep 2023 09:55:56 GMT
server: nginx
X-Firefox-Spdy: h2
static.depositfiles.com/images/flags/lang24.png
200 OK 9.2 kB URL GET HTTP/2 static.depositfiles.com/images/flags/lang24.png
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type PNG image data, 24 x 552, 8-bit/color RGBA, non-interlaced\012- data
Hash efdcd1ca23d564ddd811f41152a2b83c
0b5aa064e7f8f241363c55fa17eb448f42a5f8df
ce23be242e34c5b420f8ba0390aef20fa50ffc69f700091029616eff524e8f9b
GET /images/flags/lang24.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
date: Wed, 04 Oct 2023 04:26:18 GMT
etag: "65154db0-23d4"
last-modified: Thu, 28 Sep 2023 09:56:00 GMT
server: nginx
content-length: 9172
X-Firefox-Spdy: h2
static.depositfiles.com/images/sprite16.png
200 OK 28 kB URL GET HTTP/2 static.depositfiles.com/images/sprite16.png
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type PNG image data, 32 x 1072, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e86fe2d2c2650c5f4663f0fc135ebc1
ba86e14a9abcff0581eda84a307594ef1288b982
604187f8828381a47ae70249f55f21c78c53ab1401d20a5f2230a0d6c9ae50d1
GET /images/sprite16.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
date: Wed, 04 Oct 2023 04:26:18 GMT
etag: "65154db0-6f55"
last-modified: Thu, 28 Sep 2023 09:56:00 GMT
server: nginx
content-length: 28501
X-Firefox-Spdy: h2
ocsp.r2m03.amazontrust.com/
471 B URL ocsp.r2m03.amazontrust.com/
IP
Hash ebc766ce3599f45b7d18604c311f4426
7584d6f33348277eaf7da39b11853cc36d6f24fc
b21d75771b5a8456cb12272793d4b720108d587c7b97e443ed4d7ed128bf635d
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 04 Oct 2023 04:26:18 GMT
Last-Modified: Wed, 04 Oct 2023 02:38:44 GMT
Server: ECAcc (ska/F756)
X-Cache: Miss from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gqetrZ3CIS8-4lFIFDiT9pVs6ihLLSUYTb799Q70u1BL2MAVoS9k-g==
Age: 6454
professionalswebcheck.com/stats
200 OK 40 B URL GET HTTP/2 professionalswebcheck.com/stats
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 5717e8fb3eebdbb380440ae28cd04f0f
8c0094048f5c384d9a5409a32a32d902933c68b0
20c421b42d25cba83dda4da7207fbbc0bbcf124bc993dd6f9aae5fe0713156e0
GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:18 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=e32efd6b-50e4-498c-a8e3-7457c91d58c1:2:1; expires=Sat, 01 Oct 2033 04:26:18 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
loader.unblockia.com/c/dfiles.eu/config.json
200 OK 47 kB URL GET HTTP/2 loader.unblockia.com/c/dfiles.eu/config.json
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (46747), with no line terminators
Hash f365c1e4619a90bbadadacf55598fe90
1623c939b72aecd3831e1da35e4c0a5229383e91
23e2e4d868bb2652b97e9e13d36df1dfeeba338d4e9c4d1d737fba6b2b2b2d52
GET /c/dfiles.eu/config.json HTTP/1.1
Host: loader.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 46747
last-modified: Fri, 09 Jun 2023 09:20:17 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: trENJHq0I9QxpCJnwtrkDFWJYsxIhjKV
accept-ranges: bytes
server: AmazonS3
date: Tue, 03 Oct 2023 12:48:27 GMT
etag: "f365c1e4619a90bbadadacf55598fe90"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _MlfdlZyojZK3U7eSBtlpp3wzU28RLN8_NHKfP6Y_f9gIlnu4BHAtg==
age: 56272
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
js.wpadmngr.com/static/adManager.m.js
200 OK 65 kB URL GET HTTP/2 js.wpadmngr.com/static/adManager.m.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectjs.wpadmngr.com
Fingerprint04:CF:08:FC:86:05:83:D6:A9:F6:8F:DE:01:9D:01:44:61:5C:93:92
ValidityWed, 13 Sep 2023 02:02:43 GMT - Tue, 12 Dec 2023 02:02:42 GMT
File type gzip compressed data, from Unix\012- data
Hash 5253fe938d9f24a4100516f219930315
35733ccefa016699d7a8e57ee0792ed8fba1c959
a3d1bd603c3507ec80bc180b8da6b6e07d592a9ad14834ba7437405ebce75b13
GET /static/adManager.m.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:18 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 29 Sep 2023 12:29:41 GMT
etag: W/"6516c335-2f45a"
content-encoding: gzip
expires: Wed, 04 Oct 2023 04:31:18 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.capndr.com/advertising.js
200 OK 0 B URL GET HTTP/2 js.capndr.com/advertising.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectjs.capndr.com
Fingerprint6A:A0:24:1B:ED:51:D5:2A:39:50:AC:F1:8D:2B:A0:14:4C:58:7B:BC
ValidityWed, 23 Aug 2023 23:01:05 GMT - Tue, 21 Nov 2023 23:01:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertising.js HTTP/1.1
Host: js.capndr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:19 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 14 Jul 2023 08:23:25 GMT
etag: "64b105fd-0"
expires: Wed, 04 Oct 2023 04:31:19 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
proceedglad.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
200 OK 29 kB URL GET HTTP/1.1 proceedglad.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectproceedglad.com
Fingerprint2A:D3:35:35:68:BE:DB:C7:94:06:79:72:30:DE:D1:CD:A1:82:99:E6
ValiditySat, 23 Sep 2023 00:49:43 GMT - Fri, 22 Dec 2023 00:49:42 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash eabd4e7f64424f00930aa33a4a4cebe1
056ec2147332bdf24d10d6a5c89ce8d7494a242a
4dfbfbcdd2a6b44c4f38060395039a18a8d68ba66a61fa747cbb41222b955d20
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js HTTP/1.1
Host: proceedglad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 04 Oct 2023 04:26:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b00f905c60c748611bd70176477627f7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
85 kB URL adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=5f9e1f04b9d8074ba7c041a14434c9b2; last_file=peo8zx000; lang_current=en; _ga_BL9163LYG1=GS1.1.1696393578.1.0.1696393578.0.0.0; _ga=GA1.1.1279784232.1696393578; _nf56=1; _nf58=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: no-cache, private, no-cache, no-store, must-revalidate
content-type: application/javascript
date: Wed, 04 Oct 2023 04:26:19 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
server: nginx
content-length: 85260
X-Firefox-Spdy: h2
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
85 kB URL adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=5f9e1f04b9d8074ba7c041a14434c9b2; last_file=peo8zx000; lang_current=en; _ga_BL9163LYG1=GS1.1.1696393578.1.0.1696393578.0.0.0; _ga=GA1.1.1279784232.1696393578; _nf56=1; _nf58=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: no-cache, private, no-cache, no-store, must-revalidate
content-type: application/javascript
date: Wed, 04 Oct 2023 04:26:19 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
