dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
91.226.124.80302 Moved Temporarily 138 B URL HTTP/1.1 dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
IP 91.226.124.80:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /files/y0nf06jdd/COD-G_update-2.exe HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 01 Feb 2023 06:31:35 GMT
Content-Type: text/html
Content-Length: 138
Connection: close
Location: https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3028
Expires: Wed, 01 Feb 2023 07:22:03 GMT
Date: Wed, 01 Feb 2023 06:31:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14162
Expires: Wed, 01 Feb 2023 10:27:37 GMT
Date: Wed, 01 Feb 2023 06:31:35 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Feb 2023 05:43:25 GMT
content-type: application/json
age: 2890
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9229
Expires: Wed, 01 Feb 2023 09:05:24 GMT
Date: Wed, 01 Feb 2023 06:31:35 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: rncYy57A/nfIHCkFaAprdxdjqkinpHcm0TGf6M0lono/9WnWkTWA6DLixDpVzO6o1xwhZzYdLVA=
x-amz-request-id: 92D6CSM5PMFHJ7H1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 05:51:27 GMT
age: 2408
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b3dce9a52105f50507cac4c88a8a14db
e6a6a6afd8948ce4763ad890d03898cbaf4af800
78da1daa01cfdc0e3cebb89de0263775dcb3cf9d44ec9159266af339043acce3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78DA1DAA01CFDC0E3CEBB89DE0263775DCB3CF9D44EC9159266AF339043ACCE3"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2482
Expires: Wed, 01 Feb 2023 07:12:57 GMT
Date: Wed, 01 Feb 2023 06:31:35 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 06:31:35 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
91.226.124.76200 OK 9.1 kB URL HTTP/1.1 dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
IP 91.226.124.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6441), with CRLF, CR, LF line terminators
Hash c445f672e08b10f741d97e9ff6525c04
65e525f29ad3cfd910bbfc10bdbc00392e7b62c9
ed973024119482ebcb6ce1923443624cb3949b5261e522241224d97a16fc6924
GET /files/y0nf06jdd/COD-G_update-2.exe HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: uprand=ec612746b9eaf167cd9c9fa182194e8c; path=/; domain=.dfiles.eu
last_file=y0nf06jdd; path=/; domain=.dfiles.eu
lang_current=en; expires=Thu, 01-Feb-2024 06:31:35 GMT; Max-Age=31536000; path=/; domain=.dfiles.eu; secure
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a327176edf538c07784f9b0da660c22d
4a56cfcac291dfe1cc177bd3eff976f106731834
aae92a95f747be0bca6982ed7e3e58af8ac74ff69c799b55046ab38474e149dd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js
142.250.74.132200 OK 556 B URL HTTP/2 www.google.com/recaptcha/api.js
IP 142.250.74.132:0
File type ASCII text, with very long lines (850), with no line terminators
Hash f678bcfbe98b4039961065c12543bfd0
31a000bba532f910d036c24c795ef3636450e4c3
1dabb56e42c7b0a90264a0e7d8884e4111eed0e1b6321cab5f6e26440d63da8d
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Wed, 01 Feb 2023 06:31:36 GMT
date: Wed, 01 Feb 2023 06:31:36 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 556
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2f2446cc07efcf44951d99ee96525cc
48ca266d0b59f1dd76f01e37d75762cc0708e6a7
148d4968b00b4bbc56d1c2c2d08008177ffe9ecc8fac0cb7bb0aaa654c54b5b5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "148D4968B00B4BBC56D1C2C2D08008177FFE9ECC8FAC0CB7BB0AAA654C54B5B5"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9274
Expires: Wed, 01 Feb 2023 09:06:10 GMT
Date: Wed, 01 Feb 2023 06:31:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2f2446cc07efcf44951d99ee96525cc
48ca266d0b59f1dd76f01e37d75762cc0708e6a7
148d4968b00b4bbc56d1c2c2d08008177ffe9ecc8fac0cb7bb0aaa654c54b5b5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "148D4968B00B4BBC56D1C2C2D08008177FFE9ECC8FAC0CB7BB0AAA654C54B5B5"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9274
Expires: Wed, 01 Feb 2023 09:06:10 GMT
Date: Wed, 01 Feb 2023 06:31:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2f2446cc07efcf44951d99ee96525cc
48ca266d0b59f1dd76f01e37d75762cc0708e6a7
148d4968b00b4bbc56d1c2c2d08008177ffe9ecc8fac0cb7bb0aaa654c54b5b5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "148D4968B00B4BBC56D1C2C2D08008177FFE9ECC8FAC0CB7BB0AAA654C54B5B5"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9274
Expires: Wed, 01 Feb 2023 09:06:10 GMT
Date: Wed, 01 Feb 2023 06:31:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2f2446cc07efcf44951d99ee96525cc
48ca266d0b59f1dd76f01e37d75762cc0708e6a7
148d4968b00b4bbc56d1c2c2d08008177ffe9ecc8fac0cb7bb0aaa654c54b5b5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "148D4968B00B4BBC56D1C2C2D08008177FFE9ECC8FAC0CB7BB0AAA654C54B5B5"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9274
Expires: Wed, 01 Feb 2023 09:06:10 GMT
Date: Wed, 01 Feb 2023 06:31:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2f2446cc07efcf44951d99ee96525cc
48ca266d0b59f1dd76f01e37d75762cc0708e6a7
148d4968b00b4bbc56d1c2c2d08008177ffe9ecc8fac0cb7bb0aaa654c54b5b5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "148D4968B00B4BBC56D1C2C2D08008177FFE9ECC8FAC0CB7BB0AAA654C54B5B5"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9274
Expires: Wed, 01 Feb 2023 09:06:10 GMT
Date: Wed, 01 Feb 2023 06:31:36 GMT
Connection: keep-alive