server: nginx
content-length: 85260
X-Firefox-Spdy: h2
jsc.mgid.com/d/e/depositfiles.com.7998.js
1.9 kB URL jsc.mgid.com/d/e/depositfiles.com.7998.js
IP
File type C source, ASCII text, with very long lines (3857), with no line terminators
Hash 3011117cdaca0ccd5a72b3612cebaeef
bd9f5d7888828657743f738707833bff7e6e0782
435e541f851645c56437e18a7fda4017942535a2bdca3e6d8b8092a60df30fbf
GET /d/e/depositfiles.com.7998.js HTTP/1.1
Host: jsc.mgid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:19 GMT
content-type: text/javascript
cf-bgj: minify
cf-polished: origSize=3858
etag: W/"0617d72984071ceed5889ef6107260d1"
last-modified: Tue, 26 Sep 2023 13:42:27 GMT
x-amz-id-2: qBffnF5AyvvWQo0eLhjEslRqnngECmUzPykkD0UBD2sX92OamrTvUAtnSYQZ6zQkTNL5dSKOxtM=
x-amz-request-id: 69MEDDV1RPJ8CXC8
x-amz-server-side-encryption: AES256
x-amz-version-id: 0XS1UV9i2F7tM2KMIo7IY1reeCGRhQgo
cf-cache-status: HIT
expires: Wed, 04 Oct 2023 07:26:19 GMT
cache-control: public, max-age=10800
set-cookie: __cf_bm=Ia9P.giKAQ9krYYrNFgwoAI73TK9mAXQfclgETXuHi8-1696393579-0-ASw3fiTcbnUCa1u22eotWYQbUuBLeZQiQX4RAV0vP2J3AQfqhCKUnsx248ow5r1kMEIyVTo1dCJuz8uczwKWAo8=; path=/; expires=Wed, 04-Oct-23 04:56:19 GMT; domain=.mgid.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
server: cloudflare
cf-ray: 810aaa7dca1d0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
professionalswebcheck.com/stats
200 OK 40 B URL GET HTTP/2 professionalswebcheck.com/stats
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 5717e8fb3eebdbb380440ae28cd04f0f
8c0094048f5c384d9a5409a32a32d902933c68b0
20c421b42d25cba83dda4da7207fbbc0bbcf124bc993dd6f9aae5fe0713156e0
GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=e32efd6b-50e4-498c-a8e3-7457c91d58c1:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:19 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
adsbb.dfiles.eu/view.gif?c=2685&z=56&b=2758&u=651ce91da8dc107905321082871031
43 B URL adsbb.dfiles.eu/view.gif?c=2685&z=56&b=2758&u=651ce91da8dc107905321082871031
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2685&z=56&b=2758&u=651ce91da8dc107905321082871031 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=5f9e1f04b9d8074ba7c041a14434c9b2; last_file=peo8zx000; lang_current=en; _ga_BL9163LYG1=GS1.1.1696393578.1.0.1696393578.0.0.0; _ga=GA1.1.1279784232.1696393578; _nf56=1; _nf58=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: no-cache, private, no-cache, no-store, must-revalidate
content-type: image/gif
date: Wed, 04 Oct 2023 04:26:19 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
server: nginx
content-length: 43
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__en.js
200 OK 190 kB URL GET HTTP/2 www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__en.js
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27
ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT
File type ASCII text, with very long lines (621)
Size 190 kB (189597 bytes)
Hash d0f24857a83615487e11b16804ab8829
3007fc0bfd11d1a3de214c780f62e1c429208002
b1a65063717196413801187164cad067a3c8b3f1c8d7cf768de32d1230ecdf3c
GET /recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 189597
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 04 Oct 2023 03:55:06 GMT
expires: Thu, 03 Oct 2024 03:55:06 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 02 Oct 2023 04:05:03 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 1873
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=651ce91d89b207600652207144013
43 B URL adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=651ce91d89b207600652207144013
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2973&z=58&b=2775&u=651ce91d89b207600652207144013 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=5f9e1f04b9d8074ba7c041a14434c9b2; last_file=peo8zx000; lang_current=en; _ga_BL9163LYG1=GS1.1.1696393578.1.0.1696393578.0.0.0; _ga=GA1.1.1279784232.1696393578; _nf56=1; _nf58=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: no-cache, private, no-cache, no-store, must-revalidate
content-type: image/gif
date: Wed, 04 Oct 2023 04:26:19 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
server: nginx
content-length: 43
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
471 B IP
Hash 5f93d2ee1f8bc9c027d662cfca92d7a3
8281e9ca3a7923e4c24d271e16380d50ad76e13d
af7bd320100aa1edaedb93e43ece4cf882b46ea8d018a390535efe5ef2062356
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 04 Oct 2023 04:26:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
proceedglad.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
200 OK 3.0 kB URL GET HTTP/1.1 proceedglad.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectproceedglad.com
Fingerprint2A:D3:35:35:68:BE:DB:C7:94:06:79:72:30:DE:D1:CD:A1:82:99:E6
ValiditySat, 23 Sep 2023 00:49:43 GMT - Fri, 22 Dec 2023 00:49:42 GMT
File type JSON data\012- , ASCII text, with very long lines (5377), with no line terminators
Hash 68984c11600591b4b614ecce108601d1
4fd55e26450ea517afef5964d7049034d5c9ae70
2e825fa0e5d6fe9ec9835fd36ee622f0487ba1f5077df80035a6a915bb5e7ee4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6 HTTP/1.1
Host: proceedglad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 04 Oct 2023 04:26:19 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dfiles.eu
Access-Control-Allow-Origin: https://dfiles.eu
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16004719; expires=Thu, 05 Oct 2023 04:26:19 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 05 Oct 2023 04:26:19 GMT; secure; SameSite=None
uncs=1; expires=Thu, 05 Oct 2023 04:26:19 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 05 Oct 2023 04:26:19 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 05 Oct 2023 04:26:19 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ed92c1963b43f344132fac297cc23034
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
c.mgid.com/pv/?lu=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fpeo8zx000%2FCODMW2.exe&cbuster=1696393579992535494829&pvid=18af8efcdd7872782e5&implVersion=11&cxurl=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fpeo8zx000%2FCODMW2.exe&site=437&i=1
43 B URL c.mgid.com/pv/?lu=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fpeo8zx000%2FCODMW2.exe&cbuster=1696393579992535494829&pvid=18af8efcdd7872782e5&implVersion=11&cxurl=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fpeo8zx000%2FCODMW2.exe&site=437&i=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
GET /pv/?lu=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fpeo8zx000%2FCODMW2.exe&cbuster=1696393579992535494829&pvid=18af8efcdd7872782e5&implVersion=11&cxurl=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fpeo8zx000%2FCODMW2.exe&site=437&i=1 HTTP/1.1
Host: c.mgid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adsbb.dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=Ia9P.giKAQ9krYYrNFgwoAI73TK9mAXQfclgETXuHi8-1696393579-0-ASw3fiTcbnUCa1u22eotWYQbUuBLeZQiQX4RAV0vP2J3AQfqhCKUnsx248ow5r1kMEIyVTo1dCJuz8uczwKWAo8=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 04 Oct 2023 04:26:19 GMT
content-type: image/gif
content-length: 43
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 810aaa80cb9356be-OSL
alt-svc: h3=":443"; ma=86400
ordinarilyinstead.com/pixel/purst?dl=0&th=0&sc=0&rs=2723&rd=2723&fd=776&bv=22.10.v.10&tmpl=136
200 OK 0 B URL GET HTTP/1.1 ordinarilyinstead.com/pixel/purst?dl=0&th=0&sc=0&rs=2723&rd=2723&fd=776&bv=22.10.v.10&tmpl=136
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectordinarilyinstead.com
FingerprintB7:68:D7:83:99:21:11:21:F8:B5:F7:D3:95:E8:9C:9E:1F:81:1E:FC
ValidityWed, 27 Sep 2023 00:34:56 GMT - Tue, 26 Dec 2023 00:34:55 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2723&rd=2723&fd=776&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: ordinarilyinstead.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 04 Oct 2023 04:26:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
static.depositfiles.com/images/favicon.ico
200 OK 318 B URL GET HTTP/2 static.depositfiles.com/images/favicon.ico
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Hash 0f0b975ee529197ec75780ebc2de5907
59688c6aafca5606e388ba9a44fc9dc25fc32cd3
28a0b52229f05b66354ca38b6b813d2281af3efb7e8b0a424ef8b4c68b9e583c
GET /images/favicon.ico HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/x-icon
date: Wed, 04 Oct 2023 04:26:19 GMT
etag: "65154db0-13e"
last-modified: Thu, 28 Sep 2023 09:56:00 GMT
server: nginx
content-length: 318
X-Firefox-Spdy: h2
professionalswebcheck.com/stats
200 OK 40 B URL GET HTTP/2 professionalswebcheck.com/stats
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 5717e8fb3eebdbb380440ae28cd04f0f
8c0094048f5c384d9a5409a32a32d902933c68b0
20c421b42d25cba83dda4da7207fbbc0bbcf124bc993dd6f9aae5fe0713156e0
GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=e32efd6b-50e4-498c-a8e3-7457c91d58c1:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:19 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
professionalswebcheck.com/stats
200 OK 40 B URL GET HTTP/2 professionalswebcheck.com/stats
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 5717e8fb3eebdbb380440ae28cd04f0f
8c0094048f5c384d9a5409a32a32d902933c68b0
20c421b42d25cba83dda4da7207fbbc0bbcf124bc993dd6f9aae5fe0713156e0
GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=e32efd6b-50e4-498c-a8e3-7457c91d58c1:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:19 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
proceedglad.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSv28cRRTHZ4OVAmhCaEBBug6Q0Hl3vfeLFCgmGFmYOCQg6NDszOx5uNmd1czO7dmisIiEUh7%2Fwfp7dizAisIfAEJrukhIPioXuEBKQYlAqdGdLY48afXe931f8Xlv5%2Bs9d0Z8OHq69qHekUrR5VbTb7zxWRBcb2zIzI0ao27783Z0vWGGbwd%2Br%2Bm%2F2XhfsIFeDv3A9wM%2FaKxJIxI9Wg6CoOlD5ke9oNnzm1HYDFoRRuZZbZ0HSz3w4Rl5CZJPnz96GEGyGln66Kawg0Lnb72XOkULbTDkh59kg0yXGdJFmRgPSXZ4MQ1tT9Z%2Bgs4O5sDQw%2F8GYzkl3pM%2FEGeHF5SIhwfnoLGCyBDzF1AOawhVQ9IaTN%2BD5CcEYBy3NpGlD25pU9Ltc5fO3ClZevo3ZDklS7%2B%2FjCx9uKrkqHFXK1dInVmMkgpyVEP2a%2BTuGMXOJcjyGKz4CpL%2FSpafbiBL9zet0pC8mi8vZQ2Z1FBiDGo9uNknPbjEg8s9pPy00WFRt8u7LU4FY2GcBN0kSqIeZX7C%2FJVeCMdmeGMU%2BRhMjcHMLnKzi4Ecw7ifYbcqWO7BFlPifbSLIa9QCoLSEpSUoJQEZUFQDqsDrmxoqwdcWRcHFzm8yCvVRBf9PXqgi77IyF5%2BRq7M7%2FJPW2MgThthGFEe0SCKozhosaATtpOk47cEa3dCQduwsoK0l%2Bar7siTqzlyefLiNcT0GFYdg8kroO410HLSCX3QrUnU9bGTPeIi11YWiVTCNplOwXWFvFhCse3tqTPyypzj9SevQrDH5CLATIXcVPhC%2FkLQV%2Fcnd3RJ9u%2Fo0pIfNvNCpnKHzv7d3YIW4vJ3H4jtUhu%2BftOOv73BZsasPPpY2GKDZlxmfUu%2BX5WcC7OmDRPkx3X7qYhvO7u16kzm8o3b766tp7kR1kqd1aDy5Ms2mJySyzcO5q%2Fy6l8hpKlhXIXULUilrsHyXdh80bOawKiFjnMPpasmJowXTSUJlFhoGlew%2F9Pxot6z99E3HmhxD1laYWgqDFUFqsaw7rlJkZvH7%2Fy2Mg%2FEypvEynj7sTLqm%2FPTWnnaEB3R7vUiP%2Bpw348jHoZBSzC6EtEeDcOkg8JOxbU%2FB%2F8CAAD%2F%2FwEAAP%2F%2Ff1Ai9WIEAAA%3D
200 OK 7 B URL GET HTTP/1.1 proceedglad.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSv28cRRTHZ4OVAmhCaEBBug6Q0Hl3vfeLFCgmGFmYOCQg6NDszOx5uNmd1czO7dmisIiEUh7%2Fwfp7dizAisIfAEJrukhIPioXuEBKQYlAqdGdLY48afXe931f8Xlv5%2Bs9d0Z8OHq69qHekUrR5VbTb7zxWRBcb2zIzI0ao27783Z0vWGGbwd%2Br%2Bm%2F2XhfsIFeDv3A9wM%2FaKxJIxI9Wg6CoOlD5ke9oNnzm1HYDFoRRuZZbZ0HSz3w4Rl5CZJPnz96GEGyGln66Kawg0Lnb72XOkULbTDkh59kg0yXGdJFmRgPSXZ4MQ1tT9Z%2Bgs4O5sDQw%2F8GYzkl3pM%2FEGeHF5SIhwfnoLGCyBDzF1AOawhVQ9IaTN%2BD5CcEYBy3NpGlD25pU9Ltc5fO3ClZevo3ZDklS7%2B%2FjCx9uKrkqHFXK1dInVmMkgpyVEP2a%2BTuGMXOJcjyGKz4CpL%2FSpafbiBL9zet0pC8mi8vZQ2Z1FBiDGo9uNknPbjEg8s9pPy00WFRt8u7LU4FY2GcBN0kSqIeZX7C%2FJVeCMdmeGMU%2BRhMjcHMLnKzi4Ecw7ifYbcqWO7BFlPifbSLIa9QCoLSEpSUoJQEZUFQDqsDrmxoqwdcWRcHFzm8yCvVRBf9PXqgi77IyF5%2BRq7M7%2FJPW2MgThthGFEe0SCKozhosaATtpOk47cEa3dCQduwsoK0l%2Bar7siTqzlyefLiNcT0GFYdg8kroO410HLSCX3QrUnU9bGTPeIi11YWiVTCNplOwXWFvFhCse3tqTPyypzj9SevQrDH5CLATIXcVPhC%2FkLQV%2Fcnd3RJ9u%2Fo0pIfNvNCpnKHzv7d3YIW4vJ3H4jtUhu%2BftOOv73BZsasPPpY2GKDZlxmfUu%2BX5WcC7OmDRPkx3X7qYhvO7u16kzm8o3b766tp7kR1kqd1aDy5Ms2mJySyzcO5q%2Fy6l8hpKlhXIXULUilrsHyXdh80bOawKiFjnMPpasmJowXTSUJlFhoGlew%2F9Pxot6z99E3HmhxD1laYWgqDFUFqsaw7rlJkZvH7%2Fy2Mg%2FEypvEynj7sTLqm%2FPTWnnaEB3R7vUiP%2Bpw348jHoZBSzC6EtEeDcOkg8JOxbU%2FB%2F8CAAD%2F%2FwEAAP%2F%2Ff1Ai9WIEAAA%3D
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectproceedglad.com
Fingerprint2A:D3:35:35:68:BE:DB:C7:94:06:79:72:30:DE:D1:CD:A1:82:99:E6
ValiditySat, 23 Sep 2023 00:49:43 GMT - Fri, 22 Dec 2023 00:49:42 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSv28cRRTHZ4OVAmhCaEBBug6Q0Hl3vfeLFCgmGFmYOCQg6NDszOx5uNmd1czO7dmisIiEUh7%2Fwfp7dizAisIfAEJrukhIPioXuEBKQYlAqdGdLY48afXe931f8Xlv5%2Bs9d0Z8OHq69qHekUrR5VbTb7zxWRBcb2zIzI0ao27783Z0vWGGbwd%2Br%2Bm%2F2XhfsIFeDv3A9wM%2FaKxJIxI9Wg6CoOlD5ke9oNnzm1HYDFoRRuZZbZ0HSz3w4Rl5CZJPnz96GEGyGln66Kawg0Lnb72XOkULbTDkh59kg0yXGdJFmRgPSXZ4MQ1tT9Z%2Bgs4O5sDQw%2F8GYzkl3pM%2FEGeHF5SIhwfnoLGCyBDzF1AOawhVQ9IaTN%2BD5CcEYBy3NpGlD25pU9Ltc5fO3ClZevo3ZDklS7%2B%2FjCx9uKrkqHFXK1dInVmMkgpyVEP2a%2BTuGMXOJcjyGKz4CpL%2FSpafbiBL9zet0pC8mi8vZQ2Z1FBiDGo9uNknPbjEg8s9pPy00WFRt8u7LU4FY2GcBN0kSqIeZX7C%2FJVeCMdmeGMU%2BRhMjcHMLnKzi4Ecw7ifYbcqWO7BFlPifbSLIa9QCoLSEpSUoJQEZUFQDqsDrmxoqwdcWRcHFzm8yCvVRBf9PXqgi77IyF5%2BRq7M7%2FJPW2MgThthGFEe0SCKozhosaATtpOk47cEa3dCQduwsoK0l%2Bar7siTqzlyefLiNcT0GFYdg8kroO410HLSCX3QrUnU9bGTPeIi11YWiVTCNplOwXWFvFhCse3tqTPyypzj9SevQrDH5CLATIXcVPhC%2FkLQV%2Fcnd3RJ9u%2Fo0pIfNvNCpnKHzv7d3YIW4vJ3H4jtUhu%2BftOOv73BZsasPPpY2GKDZlxmfUu%2BX5WcC7OmDRPkx3X7qYhvO7u16kzm8o3b766tp7kR1kqd1aDy5Ms2mJySyzcO5q%2Fy6l8hpKlhXIXULUilrsHyXdh80bOawKiFjnMPpasmJowXTSUJlFhoGlew%2F9Pxot6z99E3HmhxD1laYWgqDFUFqsaw7rlJkZvH7%2Fy2Mg%2FEypvEynj7sTLqm%2FPTWnnaEB3R7vUiP%2Bpw348jHoZBSzC6EtEeDcOkg8JOxbU%2FB%2F8CAAD%2F%2FwEAAP%2F%2Ff1Ai9WIEAAA%3D HTTP/1.1