static.depositfiles.com/js/download_utils.js
91.226.124.79200 OK 13 kB URL HTTP/1.1 static.depositfiles.com/js/download_utils.js
IP 91.226.124.79:0
File type ASCII text, with very long lines (2250)
Hash 90a706006bc709cdc974ff3e0e01b34f
89585d2c7cac44c9c03c118bbb38aefba1d8a1e4
16f1515b9938fc7de086c504fe214484d97e237647a5d7fa2cb742a93f00c1ea
GET /js/download_utils.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: application/javascript
Content-Length: 13383
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-3447"
Expires: Wed, 01 Feb 2023 06:36:36 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/js/gold_offer.js
91.226.124.79200 OK 9.9 kB URL HTTP/1.1 static.depositfiles.com/js/gold_offer.js
IP 91.226.124.79:0
File type HTML document text\012- HTML document, ASCII text
Hash 041bdbbe3ac15bc57b14933e164b55f8
790f921426d0b602424fb3077ca900af94b5ad9e
a86d8d81e5c254822628c578c40d2d62956ab3060632d1884b5080093365b97b
GET /js/gold_offer.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: application/javascript
Content-Length: 9887
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-269f"
Expires: Wed, 01 Feb 2023 06:36:36 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e0bc98d03057dabba1334b62bea0975b
b358a8123908fe4b1c94a1273cac45c4e23b212e
10ef320ba825ca0e17d039b66fd2f321f4d2c687a8734d226fa25e9b45e109d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.depositfiles.com/js/jquery.validate.js
91.226.124.79200 OK 38 kB URL HTTP/1.1 static.depositfiles.com/js/jquery.validate.js
IP 91.226.124.79:0
File type Unicode text, UTF-8 text, with very long lines (1238)
Hash d5231b6378847ebdb55f64c77d5a234f
eed97aa0b2aa9486b6f6831ed8a85dc729ad6b9c
95434a8a2568a6481a1fbcf5808a75dd58e77348ed6d70b4f7aeda8842e8f0c7
GET /js/jquery.validate.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: application/javascript
Content-Length: 38269
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-957d"
Expires: Wed, 01 Feb 2023 06:36:36 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/js/function.js
91.226.124.79200 OK 35 kB URL HTTP/1.1 static.depositfiles.com/js/function.js
IP 91.226.124.79:0
File type ASCII text, with very long lines (4240)
Hash a5779d2f560cd50376dbba372b0fd15b
07b08e35b9254288c1372e37577db8b9e4da01b4
51d26403861d61a7842bc73f518d4a4351a7027c40c9f0347f61421226950b84
GET /js/function.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: application/javascript
Content-Length: 34915
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-8863"
Expires: Wed, 01 Feb 2023 06:36:36 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/css/main.css
91.226.124.79200 OK 47 kB URL HTTP/1.1 static.depositfiles.com/css/main.css
IP 91.226.124.79:0
File type ASCII text, with very long lines (332)
Hash cea03c07a2dcdd9444f5f6de6a3f6c64
89307ec85eb1fa31aa0b0d759e13f78970b0375b
5ecd5842291f787ca0d39182e73ab7992ed55dccce2aaeb7cfc4e10ba3917634
GET /css/main.css HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: text/css
Last-Modified: Thu, 28 Apr 2022 09:39:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"626a60be-2f719"
Expires: Wed, 01 Feb 2023 06:36:36 GMT
Cache-Control: max-age=300
Content-Encoding: gzip
static.depositfiles.com/js/base2.js
91.226.124.79200 OK 399 kB URL HTTP/1.1 static.depositfiles.com/js/base2.js
IP 91.226.124.79:0
File type Unicode text, UTF-8 text, with very long lines (65481)
Size 399 kB (398927 bytes)
Hash 2fcae8126c3fd9a626370a701f0bd887
f3496fb7bbe122a9774d7dcfcd68da03a24dc285
d29ab86f64b4fcfbc45b9ef806c147f1e42e37e37d44a559147232288063badc
GET /js/base2.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: application/javascript
Content-Length: 398927
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-6164f"
Expires: Wed, 01 Feb 2023 06:36:36 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 05:49:05 GMT
age: 2551
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3609
Expires: Wed, 01 Feb 2023 07:31:45 GMT
Date: Wed, 01 Feb 2023 06:31:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b01029b94f6a4a1665dfc860aecebcd7
7197e4a488041155dbdec5b4a294cf9637ebeea9
342c4d077c3ad7982a659b1694e0dc9b03e2561c6af32b8c640666358fa71077
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "342C4D077C3AD7982A659B1694E0DC9B03E2561C6AF32B8C640666358FA71077"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10920
Expires: Wed, 01 Feb 2023 09:33:36 GMT
Date: Wed, 01 Feb 2023 06:31:36 GMT
Connection: keep-alive
pl16105218.highcpmrevenuenetwork.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 pl16105218.highcpmrevenuenetwork.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37170), with no line terminators
Hash e67dc8125cae41d11ba4d602038a7e64
393652f0e21c66417a3dc4427fe4b197a13746c7
a50e087672fc26b6cc99cd57e0b17a1c6612bc63d7c7bd17ef1caf92645e4653
Analyzer Verdict Alert quad9 Sinkholed
GET /22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js HTTP/1.1
Host: pl16105218.highcpmrevenuenetwork.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7101e74358613f77cd7aad2262ff72e4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.depositfiles.com/images/no.png
91.226.124.79200 OK 3.1 kB URL HTTP/1.1 static.depositfiles.com/images/no.png
IP 91.226.124.79:0
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 1724ae7b4437c460dafe40dfe9f96d41
8dc80d5b802f180254a8ee1bf1edf0b843205f1e
9b95b8f24b2b0808d611f4fd9bf5f3c548b352ae6100ab7b298b99a86905db79