Host: proceedglad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 04 Oct 2023 04:26:20 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cb405f35d88409ba834f24b170b4c30b
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true
200 OK 54 kB URL GET HTTP/2 cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 160x600, components 3\012- data
Hash 5dcf47442fc7fbb8d0263bbf4869537e
2c8232ac93448bbc06b5464f1839a5cdb2ed3e07
81804a1b2b20350ec009ba6429a4f58124c16ca30683af0af255544cd98c8fa6
GET /autopromos/unicef3.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 54292
last-modified: Tue, 12 Apr 2022 08:41:27 GMT
x-amz-version-id: iA22.ytP0i4dmuIhnc0eyNVgJlt2K4fl
accept-ranges: bytes
server: AmazonS3
date: Tue, 03 Oct 2023 06:20:08 GMT
etag: "5dcf47442fc7fbb8d0263bbf4869537e"
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: YGdD3d7x86MKpRGkPuyJlyfedxXPZjYgL7ConCMIFFU4GWaC5a-UmQ==
age: 79573
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
t.unblockia.com/?sid=140&o=3&b=2&p=1&t=1
200 OK 0 B URL POST HTTP/2 t.unblockia.com/?sid=140&o=3&b=2&p=1&t=1
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /?sid=140&o=3&b=2&p=1&t=1 HTTP/1.1
Host: t.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
content-type: application/json
content-length: 0
server: nginx/1.20.0
date: Wed, 04 Oct 2023 04:26:20 GMT
x-cache: Miss from cloudfront
via: 1.1 8d774700accd819b20dfa986df336be2.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P3
x-amz-cf-id: 70x-FQp9Z2MZogmCJF_fktKFSBLPEmjiDOnKLc7f5I5qqHhwCUu9ag==
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true
200 OK 37 kB URL GET HTTP/2 cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 728x90, components 3\012- data
Hash 58fbb6ffe72ac0c1aa468de39ee18e13
d25230f1ef89aecc6048b0ceb09dd0af609ee7b6
e8ff7f3a8926e5b5497d2ab7a1bf47c5655e287a51045f11846f426ac6c7d180
GET /autopromos/unicef2.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 36773
last-modified: Tue, 12 Apr 2022 08:41:28 GMT
x-amz-version-id: xUurxjfnscsyJn430NFsrgfbabIFowSl
accept-ranges: bytes
server: AmazonS3
date: Tue, 03 Oct 2023 06:38:53 GMT
etag: "58fbb6ffe72ac0c1aa468de39ee18e13"
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: AJbxPbofIwN2NyCjnIWrbC7afMNSocqn-f9SYpZfhu9-GfGhwwq8nA==
age: 78535
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
869b14ee4c.dd92fc7c0e.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI1NDA5OTQzMTEzMTE1NDIzMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuODAuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS4zMywiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==
200 OK 0 B URL GET HTTP/2 869b14ee4c.dd92fc7c0e.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI1NDA5OTQzMTEzMTE1NDIzMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuODAuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS4zMywiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subject869b14ee4c.dd92fc7c0e.com
Fingerprint70:38:FA:73:D5:81:AB:AA:9F:D6:F7:2F:03:94:E5:A3:2B:F1:B5:06
ValiditySun, 01 Oct 2023 02:50:37 GMT - Sat, 30 Dec 2023 02:50:36 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI1NDA5OTQzMTEzMTE1NDIzMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuODAuMCIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MS4zMywiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ== HTTP/1.1
Host: 869b14ee4c.dd92fc7c0e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:20 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
proceedglad.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Findex.html&l=1315&fd=251
200 OK 0 B URL GET HTTP/1.1 proceedglad.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Findex.html&l=1315&fd=251
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectproceedglad.com
Fingerprint2A:D3:35:35:68:BE:DB:C7:94:06:79:72:30:DE:D1:CD:A1:82:99:E6
ValiditySat, 23 Sep 2023 00:49:43 GMT - Fri, 22 Dec 2023 00:49:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Findex.html&l=1315&fd=251 HTTP/1.1
Host: proceedglad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 04 Oct 2023 04:26:20 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/img/update-icon.png
200 OK 22 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/img/update-icon.png
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87
ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT
File type PNG image data, 435 x 438, 8-bit colormap, non-interlaced\012- data
Hash 293e03ff5c8794295c7e2bec46e8c106
b2b71ebe6d4719b2259cd6978a410f2dee026b00
2d268405eca080323e13a2f58d284ab1719403438385d405d75739cb23d063cb
GET /sb/notifications/vpn/default/us/mac/black/2/img/update-icon.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 04 Oct 2023 04:26:20 GMT
content-type: image/png
content-length: 22157
last-modified: Fri, 29 Jul 2022 12:34:31 GMT
etag: "62e3d3d7-568d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 27872930
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5YatKLZnBczdFE0O%2FLHHN0KGAz8kvvn4Hyl%2FSQ7Enw2%2BKtgUZat7yXeBzdECsm7BYOPUT4wJ4C96eKgy571LMcZbFoVPMmgv%2F9pgrOWS%2B4n2N2k4Wc2f1vESF5bSoNJO0SN%2BQDbCwf7P"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 810aaa86baeb4885-LHR
alt-svc: h3=":443"; ma=86400
proceedglad.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fcss%2Fstyle.css&l=4644&fd=229
200 OK 0 B URL GET HTTP/1.1 proceedglad.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fcss%2Fstyle.css&l=4644&fd=229
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectproceedglad.com
Fingerprint2A:D3:35:35:68:BE:DB:C7:94:06:79:72:30:DE:D1:CD:A1:82:99:E6
ValiditySat, 23 Sep 2023 00:49:43 GMT - Fri, 22 Dec 2023 00:49:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fcss%2Fstyle.css&l=4644&fd=229 HTTP/1.1
Host: proceedglad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 04 Oct 2023 04:26:20 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/img/number.png
200 OK 1.1 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/img/number.png
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87
ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT
File type PNG image data, 43 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e4414e85c588bf7db195e49c02ab2bb
09254e79b255f1b2dfe45adbbe44583a4b433782
0b977ec6e7cf5d35df03cd3a8041f5f523f5d4059ac67c152c0a7b613e20b762
GET /sb/notifications/vpn/default/us/mac/black/2/img/number.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 04 Oct 2023 04:26:20 GMT
content-type: image/png
content-length: 1138
last-modified: Wed, 02 Sep 2020 10:55:44 GMT
etag: "5f4f7a30-472"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 27873021
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HjTRp8F0tyUMtVqmVPBw0x9ovTeI2CUUSXNsHksd38q27v%2FRYREAKnfAtr14XJ4%2Fhp%2BCZMPSY6FhHYOiqpnbqIlt46eenaZuZInE3UB8IflvNDQxl%2BIZgxWKWb5tK9AhmHBm5%2BmEYeUH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 810aaa87cbbd4885-LHR
alt-svc: h3=":443"; ma=86400
www.google.com/recaptcha/api.js
200 OK 139 kB URL GET HTTP/2 www.google.com/recaptcha/api.js
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintD2:77:FE:08:C6:61:6A:42:5C:1F:85:13:DA:23:B2:B8:46:20:45:88
ValidityMon, 04 Sep 2023 08:23:29 GMT - Mon, 27 Nov 2023 08:23:28 GMT
File type gzip compressed data\012- data
Size 139 kB (138601 bytes)
Hash db1bebd06709d0cb9682de5835829e6d
0af794fba7f438adc54ab90c427a71ac8cd8aedf
1156d8eb13c6b4e7b0f1013fa071efb025659f41d6855ce9d28ef1b32805da70
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
expires: Wed, 04 Oct 2023 04:26:17 GMT
date: Wed, 04 Oct 2023 04:26:17 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/css/style.css
200 OK 1.4 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/css/style.css
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87
ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT
Hash ae86ad99a81d8bfc048be8755fdb44d8
81815fc3f4fba8b0c9cb823cb30ce1faf9466eb6
a326ead2f2095c3e6ae76f8c11a551357a53168ac624e55d436f5444a621b4e1
GET /sb/notifications/vpn/default/us/mac/black/2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:20 GMT
content-type: text/css
last-modified: Fri, 29 Jul 2022 12:34:16 GMT
etag: W/"62e3d3c8-1224"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1712228
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=azYp6Xn4hj7Aj4AfevnD6g%2Fbjl0hxRXdAn9FsByLFGMvIazLLiMHl1uiIjAGiYedsCvXCCR0kpjVmvQm%2BXkEaXFp2OXaUxmau7GJ40qv1cfHwTtRUv2BoDRvLGMQe2r9QrwfkyiBRXaF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 810aaa857b1276cf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=46445
200 OK 0 B URL POST HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint09:1A:28:B6:ED:D8:3C:74:9A:C7:2C:25:55:18:EF:75:D1:DC:8D:13
ValidityTue, 12 Sep 2023 02:45:40 GMT - Mon, 11 Dec 2023 02:45:39 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Wed, 04 Oct 2023 04:26:20 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://dfiles.eu
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
storage.multstorage.com/log/count.html
200 OK 390 B URL GET HTTP/2 storage.multstorage.com/log/count.html
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint60:31:41:79:08:9C:90:BC:C9:A7:23:38:B0:34:0A:5D:AB:42:00:F7
ValidityFri, 22 Sep 2023 10:43:32 GMT - Thu, 21 Dec 2023 10:43:31 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (700)
Hash b728ca9cd183d1b7c3f72116b19b22a3
c1fd73f6b02cf00b8bc60b09cc99495e8494b739
8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2
GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:20 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: 689c4e28ef9b2885a741b070b39c86e9
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cZEss%2BJeK%2FVy%2F8covdnWWy%2BtDKZfV3Jp5RM0GfRnYCB13g66r0Iy9i7YsE01rg1y8F7mWC8HisWJVRgBBTvR7GLyr2YCpz6WVMgv4Dtb0XEab%2BheyN0dw5wB3EljE9Sa36y0fbG%2FG1FdQg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 810aaa848af17741-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
200 OK 28 kB URL GET HTTP/2 friendshipmale.com/sfp.js
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 2d0450888479d4ddda305bd96206b240
5b4595aab1cd3f854718e05db9be0c65a12ab2f6
44de073e74ff24c6b1c0fe1f3ac5b33d793560e85ef24fb6ce89e76c2cf90af6
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 04 Oct 2023 04:26:19 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: ecebdd42100c5e33ccf8a0c8093e23a9
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 04 Oct 2023 04:26:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fddnO4v8y59ac8McTJzo727hBbLyWOrFr%2B1oLykX3LMMFcHXH0UsoHNYmi9GSsaQgkws%2B0YtzjLhRBDcNlmKIaOEYB2IInVKk3lY0NzE1H5fJYCPPGsiytKRrxD2tcfdoa1oqqo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 810aaa7ee8c10702-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
fp.metricswpsh.com/fp?tag_id=46445
200 OK 58 B URL POST HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint09:1A:28:B6:ED:D8:3C:74:9A:C7:2C:25:55:18:EF:75:D1:DC:8D:13
ValidityTue, 12 Sep 2023 02:45:40 GMT - Mon, 11 Dec 2023 02:45:39 GMT
File type JSON data\012- , ASCII text
Hash 853a8b6897413696f6fb4b9a3556f079
24c7e87ff027c2597e21a0ba52791811a14ed396
e60ca237a39b830ed13a4544224ff16f2bbcf4630d3e94696f0687663719a85e
POST /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 23168
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 04 Oct 2023 04:26:21 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dfiles.eu
Set-Cookie: id=1361723151411841008; Expires=Thu, 03 Oct 2024 04:26:21 GMT; Secure; SameSite=None
Vary: Origin
adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
200 OK 710 B URL GET HTTP/2 adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdfiles.eu
Fingerprint73:8B:6E:11:8B:1A:0A:62:8B:36:6D:0E:47:AE:11:64:99:18:9A:3D
ValidityWed, 06 Sep 2023 05:19:12 GMT - Tue, 05 Dec 2023 05:19:11 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash b237405fab60ad879bf97d631c846b5d
9e74653d64a19e76c838455e520792af2efcb373
44d6873491eb31fc20fb95c848a62263ed3b5e8f920b74b0eb6be677166438aa
GET /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=5f9e1f04b9d8074ba7c041a14434c9b2; last_file=peo8zx000; lang_current=en; _ga_BL9163LYG1=GS1.1.1696393578.1.0.1696393578.0.0.0; _ga=GA1.1.1279784232.1696393578; _nf56=1; _nf58=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
content-type: text/html
date: Wed, 04 Oct 2023 04:26:18 GMT
last-modified: Wed, 04 Oct 2023 04:25:01 GMT
server: nginx
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=e32efd6b-50e4-498c-a8e3-7457c91d58c1&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4