GET /images/no.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: image/png
Content-Length: 3146
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-c4a"
Accept-Ranges: bytes
static.depositfiles.com/images/yes.png
91.226.124.79200 OK 3.3 kB URL HTTP/1.1 static.depositfiles.com/images/yes.png
IP 91.226.124.79:0
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 3055b8489aeb385fb40b27f0bf0a5ae7
4cfbe45a0ba393ab8ad535cc04af30debef0a1ab
b325d6cb153b02050e59230e2abfb01e05f4bda708ad54bd8f6d9693fa9c2dac
GET /images/yes.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: image/png
Content-Length: 3275
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-ccb"
Accept-Ranges: bytes
static.depositfiles.com/images/speed_small_gold.gif
91.226.124.79200 OK 14 kB URL HTTP/1.1 static.depositfiles.com/images/speed_small_gold.gif
IP 91.226.124.79:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash c5f8f0e9ecd16637e267912376c24bed
324567a641d318ecfafe6374dfba86ccb2f90dd7
13678b229b6c4224bcb9578a2f29bc3686958f4bea73af7645eb39af4246e6a9
GET /images/speed_small_gold.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: image/gif
Content-Length: 14492
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-389c"
Expires: Mon, 06 Feb 2023 06:31:36 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/speed_small.gif
91.226.124.79200 OK 24 kB URL HTTP/1.1 static.depositfiles.com/images/speed_small.gif
IP 91.226.124.79:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash 5cbc96bbb7230dd17ed38b5dd6e3271c
6ee1f0b9e29ac3e824cccd6e5135d51c8d3aaea1
01edcbb65e514def555b1e999d3a72f118f67e572f628293b91893b3758c6991
GET /images/speed_small.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: image/gif
Content-Length: 23980
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-5dac"
Expires: Mon, 06 Feb 2023 06:31:36 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/logo.png
91.226.124.79200 OK 3.6 kB URL HTTP/1.1 static.depositfiles.com/images/logo.png
IP 91.226.124.79:0
File type PNG image data, 176 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash c41fdd84b04e45a91cb17cfdeccb1b38
fec7fffe104c7e169aeb159032078c4b71ff2cdc
7f89eb8ab03684f4db282ca30eb231b1e254bca10c7b511950df5e0eab0a68a0
GET /images/logo.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: image/png
Content-Length: 3623
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-e27"
Accept-Ranges: bytes
static.depositfiles.com/images/member_menu_bg.gif
91.226.124.79200 OK 78 B URL HTTP/1.1 static.depositfiles.com/images/member_menu_bg.gif
IP 91.226.124.79:0
File type GIF image data, version 89a, 1 x 48\012- data
Hash 20a24b56dcedf6a71a71ebec771e1f7d
d7bed493d5d4eeaed5dbbf7d30d45107840790a0
6f57f29224d8e9e51ed0839e329055426fba7dcd97ef31e93ed495f93a6063df
GET /images/member_menu_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: image/gif
Content-Length: 78
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-4e"
Expires: Mon, 06 Feb 2023 06:31:36 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/upload_btn_bg.gif
91.226.124.79200 OK 9.0 kB URL HTTP/1.1 static.depositfiles.com/images/upload_btn_bg.gif
IP 91.226.124.79:0
File type GIF image data, version 89a, 209 x 75\012- data
Hash 6f312f0f4ff138758bae76420f6efd78
b40a28f162140fedff9ee5ce0d687868b1f73d17
c667d75c7f916bf8b140b0e1f7ab0c996f76d4642faed85bd9fef3c738f0912b
GET /images/upload_btn_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: image/gif
Content-Length: 9010
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-2332"
Expires: Mon, 06 Feb 2023 06:31:36 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/flags/lang24.png
91.226.124.79200 OK 9.2 kB URL HTTP/1.1 static.depositfiles.com/images/flags/lang24.png
IP 91.226.124.79:0
File type PNG image data, 24 x 552, 8-bit/color RGBA, non-interlaced\012- data
Hash efdcd1ca23d564ddd811f41152a2b83c
0b5aa064e7f8f241363c55fa17eb448f42a5f8df
ce23be242e34c5b420f8ba0390aef20fa50ffc69f700091029616eff524e8f9b
GET /images/flags/lang24.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: image/png
Content-Length: 9172
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-23d4"
Accept-Ranges: bytes
static.depositfiles.com/images/sprite64.png
91.226.124.79200 OK 29 kB URL HTTP/1.1 static.depositfiles.com/images/sprite64.png
IP 91.226.124.79:0
File type PNG image data, 64 x 1088, 8-bit/color RGBA, non-interlaced\012- data
Hash e50649ecf6a2094c25da755ea0ea7bd1
e1c3e229a62f049442fa16cf43ec07f384b27362
a9ed59ab3bbcfdf66224664aeb14fa0f0e8f034d8472a58dadcf65cfff17685d
GET /images/sprite64.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: image/png
Content-Length: 28747
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-704b"
Accept-Ranges: bytes
static.depositfiles.com/images/sprite.png
91.226.124.79200 OK 37 kB URL HTTP/1.1 static.depositfiles.com/images/sprite.png
IP 91.226.124.79:0
File type PNG image data, 102 x 630, 8-bit/color RGBA, non-interlaced\012- data
Hash 2333675d7e431d5313c6dbb5230a14cd
93c4032e5b8b85793a9cda7167804445d950dd96
b287134a60667ce8e2c3fa1603e3a8f2ffa59c64e746d026d1a13ef19f3f38a0
GET /images/sprite.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: image/png
Content-Length: 36802
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-8fc2"
Accept-Ranges: bytes
push.services.mozilla.com/