200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=e32efd6b-50e4-498c-a8e3-7457c91d58c1&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
FingerprintBE:8C:78:D1:BA:58:B8:88:10:09:32:1D:31:7A:D9:4A:09:BF:6C:7A
ValiditySat, 23 Sep 2023 07:33:12 GMT - Fri, 22 Dec 2023 07:33:11 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=e32efd6b-50e4-498c-a8e3-7457c91d58c1&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 04 Oct 2023 04:26:21 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 67a3439eb6d6c1e16082a3e05c2b8c10
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=e32efd6b-50e4-498c-a8e3-7457c91d58c1&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4
200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=e32efd6b-50e4-498c-a8e3-7457c91d58c1&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
FingerprintBE:8C:78:D1:BA:58:B8:88:10:09:32:1D:31:7A:D9:4A:09:BF:6C:7A
ValiditySat, 23 Sep 2023 07:33:12 GMT - Fri, 22 Dec 2023 07:33:11 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=e32efd6b-50e4-498c-a8e3-7457c91d58c1&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 04 Oct 2023 04:26:21 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f2d3453072fc37feb7e46577f9501991
Strict-Transport-Security: max-age=0; includeSubdomains
proceedglad.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSv28cRRTHZ4OVAmhCaEBBug6Q0Hl3vffDpEAxwcjCxCEBQYdmZ2bPw83urGZ2bs8WhUUklPL4D9bfs2MBVhT%2BABBa00VC8lG5wAVSCkoESo3ufOLIk1bvfd%2F3FZ%2F3dr7ed%2BfEh6Nn6x%2FqXakUXW41%2FcYbnwXB9camzNywMey2P29H1xtm8Hbgrzb9NxvvC9bXy6Ef%2BH7gB411aUSih8tBEDR9yPx4NWiu%2Bs0obAatCEPzrLbOg6Ue%2BOCcvATJJ88fP4wgWY0sfXRT2H6h87feS52ihTYY8KNPsn6mywzpokyMhyQ7mk9D29P1n6Czwxkw9OC%2FwVhOiPfkD8TZ0ZwS8eDwAjRWEBli%2FgLKQQ2hakhag%2Bl7kPyUAIzj1hay9MEtbUq6c%2BHSqTshS0%2F%2FhiwnZOn3l5GlD9eUHDbuauUKqTOLYVJBDmvIXo3cnaDYvQRZnoAVX0HyX8ny001k6cGWVRqSV7PlpawhkxpKjECtBzf9pAeXeHC5h5SfNTos6nZ5t8WpYCyMk6CbREm0SpmfMH9lNYRjU7wRinwEpkZgZg%2B52UNfjmDcz7DbFSz3YIsJ8T7aw4BXKAVBaQlKSlBKgrIgKAfVIVc2tNUDrqyLg3kO53mlGuuit08PddETGdnPz8mV2V3%2BaWv0xVkjDCPKIxpEcRQHLRZ0wnaSdPyWYO1OKGgbVlaQ9tJs1V15ejVHLk9fvIaYnsCqEzB5BdS9BlqOO6EPuj2Ouj52s0dc5NrKIpFK2CbTKbiukBdLKHa8fXVOXplxvP7kVQj2mMwDzFTITYUv5C8EPXV%2FfEeX5OCOLi35YSsvZCp36fTf3S1oIS5%2F94HYKbXhGzft6NsbbGpMy%2BOPhS02acZl1rPk%2BzXJuTDr2jBBftywn4r4trPba85kLt%2B8%2Fe76RpobYa3UWQ0qT79sg8kJuXzjcPYqr%2F4VQpoaxlVI3YJU6hos34PNFz2rCYxa6Dj3ULpqbMJ40VSSQImFpnEF%2Bz8dL%2Bp9ex8944EW95ClFQamwkBVoGoE654bF7l5%2FM5vK7NArLxxrIx3ECujvrk4rZVnDcZ8QYO4EwjBRWuFsajNunE7WYk6otviLRR2Iq792f8XAAD%2F%2FwEAAP%2F%2FgHeK5WIEAAA%3D
200 OK 0 B URL GET HTTP/1.1 proceedglad.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSv28cRRTHZ4OVAmhCaEBBug6Q0Hl3vffDpEAxwcjCxCEBQYdmZ2bPw83urGZ2bs8WhUUklPL4D9bfs2MBVhT%2BABBa00VC8lG5wAVSCkoESo3ufOLIk1bvfd%2F3FZ%2F3dr7ed%2BfEh6Nn6x%2FqXakUXW41%2FcYbnwXB9camzNywMey2P29H1xtm8Hbgrzb9NxvvC9bXy6Ef%2BH7gB411aUSih8tBEDR9yPx4NWiu%2Bs0obAatCEPzrLbOg6Ue%2BOCcvATJJ88fP4wgWY0sfXRT2H6h87feS52ihTYY8KNPsn6mywzpokyMhyQ7mk9D29P1n6Czwxkw9OC%2FwVhOiPfkD8TZ0ZwS8eDwAjRWEBli%2FgLKQQ2hakhag%2Bl7kPyUAIzj1hay9MEtbUq6c%2BHSqTshS0%2F%2FhiwnZOn3l5GlD9eUHDbuauUKqTOLYVJBDmvIXo3cnaDYvQRZnoAVX0HyX8ny001k6cGWVRqSV7PlpawhkxpKjECtBzf9pAeXeHC5h5SfNTos6nZ5t8WpYCyMk6CbREm0SpmfMH9lNYRjU7wRinwEpkZgZg%2B52UNfjmDcz7DbFSz3YIsJ8T7aw4BXKAVBaQlKSlBKgrIgKAfVIVc2tNUDrqyLg3kO53mlGuuit08PddETGdnPz8mV2V3%2BaWv0xVkjDCPKIxpEcRQHLRZ0wnaSdPyWYO1OKGgbVlaQ9tJs1V15ejVHLk9fvIaYnsCqEzB5BdS9BlqOO6EPuj2Ouj52s0dc5NrKIpFK2CbTKbiukBdLKHa8fXVOXplxvP7kVQj2mMwDzFTITYUv5C8EPXV%2FfEeX5OCOLi35YSsvZCp36fTf3S1oIS5%2F94HYKbXhGzft6NsbbGpMy%2BOPhS02acZl1rPk%2BzXJuTDr2jBBftywn4r4trPba85kLt%2B8%2Fe76RpobYa3UWQ0qT79sg8kJuXzjcPYqr%2F4VQpoaxlVI3YJU6hos34PNFz2rCYxa6Dj3ULpqbMJ40VSSQImFpnEF%2Bz8dL%2Bp9ex8944EW95ClFQamwkBVoGoE654bF7l5%2FM5vK7NArLxxrIx3ECujvrk4rZVnDcZ8QYO4EwjBRWuFsajNunE7WYk6otviLRR2Iq792f8XAAD%2F%2FwEAAP%2F%2FgHeK5WIEAAA%3D
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectproceedglad.com
Fingerprint2A:D3:35:35:68:BE:DB:C7:94:06:79:72:30:DE:D1:CD:A1:82:99:E6
ValiditySat, 23 Sep 2023 00:49:43 GMT - Fri, 22 Dec 2023 00:49:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSv28cRRTHZ4OVAmhCaEBBug6Q0Hl3vffDpEAxwcjCxCEBQYdmZ2bPw83urGZ2bs8WhUUklPL4D9bfs2MBVhT%2BABBa00VC8lG5wAVSCkoESo3ufOLIk1bvfd%2F3FZ%2F3dr7ed%2BfEh6Nn6x%2FqXakUXW41%2FcYbnwXB9camzNywMey2P29H1xtm8Hbgrzb9NxvvC9bXy6Ef%2BH7gB411aUSih8tBEDR9yPx4NWiu%2Bs0obAatCEPzrLbOg6Ue%2BOCcvATJJ88fP4wgWY0sfXRT2H6h87feS52ihTYY8KNPsn6mywzpokyMhyQ7mk9D29P1n6Czwxkw9OC%2FwVhOiPfkD8TZ0ZwS8eDwAjRWEBli%2FgLKQQ2hakhag%2Bl7kPyUAIzj1hay9MEtbUq6c%2BHSqTshS0%2F%2FhiwnZOn3l5GlD9eUHDbuauUKqTOLYVJBDmvIXo3cnaDYvQRZnoAVX0HyX8ny001k6cGWVRqSV7PlpawhkxpKjECtBzf9pAeXeHC5h5SfNTos6nZ5t8WpYCyMk6CbREm0SpmfMH9lNYRjU7wRinwEpkZgZg%2B52UNfjmDcz7DbFSz3YIsJ8T7aw4BXKAVBaQlKSlBKgrIgKAfVIVc2tNUDrqyLg3kO53mlGuuit08PddETGdnPz8mV2V3%2BaWv0xVkjDCPKIxpEcRQHLRZ0wnaSdPyWYO1OKGgbVlaQ9tJs1V15ejVHLk9fvIaYnsCqEzB5BdS9BlqOO6EPuj2Ouj52s0dc5NrKIpFK2CbTKbiukBdLKHa8fXVOXplxvP7kVQj2mMwDzFTITYUv5C8EPXV%2FfEeX5OCOLi35YSsvZCp36fTf3S1oIS5%2F94HYKbXhGzft6NsbbGpMy%2BOPhS02acZl1rPk%2BzXJuTDr2jBBftywn4r4trPba85kLt%2B8%2Fe76RpobYa3UWQ0qT79sg8kJuXzjcPYqr%2F4VQpoaxlVI3YJU6hos34PNFz2rCYxa6Dj3ULpqbMJ40VSSQImFpnEF%2Bz8dL%2Bp9ex8944EW95ClFQamwkBVoGoE654bF7l5%2FM5vK7NArLxxrIx3ECujvrk4rZVnDcZ8QYO4EwjBRWuFsajNunE7WYk6otviLRR2Iq792f8XAAD%2F%2FwEAAP%2F%2FgHeK5WIEAAA%3D HTTP/1.1
Host: proceedglad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 04 Oct 2023 04:26:20 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7a24901cd6e4d5223f8bca2d42419da7
Strict-Transport-Security: max-age=0; includeSubdomains
na.nawpush.com/tags/46445?version_name=c
200 OK 579 B URL GET HTTP/2 na.nawpush.com/tags/46445?version_name=c
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectna.nawpush.com
Fingerprint8C:2E:22:07:AE:F4:F7:8F:AD:5A:46:5B:78:EB:DA:1F:3A:20:F9:72
ValiditySat, 30 Sep 2023 23:02:10 GMT - Fri, 29 Dec 2023 23:02:09 GMT
File type troff or preprocessor input, ASCII text, with very long lines (656), with no line terminators
Hash 0243e0da104f07016e8f1413e1d042e1
906fd35bb0c7a85263803208deb3aa8c7b5a0bca
882adada4bd64aaff6ee6f3841d37293a55ed32a307d801ab8fe89c673a99d65
GET /tags/46445?version_name=c HTTP/1.1
Host: na.nawpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:19 GMT
content-type: application/json
content-length: 579
server: nginx/1.18.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
proceedglad.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fjs%2Fscript.js&l=393&fd=225
200 OK 0 B URL GET HTTP/1.1 proceedglad.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fjs%2Fscript.js&l=393&fd=225
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectproceedglad.com
Fingerprint2A:D3:35:35:68:BE:DB:C7:94:06:79:72:30:DE:D1:CD:A1:82:99:E6
ValiditySat, 23 Sep 2023 00:49:43 GMT - Fri, 22 Dec 2023 00:49:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fjs%2Fscript.js&l=393&fd=225 HTTP/1.1
Host: proceedglad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 04 Oct 2023 04:26:20 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
proceedglad.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fcss%2Fanimate.css&l=79245&fd=242
200 OK 0 B URL GET HTTP/1.1 proceedglad.com/pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fcss%2Fanimate.css&l=79245&fd=242
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectproceedglad.com
Fingerprint2A:D3:35:35:68:BE:DB:C7:94:06:79:72:30:DE:D1:CD:A1:82:99:E6
ValiditySat, 23 Sep 2023 00:49:43 GMT - Fri, 22 Dec 2023 00:49:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=23.39.7917&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fcss%2Fanimate.css&l=79245&fd=242 HTTP/1.1
Host: proceedglad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 04 Oct 2023 04:26:20 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
proceedglad.com/pixel/sbs?c=1
200 OK 0 B URL GET HTTP/1.1 proceedglad.com/pixel/sbs?c=1
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectproceedglad.com
Fingerprint2A:D3:35:35:68:BE:DB:C7:94:06:79:72:30:DE:D1:CD:A1:82:99:E6
ValiditySat, 23 Sep 2023 00:49:43 GMT - Fri, 22 Dec 2023 00:49:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: proceedglad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 04 Oct 2023 04:26:21 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
200 OK 1.5 kB URL GET HTTP/2 adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdfiles.eu
Fingerprint73:8B:6E:11:8B:1A:0A:62:8B:36:6D:0E:47:AE:11:64:99:18:9A:3D
ValidityWed, 06 Sep 2023 05:19:12 GMT - Tue, 05 Dec 2023 05:19:11 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1534), with no line terminators
Hash 515be2d9e95515030883041b33dc2b6a
3bfc42c8fc8247a14ad73ec709044258454c0499
83b2e2c297ac03e00cad2d33c1c8929684171d3b7068f87682e999c6f641dbe4
GET /upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=5f9e1f04b9d8074ba7c041a14434c9b2; last_file=peo8zx000; lang_current=en; _ga_BL9163LYG1=GS1.1.1696393578.1.0.1696393578.0.0.0; _ga=GA1.1.1279784232.1696393578; _nf56=1; _nf58=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
content-type: text/html
date: Wed, 04 Oct 2023 04:26:18 GMT
last-modified: Wed, 04 Oct 2023 04:25:01 GMT
server: nginx
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/fonts/SFUIDisplay-Regular.woff2
200 OK 43 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/fonts/SFUIDisplay-Regular.woff2
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87
ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT
File type Web Open Font Format (Version 2), TrueType, length 42576, version 1.0\012- data
Hash 2a7d15a301e2045942980e8544ccfbb5
71adf9d8bcff90f86a96b1d21e847bf5d79b3c0e
474b4d7266171e03c8efcd904e8010bd8cb11a068d5e67b5450bc46d768a41e9
GET /sb/notifications/vpn/default/us/mac/black/2/fonts/SFUIDisplay-Regular.woff2 HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 04 Oct 2023 04:26:20 GMT
content-type: application/octet-stream
content-length: 42576
last-modified: Fri, 29 Jul 2022 12:34:08 GMT
etag: "62e3d3c0-a650"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1746076
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FFlMylL9AO5%2FPyLvkaBvvqYgzGwZvr3MAtXeGf2m%2Fh%2BpvFH1C3DxrmlMaFOE4SmzegqBDWjZg%2FWqE1c2%2FcLasiCmJsEF3fkZZxWr0ih4XzkwBDwfptmFmQwwieGbBby%2B%2BzYVOFNJwdos"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 810aaa87cbc64885-LHR
alt-svc: h3=":443"; ma=86400
js.wpshsdk.com/npc/sdk/push.m.js?v=1
200 OK 35 kB URL GET HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectjs.wpshsdk.com
Fingerprint65:A6:AD:10:F9:8F:FC:5C:ED:AC:21:F7:79:45:53:D9:14:3B:97:BF
ValidityFri, 22 Sep 2023 23:02:34 GMT - Thu, 21 Dec 2023 23:02:33 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:20 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 02 Oct 2023 10:51:06 GMT
etag: W/"651aa09a-8776"
content-encoding: gzip
expires: Wed, 04 Oct 2023 04:31:20 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/notifications/vpn/default/us/mac/black/2/index.html
200 OK 1.3 kB URL GET HTTP/2 cdn.barscreative1.com/sb/notifications/vpn/default/us/mac/black/2/index.html
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintCB:0F:87:85:B0:83:8B:5C:86:E5:81:91:9D:F5:ED:C4:A2:B6:B1:BE
ValidityTue, 12 Sep 2023 01:01:21 GMT - Mon, 11 Dec 2023 01:01:20 GMT
File type HTML document text\012- HTML document, ASCII text, with very long lines (1401), with no line terminators
Hash 5f893a1b2ebdae2c19df0cb4bd5ecf24
4bba44c8f5a6fa858268bcd208bb327f043b6d0a
0ea0182cdaff5d4386002a3ed51f4d7030c005da6b19199786c1fa144d4ef541
GET /sb/notifications/vpn/default/us/mac/black/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:20 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Wed, 02 Sep 2020 10:55:17 GMT
etag: W/"5f4f7a15-523"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 04 Oct 2023 05:26:20 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/js/script.js
200 OK 393 B URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/js/script.js
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87
ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT
File type ASCII text, with very long lines (406), with no line terminators
Hash 029153ff067f18c2eef28a4938f6260b
e13cbffb6c189e3abd4b41f93dc6d4fce1e3ea7e
15a9b759d6dd20c9fb4eb054ceb8a6be25c5a4f562ba73abade2f58dbb4ecbb4
GET /sb/notifications/vpn/default/us/mac/black/2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:20 GMT
content-type: application/javascript
last-modified: Wed, 02 Sep 2020 10:55:46 GMT
etag: W/"5f4f7a32-189"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1712228
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZPEp7mx0ICW9S1AiC6zLNybPodN%2BT%2FacRkj%2BAaQeTJUc19j8lu0tObwFjRGWZDqB6C8BfSNJdiBLy8upB96Q4bM78T5AdVv2C3WyvPvbCtRaJvGeoEg6pYvlc2783gmWejYUl2wdpGEB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 810aaa857b1476cf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.unblockia.com/h.js
200 OK 168 kB IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (65536), with no line terminators
Size 168 kB (168079 bytes)
Hash bc5af0220c4116294c4e9c72ae4e244c
f03f6753bcdfdedf4475b83022003b01a02fbde0