35.82.48.240101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.82.48.240:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: OKrAuqGjAmpuXF55bBTokA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gPhpHzFtUdldJ7kassKMvkaN7os=
static.depositfiles.com/images/sprite16.png
91.226.124.79200 OK 28 kB URL HTTP/1.1 static.depositfiles.com/images/sprite16.png
IP 91.226.124.79:0
File type PNG image data, 32 x 1072, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e86fe2d2c2650c5f4663f0fc135ebc1
ba86e14a9abcff0581eda84a307594ef1288b982
604187f8828381a47ae70249f55f21c78c53ab1401d20a5f2230a0d6c9ae50d1
GET /images/sprite16.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: image/png
Content-Length: 28501
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-6f55"
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f603f90a435c59a23d9f815333b1f0b7
a8752ef32b4f1156724129cabb80e718c6fd7deb
02b18dd4bb8104124cf19b10c45052036bd3b6ebc8c69a9dd52365e7970931d3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02B18DD4BB8104124CF19B10C45052036BD3B6EBC8C69A9DD52365E7970931D3"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13760
Expires: Wed, 01 Feb 2023 10:20:56 GMT
Date: Wed, 01 Feb 2023 06:31:36 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dde2c749c196c5c411a2ceed2cd1da07
5ac939841ebacdace7e97e900056fcacdce1ee51
a153214f1fe422c54f64ba0e259c63c010f97ae9dca05ab953fcac10a4706946
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "A153214F1FE422C54F64BA0E259C63C010F97AE9DCA05AB953FCAC10A4706946"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2785
Expires: Wed, 01 Feb 2023 07:18:01 GMT
Date: Wed, 01 Feb 2023 06:31:36 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 82a752ace3d774fa7ff99666c32a85d4
45adcf6685e1c5d863aadcbf06404ae5f20cd3de
d95c438d055849c92de40b253ec777e9133e902cf6b4f30d79b69c8c1b9b816e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=112583
Date: Wed, 01 Feb 2023 06:31:36 GMT
Etag: "63d91814-1d7"
Expires: Thu, 02 Feb 2023 13:47:59 GMT
Last-Modified: Tue, 31 Jan 2023 13:31:00 GMT
Server: ECS (nyb/1D16)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KN2MKqyNmBN5fk1bCHs08ojaOr_VKrL1K9I9gxRgsfX9IL3wcLg8Pg==
Age: 1019
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash 4b1208ad851ac156e75da3f09cf4974d
179fc5ad152862e681759a5bc5068b8ebde583a7
385bc111ac1c2cbbda1823cb2fb04c3f068bde24895b72b1e037309073bf2a17
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:37 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
set-cookie: uid_id2=62f9e171-9b2e-4097-9f7a-4f976337e32c:1:1; expires=Sat, 29 Jan 2033 06:31:37 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
91.226.124.76303 See Other 0 B URL HTTP/1.1 adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
IP 91.226.124.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=58&c=NO&g=gateway HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=ec612746b9eaf167cd9c9fa182194e8c; last_file=y0nf06jdd; lang_current=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 303 See Other
Server: nginx
Date: Wed, 01 Feb 2023 06:31:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf58=1; expires=Thu, 02-Feb-2023 06:31:37 GMT; Max-Age=86400
Location: /upload/2006/ad274029466c5257.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
adsbb.dfiles.eu//ad.php?z=56&c=NO
91.226.124.76303 See Other 0 B URL HTTP/1.1 adsbb.dfiles.eu//ad.php?z=56&c=NO
IP 91.226.124.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=56&c=NO HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=ec612746b9eaf167cd9c9fa182194e8c; last_file=y0nf06jdd; lang_current=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 303 See Other
Server: nginx
Date: Wed, 01 Feb 2023 06:31:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf56=1; expires=Thu, 02-Feb-2023 06:31:37 GMT; Max-Age=86400
Location: /upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 20bc97b097da546495b9c01c5dc71655
40bb60ce4880a0bc139bc3c78ef328c87dfae183
b851c1790939839b27812681207cbb8cbc31b32300fe5ed6944b4bdf0fe93472
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B851C1790939839B27812681207CBB8CBC31B32300FE5ED6944B4BDF0FE93472"
Last-Modified: Tue, 31 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9707
Expires: Wed, 01 Feb 2023 09:13:24 GMT
Date: Wed, 01 Feb 2023 06:31:37 GMT
Connection: keep-alive
dominantroute.com/bens/vinos.js?23701&u=null&a=0.43217428559817794
193.200.64.20200 OK 140 kB URL HTTP/1.1 dominantroute.com/bens/vinos.js?23701&u=null&a=0.43217428559817794
IP 193.200.64.20:0
ASN #6681 Rozetka Sp. z o.o.
File type ASCII text, with very long lines (727)
Size 140 kB (140145 bytes)
Hash b8c818166946d7bcfb98d3f6d622f915
3d33526a9ee21187e5648a7f484077c0acb7c7c2
e38092a2592a2da1bb1b99e4edfd00b108e5f6714391b4d602721ab140e52353
GET /bens/vinos.js?23701&u=null&a=0.43217428559817794 HTTP/1.1
Host: dominantroute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:36 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NON DSP COR CURa TIA"
Set-Cookie: uuid=16752328421532635802; expires=Fri, 31-Jan-2025 06:31:36 GMT; Max-Age=63072000; path=/; samesite=None; domain=.dominantroute.com; secure
adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.76200 OK 793 B URL HTTP/1.1 adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash f2c2e14393efaabb66f48f0d197a055b
6368f8e3a48aa59233dfbc73e67bac8c77b5bda3
d7570aa76a93b358bc5b14189f8ae899e584dec11d87cd470ef83449829ca78c
GET /upload/2006/ad274029466c5257.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Connection: keep-alive
Cookie: uprand=ec612746b9eaf167cd9c9fa182194e8c; last_file=y0nf06jdd; lang_current=en; _nf58=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Wed, 01 Feb 2023 06:30:01 GMT
Content-Encoding: gzip
adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.76200 OK 676 B URL HTTP/1.1 adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 84f582ce1115caf48afe947f4b893c2b
5623b8843be501ec624e7388045d5a1eee84ab59
7b9eeeab38c0f42144165b8e0310e95fb82504046bd204ee273ec7508749f0cd
GET /upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Connection: keep-alive
Cookie: uprand=ec612746b9eaf167cd9c9fa182194e8c; last_file=y0nf06jdd; lang_current=en; _nf58=1; _nf56=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Wed, 01 Feb 2023 06:30:01 GMT
Content-Encoding: gzip
dde280e15f.5608bd4f7e.com/c0c3a5692bf79b818cec35ce6cc43ad7.js
45.133.44.25200 OK 36 kB URL HTTP/2 dde280e15f.5608bd4f7e.com/c0c3a5692bf79b818cec35ce6cc43ad7.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash 920d87a86c3eda2789a5efc6d561d7a2
fd176086cf53c44756b56ea7ea380e5b41b19d83
d116df4e7ecb2649dc9d26b38e162068eb480f5e7eeb17e98561babe4dcfab6c
Analyzer Verdict Alert quad9 Sinkholed
GET /c0c3a5692bf79b818cec35ce6cc43ad7.js HTTP/1.1
Host: dde280e15f.5608bd4f7e.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:37 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 13 Jan 2023 14:07:40 GMT
etag: W/"63c165ac-188ee"
content-encoding: gzip
expires: Wed, 01 Feb 2023 06:36:37 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1fec5e1f9ce16c8e3e488dacc788c484
5e47446242d5a377fb36bb43ea350aae7df7ea0a
f22f6a1e6bcda29b742fed35a26a72e5faa26d55773e24b90c204a5e9a4169b8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F22F6A1E6BCDA29B742FED35A26A72E5FAA26D55773E24B90C204A5E9A4169B8"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3113
Expires: Wed, 01 Feb 2023 07:23:30 GMT
Date: Wed, 01 Feb 2023 06:31:37 GMT
Connection: keep-alive
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Wed, 01 Feb 2023 06:36:37 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.76200 OK 85 kB URL HTTP/1.1 adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.76:0
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=ec612746b9eaf167cd9c9fa182194e8c; last_file=y0nf06jdd; lang_current=en; _nf58=1; _nf56=1; u_count=%5B0%2C0%5D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:37 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dde2c749c196c5c411a2ceed2cd1da07
5ac939841ebacdace7e97e900056fcacdce1ee51
a153214f1fe422c54f64ba0e259c63c010f97ae9dca05ab953fcac10a4706946
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "A153214F1FE422C54F64BA0E259C63C010F97AE9DCA05AB953FCAC10A4706946"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2784
Expires: Wed, 01 Feb 2023 07:18:01 GMT
Date: Wed, 01 Feb 2023 06:31:37 GMT
Connection: keep-alive
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.76200 OK 85 kB URL HTTP/1.1 adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.76:0
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=ec612746b9eaf167cd9c9fa182194e8c; last_file=y0nf06jdd; lang_current=en; _nf58=1; _nf56=1; u_count=%5B0%2C0%5D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:37 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
static.depositfiles.com/images/favicon.ico
91.226.124.79200 OK 318 B URL HTTP/1.1 static.depositfiles.com/images/favicon.ico
IP 91.226.124.79:0
File type MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Hash 0f0b975ee529197ec75780ebc2de5907
59688c6aafca5606e388ba9a44fc9dc25fc32cd3
28a0b52229f05b66354ca38b6b813d2281af3efb7e8b0a424ef8b4c68b9e583c
GET /images/favicon.ico HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:37 GMT
Content-Type: image/x-icon
Content-Length: 318
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-13e"
Accept-Ranges: bytes
peevishchasingstir.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
192.243.59.12200 OK 29 kB URL HTTP/1.1 peevishchasingstir.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 9588337a49d8676c68e0fe13b31058e4
d29d818360b8245683eb664a130e2d30e7b06403
ec3f1070f10df2124c4828bcdf8baebd93ea389d0394d1efa5133c75d615e4be
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js HTTP/1.1
Host: peevishchasingstir.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 01 Feb 2023 06:31:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1cc053622ac52aefc8b2dfc2b50be4e0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 789b41f1f8027d4275a66ac9cb2f124d
c5eff6750f9a50fc52a7a6ec6e30a7afaf28fc79
e053b0b29fc44721473ed39ddfe41064f09b56b3531c765228fa322d599e770f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 46e2bec06a11406d5cdcec9c0e76911d
edc777878dca7029c70577edae741264a22ab010
21f7443ebf888a28fb0f0010d1c83ca833b42c06f7d2c755f83a4b418de96854
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adsbb.dfiles.eu/view.gif?c=2946&z=58&b=2740&u=63da06e9cccc55873191786678715
91.226.124.76200 OK 43 B URL HTTP/1.1 adsbb.dfiles.eu/view.gif?c=2946&z=58&b=2740&u=63da06e9cccc55873191786678715