b7d2974070cf9f476d97e4401209a440e8fee787781d9084655cca366dad4d21
GET /h.js HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/x-javascript
last-modified: Tue, 20 Jun 2023 10:06:46 GMT
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-content-sha256: 02f1ef29ead1d705cce351046cded37a79615ae12624547bfa0e8307765c8765
x-amz-version-id: m8vKRZ4OANVjVfMIKL3cKYiXKt6EM9QQ
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:987257285531:build/unblockia-loader-codebuild-project:4e52eb3f-761b-4c10-a85a-162fb4fa3980
x-amz-meta-codebuild-content-md5: fb4d4b7b1d35720e2d2481016ef4369b
server: AmazonS3
content-encoding: br
date: Wed, 04 Oct 2023 03:22:48 GMT
etag: W/"bc5af0220c4116294c4e9c72ae4e244c"
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: qppl-B3oK_zq2BnJEIwmUvugu6cLplMVO5VG6cn3gd9Oj5qXMY1zjw==
age: 3810
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
static.depositfiles.com/js/base2.js
200 OK 399 kB URL GET HTTP/2 static.depositfiles.com/js/base2.js
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
Size 399 kB (398927 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/base2.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=300
content-type: application/javascript
date: Wed, 04 Oct 2023 04:26:17 GMT
etag: "65154db1-6164f"
expires: Wed, 04 Oct 2023 04:31:17 GMT
last-modified: Thu, 28 Sep 2023 09:56:01 GMT
server: nginx
content-length: 398927
X-Firefox-Spdy: h2
adsbb.dfiles.eu//ad.php?z=56&c=NO
303 See Other 1.5 kB URL GET HTTP/2 adsbb.dfiles.eu//ad.php?z=56&c=NO
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdfiles.eu
Fingerprint73:8B:6E:11:8B:1A:0A:62:8B:36:6D:0E:47:AE:11:64:99:18:9A:3D
ValidityWed, 06 Sep 2023 05:19:12 GMT - Tue, 05 Dec 2023 05:19:11 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=56&c=NO HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=5f9e1f04b9d8074ba7c041a14434c9b2; last_file=peo8zx000; lang_current=en; _ga_BL9163LYG1=GS1.1.1696393578.1.0.1696393578.0.0.0; _ga=GA1.1.1279784232.1696393578
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 303 See Other
content-type: text/html; charset=UTF-8
date: Wed, 04 Oct 2023 04:26:18 GMT
location: /upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
server: nginx
set-cookie: _nf56=1; expires=Thu, 05-Oct-2023 04:26:18 GMT; Max-Age=86400
x-powered-by: PHP/5.6.30-0+deb8u1
X-Firefox-Spdy: h2
adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
303 See Other 1.5 kB URL GET HTTP/2 adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdfiles.eu
Fingerprint73:8B:6E:11:8B:1A:0A:62:8B:36:6D:0E:47:AE:11:64:99:18:9A:3D
ValidityWed, 06 Sep 2023 05:19:12 GMT - Tue, 05 Dec 2023 05:19:11 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=58&c=NO&g=gateway HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=5f9e1f04b9d8074ba7c041a14434c9b2; last_file=peo8zx000; lang_current=en; _ga_BL9163LYG1=GS1.1.1696393578.1.0.1696393578.0.0.0; _ga=GA1.1.1279784232.1696393578
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 303 See Other
content-type: text/html; charset=UTF-8
date: Wed, 04 Oct 2023 04:26:18 GMT
location: /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
server: nginx
set-cookie: _nf58=1; expires=Thu, 05-Oct-2023 04:26:18 GMT; Max-Age=86400
x-powered-by: PHP/5.6.30-0+deb8u1
X-Firefox-Spdy: h2
depositfiles.com/files/peo8zx000/CODMW2.exe
302 Found 21 kB URL User Request GET HTTP/2 depositfiles.com/files/peo8zx000/CODMW2.exe
IP
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /files/peo8zx000/CODMW2.exe HTTP/1.1
Host: depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
date: Wed, 04 Oct 2023 04:26:16 GMT
location: //dfiles.eu/files/peo8zx000/CODMW2.exe
server: nginx
X-Firefox-Spdy: h2
static.depositfiles.com/images/upload_btn_bg.gif
200 OK 9.0 kB URL GET HTTP/2 static.depositfiles.com/images/upload_btn_bg.gif
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint89:8B:79:C9:43:28:6F:22:01:AC:10:16:D4:18:23:20:E4:DF:5A:DB
ValidityWed, 06 Sep 2023 05:19:39 GMT - Tue, 05 Dec 2023 05:19:38 GMT
File type GIF image data, version 89a, 209 x 75\012- data
Hash 6f312f0f4ff138758bae76420f6efd78
b40a28f162140fedff9ee5ce0d687868b1f73d17
c667d75c7f916bf8b140b0e1f7ab0c996f76d4642faed85bd9fef3c738f0912b
GET /images/upload_btn_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=432000
content-type: image/gif
date: Wed, 04 Oct 2023 04:26:18 GMT
etag: "65154db0-2332"
expires: Mon, 09 Oct 2023 04:26:18 GMT
last-modified: Thu, 28 Sep 2023 09:56:00 GMT
server: nginx
content-length: 9010
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/css/animate.css
200 OK 79 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/css/animate.css
IP
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint48:B7:50:3B:95:5B:52:CB:74:D5:D6:39:E2:DD:12:9D:05:51:D6:87
ValidityWed, 23 Aug 2023 16:10:20 GMT - Tue, 21 Nov 2023 16:10:19 GMT
Hash 80047eaa13ebd50c50e8a9753621e430
9c503e07d130572a0eaf51f7c02cbd4cf6213fe3
3f831a59615f8d5d40b4340b2836f91438c876f8dbce75f78e38360d6fe0f429
GET /sb/notifications/vpn/default/us/mac/black/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:20 GMT
content-type: text/css
last-modified: Wed, 02 Sep 2020 10:55:20 GMT
etag: W/"5f4f7a18-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1712228
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q0LzgBSm2qUixYNHgzIxtgqvNg40Ej%2BxNVwO5NS1p2V9ArOHN5onIDmNjwf6hjCUNzFrmCLrljrvg8pAGvqHU44tv2wS%2B0fcUhNoz%2B%2FwU1gkd3iZmY1DdSeF9lg7iUrUVzKfIhP1FYHj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 810aaa857b1576cf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
js.wpadmngr.com/static/adManager.js
200 OK 1.4 kB URL GET HTTP/2 js.wpadmngr.com/static/adManager.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/peo8zx000/CODMW2.exe
Certificate IssuerLet's Encrypt
Subjectjs.wpadmngr.com
Fingerprint04:CF:08:FC:86:05:83:D6:A9:F6:8F:DE:01:9D:01:44:61:5C:93:92
ValidityWed, 13 Sep 2023 02:02:43 GMT - Tue, 12 Dec 2023 02:02:42 GMT
File type ASCII text, with very long lines (1569), with no line terminators
Hash 887ab462d1f059c59612063112e4257b
2bbb4be64c73a46d0513aaf380cbf221b9bacd93
fac07a3cc5ea967ee6fe38ac26787a12c1cb26d5f101038fbca9ed8bc425e1a7
GET /static/adManager.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 04 Oct 2023 04:26:17 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 14 Sep 2023 10:06:58 GMT
etag: W/"6502db42-598"
content-encoding: gzip
expires: Wed, 04 Oct 2023 04:31:17 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
91.226.124.125
54.230.80.227
104.19.129.76
157.90.84.242