IP 91.226.124.76:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2946&z=58&b=2740&u=63da06e9cccc55873191786678715 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2006/ad274029466c5257.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=ec612746b9eaf167cd9c9fa182194e8c; last_file=y0nf06jdd; lang_current=en; _nf58=1; _nf56=1; u_count=%5B0%2C0%5D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:37 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
142.250.74.35200 OK 164 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (771)
Size 164 kB (163774 bytes)
Hash 57c909ab73fc27ec24f737bbf1cb1de8
89b2c02e9e7a9a764518fca545d3eec2044fd6d9
7e407e2b00bb7c238c71d96472f7ab030de4e610b1048f0f77b25cb85c2d166b
GET /recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 17:09:34 GMT
expires: Tue, 30 Jan 2024 17:09:34 GMT
cache-control: public, max-age=31536000
age: 134523
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 789b41f1f8027d4275a66ac9cb2f124d
c5eff6750f9a50fc52a7a6ec6e30a7afaf28fc79
e053b0b29fc44721473ed39ddfe41064f09b56b3531c765228fa322d599e770f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash 4b1208ad851ac156e75da3f09cf4974d
179fc5ad152862e681759a5bc5068b8ebde583a7
385bc111ac1c2cbbda1823cb2fb04c3f068bde24895b72b1e037309073bf2a17
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=62f9e171-9b2e-4097-9f7a-4f976337e32c:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:37 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e2776b3ff7517c47c9d9f7f49b251496
85c3157036be6de50d53dbe345ba947510904438
97176f60aa940c44a36c91e6405c41bc05a7dd2a64f0455a9c2712f990a5cbab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6445
Cache-Control: max-age=87019
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:37 GMT
Etag: "63d89f07-117"
Expires: Thu, 02 Feb 2023 06:41:56 GMT
Last-Modified: Tue, 31 Jan 2023 04:54:31 GMT
Server: ECS (amb/6B97)
X-Cache: HIT
Content-Length: 279
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash fae5d28d0810b82fe0923255a4f8de24
266f531516e34c0cfe8c9cf9a96cfcff30684df7
d40ecfc2e8238f3eb19f6fa754bf025eeae3622636b4ed99209a609fcba6f78e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=157661
Date: Wed, 01 Feb 2023 06:31:37 GMT
Etag: "63d9cbf1-1d7"
Expires: Fri, 03 Feb 2023 02:19:18 GMT
Last-Modified: Wed, 01 Feb 2023 02:18:25 GMT
Server: ECS (dcb/7F60)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: xtaizlNlfhMNK9DtjlD3Pbuihv2f_RFjMrOimqHYRSIX0B7CZnPMyg==
Age: 53
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 46e2bec06a11406d5cdcec9c0e76911d
edc777878dca7029c70577edae741264a22ab010
21f7443ebf888a28fb0f0010d1c83ca833b42c06f7d2c755f83a4b418de96854
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jsc.adskeeper.com/d/f/dfiles.eu.1285379.js
104.18.36.64200 OK 1.0 kB URL HTTP/2 jsc.adskeeper.com/d/f/dfiles.eu.1285379.js
IP 104.18.36.64:0
File type ASCII text, with very long lines (2664)
Hash 87d3d2734efc01588e9fda0feff398a3
cd1b31208f32084d92c789ddc61976b1bac0d54b
64a74dca6ec6a7c104787a3c76dc4556dd7288961fca9d751dd549cd41932576
GET /d/f/dfiles.eu.1285379.js HTTP/1.1
Host: jsc.adskeeper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:37 GMT
content-type: text/javascript
content-length: 1016
x-amz-id-2: fp0dy33B/d04n3/44syaTFK4kKHZR5HDMFxeC9v4rP5fYeKQIdp1+VTB9AQywH3O0w2qM3AVKGk=
x-amz-request-id: P626AEYPNZAD9BP7
last-modified: Wed, 18 Jan 2023 10:19:44 GMT
etag: "87d3d2734efc01588e9fda0feff398a3"
content-encoding: gzip
x-amz-version-id: F3Eqze46tsKiyNYC2VnDER9h40CwqTSs
cf-cache-status: HIT
age: 3571
expires: Wed, 01 Feb 2023 10:31:37 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7928a52b8e150b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adsbb.dfiles.eu/view.gif?c=2963&z=56&b=2760&u=63da06e9d2a4e6214444736753757
91.226.124.76200 OK 43 B URL HTTP/1.1 adsbb.dfiles.eu/view.gif?c=2963&z=56&b=2760&u=63da06e9d2a4e6214444736753757
IP 91.226.124.76:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2963&z=56&b=2760&u=63da06e9d2a4e6214444736753757 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=ec612746b9eaf167cd9c9fa182194e8c; last_file=y0nf06jdd; lang_current=en; _nf58=1; _nf56=1; u_count=%5B0%2C0%5D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:37 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash e2776b3ff7517c47c9d9f7f49b251496
85c3157036be6de50d53dbe345ba947510904438
97176f60aa940c44a36c91e6405c41bc05a7dd2a64f0455a9c2712f990a5cbab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6445
Cache-Control: max-age=87019
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:37 GMT
Etag: "63d89f07-117"
Expires: Thu, 02 Feb 2023 06:41:56 GMT
Last-Modified: Tue, 31 Jan 2023 04:54:31 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
jsc.adskeeper.com/d/f/dfiles.eu.1285379.es6.js
104.18.36.64200 OK 80 kB URL HTTP/2 jsc.adskeeper.com/d/f/dfiles.eu.1285379.es6.js
IP 104.18.36.64:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (31911)
Hash 37bb8c788d3409695f6e5066d2d5141a
3e465696eb3efe3588cae18d8b9096394e73a345
afb37d889c9317ec136c7b9200617477be76ee98419d860338fa7bd0802674ad
GET /d/f/dfiles.eu.1285379.es6.js HTTP/1.1
Host: jsc.adskeeper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:37 GMT
content-type: text/javascript
content-length: 79607
x-amz-id-2: PuNhLW/I0fS3XbmhXTFPExklQojt09Gmiauy3e18zaG8FIc4AGViQ+wnbDZg76Z01wGj8Wm+o04=
x-amz-request-id: CFZCKTE4SRAWFN65
last-modified: Wed, 18 Jan 2023 10:19:44 GMT
etag: "37bb8c788d3409695f6e5066d2d5141a"
content-encoding: gzip
x-amz-version-id: ixox.Qpz6pAh5mcbYbSUHjl3njRxWO1B
cf-cache-status: HIT
age: 3571
expires: Wed, 01 Feb 2023 10:31:37 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7928a52bbe4c0b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 48237dc866d6f2387b67ad0ba335689d
766b9034cf7cb4d04ce8cb76107834772611cdfa
f7e4b65ebd6a99bcd51f95bd777025d00fe3947654a3c58ac06708ecf9f53f03
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7E4B65EBD6A99BCD51F95BD777025D00FE3947654A3C58AC06708ECF9F53F03"
Last-Modified: Mon, 30 Jan 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3985
Expires: Wed, 01 Feb 2023 07:38:02 GMT
Date: Wed, 01 Feb 2023 06:31:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ca2ec6f5ca0c087161c9782bde0a1ae8
ff047b8ca48625528806889b01f686fb657a1b62
fb2cd27a067f046be33a8e6a1bc4bbff335c7717bea9210f302737fc67e67a43
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FB2CD27A067F046BE33A8E6A1BC4BBFF335C7717BEA9210F302737FC67E67A43"
Last-Modified: Wed, 01 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2497
Expires: Wed, 01 Feb 2023 07:13:14 GMT
Date: Wed, 01 Feb 2023 06:31:37 GMT
Connection: keep-alive
peevishchasingstir.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
192.243.59.12200 OK 4.2 kB URL HTTP/1.1 peevishchasingstir.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (6005), with no line terminators
Hash 140e5b16b3686e977874f210731590cd
e064c15e0127562e660cdb2f28e18a8a952df728
466428c9437511af3a560b7d987c327a60032309305153d277ed7dc1e1d643a0
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6 HTTP/1.1
Host: peevishchasingstir.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 01 Feb 2023 06:31:37 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dfiles.eu
Access-Control-Allow-Origin: https://dfiles.eu
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16004719; expires=Thu, 02 Feb 2023 06:31:37 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 02 Feb 2023 06:31:37 GMT; secure; SameSite=None
uncs=1; expires=Thu, 02 Feb 2023 06:31:37 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 02 Feb 2023 06:31:37 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 02 Feb 2023 06:31:37 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4711d2a12ad489766a511946c427126b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ebc5267a43e35d9874d2d70ed8e7f4c9
f8d59e7a7641c1c665cda79c908aa05c68b95f47
0f5c4b99130d094313f8d8126489693e7fdd8e7e2dbd8dd0f331a8ed5d59839f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F5C4B99130D094313F8D8126489693E7FDD8E7E2DBD8DD0F331A8ED5D59839F"
Last-Modified: Tue, 31 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17013
Expires: Wed, 01 Feb 2023 11:15:10 GMT
Date: Wed, 01 Feb 2023 06:31:37 GMT
Connection: keep-alive
f5523cd9a7.c1249041fb.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI1Mjk0ODQ1MzUwNDM4NjAxMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjEuMSIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC40OSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==
45.133.44.25200 OK 0 B URL HTTP/2 f5523cd9a7.c1249041fb.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI1Mjk0ODQ1MzUwNDM4NjAxMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjEuMSIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC40OSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ==
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI1Mjk0ODQ1MzUwNDM4NjAxMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMjEuMSIsInRhZ19pZCI6NDY0NDUsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC40OSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiRGVwb3NpdEZpbGVzJTJDRGVwb3NpdEZpbGVzJTJDcHJvdmlkZXMlMkN5b3UlMkN3aXRoJTJDYSUyQ2xlZ2l0aW1hdGUlMkN0ZWNobmljYWwlMkNzb2x1dGlvbiUyQ3doaWNoJTJDZW5hYmxlcyUyQ3lvdSUyQ3RvJTJDdXBsb2FkJTJDc3RvcmUlMkNhY2Nlc3MlMkNhbmQlMkNkb3dubG9hZCUyQ3RleHQlMkNzb2Z0d2FyZSUyQyUyQ3NjcmlwdHMlMkNpbWFnZXMlMkNzb3VuZHMlMkN2aWRlb3MlMkNhbmltYXRpb25zJTJDYW5kJTJDYW55JTJDb3RoZXIlMkNtYXRlcmlhbHMlMkNpbiUyQ2Zvcm0lMkNvZiUyQ29uZSUyQ29yJTJDc2V2ZXJhbCUyQ2VsZWN0cm9uaWMlMkNmaWxlcy4ifQ== HTTP/1.1
Host: f5523cd9a7.c1249041fb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:37 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Wed, 01 Feb 2023 06:31:37 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://dfiles.eu
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
js.wpshsdk.com/npc/sdk/push.m.js?v=1
45.133.44.25200 OK 26 kB URL HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (63672), with no line terminators
Hash b7ba997d979c1e6ad2de8d8151b36b4a
7ddfda9ce241cbdead8db88099fecf6a55d5343d
4b8c80b44a8b9096eb319ef262ef28a2c032aeb93a2dbe0495401f89d6b6746d
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:37 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-f96f"
content-encoding: gzip
expires: Wed, 01 Feb 2023 06:36:37 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
outdilateinterrupt.com/pixel/purst?dl=0&th=0&sc=0&rs=2084&rd=2084&fd=619&bv=22.10.v.10&tmpl=136
173.233.139.164200 OK 0 B URL HTTP/1.1 outdilateinterrupt.com/pixel/purst?dl=0&th=0&sc=0&rs=2084&rd=2084&fd=619&bv=22.10.v.10&tmpl=136
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2084&rd=2084&fd=619&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: outdilateinterrupt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 01 Feb 2023 06:31:37 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242200 OK 27 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash 183e6bf6f5c39525b4c471c26331c4e4
fc2a0d615a704c8b198b65ce47716b2e168f956e
1127af318c7d62b581d8bb11d56417fef7072f10e3df42bdfb75ba72f94dbe0a
POST /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22286
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 01 Feb 2023 06:31:37 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 27
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dfiles.eu
Set-Cookie: id=4628738414045282968; Expires=Thu, 01 Feb 2024 06:31:37 GMT; Secure; SameSite=None
Vary: Origin
dfiles.eu/ps/QW13h0.js
91.226.124.76200 OK 48 B IP 91.226.124.76:0
Hash b215ecc0d708a2fb5464f5e8d65d2d4e
d8c0da4fd6cd8c2a3b36cb6a7d21ce620810ccc0
eb4333e919f16aa3042235966e790e430e0faecf66ee95bb387b147e168b8ee5
GET /ps/QW13h0.js HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uprand=ec612746b9eaf167cd9c9fa182194e8c; last_file=y0nf06jdd; lang_current=en; u_count=%5B0%2C0%5D; sb_page_224ad4a14b4b15c1726ff705ec672ea6=1; sb_onpage_224ad4a14b4b15c1726ff705ec672ea6=1; sb_main_224ad4a14b4b15c1726ff705ec672ea6=1; sb_count_224ad4a14b4b15c1726ff705ec672ea6=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=62f9e171-9b2e-4097-9f7a-4f976337e32c%3A1%3A1
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:37 GMT
Content-Type: application/javascript
Content-Length: 48
Last-Modified: Fri, 21 Oct 2022 18:16:45 GMT
Connection: close
ETag: "6352e20d-30"
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 78ab2d5cc6d61c3c29944777767ccefe
a5380ce83cea0350b0ea550ac99d36b0093d220a
5901f2549eee80f63d44390d2c6de7ed62ce5e63b842dc366d58a367a6be9303
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5901F2549EEE80F63D44390D2C6DE7ED62CE5E63B842DC366D58A367A6BE9303"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15539
Expires: Wed, 01 Feb 2023 10:50:37 GMT
Date: Wed, 01 Feb 2023 06:31:38 GMT
Connection: keep-alive
peevishchasingstir.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3l0V1MuqF0Fljgoy6Z7pmcmYw2JcI8E1iburAW%2F1qyflVHc1Vd3Tk%2BAhuCB7EcaTHjvfJBvURXb%2FAEE6XiSnjAeJYLyJd8WzzGRg9EHVe1997%2FB9r95nB%2FkF8ZHT8633zJ7Smi616n7t1W2VCFO42sbdWuDX%2FZXatkra4UptOL3s4I3Ab9X912rvSN43Sw0%2F8P3AD2prysrIDJdmLFT6sBvUu349bNSDVoih%2FT92uQdHPYjBBXkOSkye2PnpMRSvkMSPbkrXz0z6%2BttxrmlmLAbi%2BIOkn5giQbwoI%2BshSo7n3TBuQshXV2CS47kDmMHh1AGYmhDvlwAsOZ7LBBscXSplGjIBE8%2BgGFSQuoKiFbi5ByXOCMAFNjaRxA82jC3o7iVLp%2ByEXPvnL6hiQq799gKS%2BLtVrYa1O0bnmTKJwzAqoYYVVK9Cmp8g2%2FOgihPw7FMoQZDEJZQoZ66VqqCiClqOQJ2HfHqUhzzykKceYnFeo61u5PudiEXN5nLIOW82OW8tt0VLNMPlyEfOp7JGyNIRuB6B232kdh99NYLNf4DbKeGEB5dNiPf%2BPgaiRCEJCkdQUIJCERQZQTEoj4R2DVc%2BENrlLJjnxjw3y7HJegf0yGQ9mZCD9IJcn83j77ZBX57XGo2QipAGIQtZ0OJBp9GOoo7fkrzdaUjahlMllLsys7qnzp5PkaqzZ18Coydw%2BgRcXQfNXwYtxp2GD7ozDpd97CWPhEyNU1mktHR1bmIIUyLNriHb9Q70BXlxpqP7x5OQ%2FPTGl59v%2Fr4iPgK3JVJb4mP1I0FP3x%2FfNgU5vG0KRx5vppmK1R6d%2FtmdjGby6jfvyt3CWLF%2B042%2BfpNPiWn58K502S2aCJX0HPl2VQkh7ZqxXJLv1922ZFu521nNbZKnt7beWluPUyudUyapQNXZh5%2BAqwl52vZn2%2FjKn2tQtoLNS8T5KZkHlKnA0324dKHeGQKrFz0s9VDk5dg22OJRKwItF5iyEu4%2FmC3qA3cfPeuBZvdmOziwJQa6BNUjuPzqOEvt6Y2fm7MA096YaesdMm31F5ejdeq8JluRH0m%2FIVnUZVGH%2BqIbhV1Gu4HssBYNkLkJ%2F%2FWp9X8BAAD%2F%2FwEAAP%2F%2Fq4890GUEAAA%3D
192.243.59.12200 OK 7 B URL HTTP/1.1 peevishchasingstir.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3l0V1MuqF0Fljgoy6Z7pmcmYw2JcI8E1iburAW%2F1qyflVHc1Vd3Tk%2BAhuCB7EcaTHjvfJBvURXb%2FAEE6XiSnjAeJYLyJd8WzzGRg9EHVe1997%2FB9r95nB%2FkF8ZHT8633zJ7Smi616n7t1W2VCFO42sbdWuDX%2FZXatkra4UptOL3s4I3Ab9X912rvSN43Sw0%2F8P3AD2prysrIDJdmLFT6sBvUu349bNSDVoih%2FT92uQdHPYjBBXkOSkye2PnpMRSvkMSPbkrXz0z6%2BttxrmlmLAbi%2BIOkn5giQbwoI%2BshSo7n3TBuQshXV2CS47kDmMHh1AGYmhDvlwAsOZ7LBBscXSplGjIBE8%2BgGFSQuoKiFbi5ByXOCMAFNjaRxA82jC3o7iVLp%2ByEXPvnL6hiQq799gKS%2BLtVrYa1O0bnmTKJwzAqoYYVVK9Cmp8g2%2FOgihPw7FMoQZDEJZQoZ66VqqCiClqOQJ2HfHqUhzzykKceYnFeo61u5PudiEXN5nLIOW82OW8tt0VLNMPlyEfOp7JGyNIRuB6B232kdh99NYLNf4DbKeGEB5dNiPf%2BPgaiRCEJCkdQUIJCERQZQTEoj4R2DVc%2BENrlLJjnxjw3y7HJegf0yGQ9mZCD9IJcn83j77ZBX57XGo2QipAGIQtZ0OJBp9GOoo7fkrzdaUjahlMllLsys7qnzp5PkaqzZ18Coydw%2BgRcXQfNXwYtxp2GD7ozDpd97CWPhEyNU1mktHR1bmIIUyLNriHb9Q70BXlxpqP7x5OQ%2FPTGl59v%2Fr4iPgK3JVJb4mP1I0FP3x%2FfNgU5vG0KRx5vppmK1R6d%2FtmdjGby6jfvyt3CWLF%2B042%2BfpNPiWn58K502S2aCJX0HPl2VQkh7ZqxXJLv1922ZFu521nNbZKnt7beWluPUyudUyapQNXZh5%2BAqwl52vZn2%2FjKn2tQtoLNS8T5KZkHlKnA0324dKHeGQKrFz0s9VDk5dg22OJRKwItF5iyEu4%2FmC3qA3cfPeuBZvdmOziwJQa6BNUjuPzqOEvt6Y2fm7MA096YaesdMm31F5ejdeq8JluRH0m%2FIVnUZVGH%2BqIbhV1Gu4HssBYNkLkJ%2F%2FWp9X8BAAD%2F%2FwEAAP%2F%2Fq4890GUEAAA%3D
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3l0V1MuqF0Fljgoy6Z7pmcmYw2JcI8E1iburAW%2F1qyflVHc1Vd3Tk%2BAhuCB7EcaTHjvfJBvURXb%2FAEE6XiSnjAeJYLyJd8WzzGRg9EHVe1997%2FB9r95nB%2FkF8ZHT8633zJ7Smi616n7t1W2VCFO42sbdWuDX%2FZXatkra4UptOL3s4I3Ab9X912rvSN43Sw0%2F8P3AD2prysrIDJdmLFT6sBvUu349bNSDVoih%2FT92uQdHPYjBBXkOSkye2PnpMRSvkMSPbkrXz0z6%2BttxrmlmLAbi%2BIOkn5giQbwoI%2BshSo7n3TBuQshXV2CS47kDmMHh1AGYmhDvlwAsOZ7LBBscXSplGjIBE8%2BgGFSQuoKiFbi5ByXOCMAFNjaRxA82jC3o7iVLp%2ByEXPvnL6hiQq799gKS%2BLtVrYa1O0bnmTKJwzAqoYYVVK9Cmp8g2%2FOgihPw7FMoQZDEJZQoZ66VqqCiClqOQJ2HfHqUhzzykKceYnFeo61u5PudiEXN5nLIOW82OW8tt0VLNMPlyEfOp7JGyNIRuB6B232kdh99NYLNf4DbKeGEB5dNiPf%2BPgaiRCEJCkdQUIJCERQZQTEoj4R2DVc%2BENrlLJjnxjw3y7HJegf0yGQ9mZCD9IJcn83j77ZBX57XGo2QipAGIQtZ0OJBp9GOoo7fkrzdaUjahlMllLsys7qnzp5PkaqzZ18Coydw%2BgRcXQfNXwYtxp2GD7ozDpd97CWPhEyNU1mktHR1bmIIUyLNriHb9Q70BXlxpqP7x5OQ%2FPTGl59v%2Fr4iPgK3JVJb4mP1I0FP3x%2FfNgU5vG0KRx5vppmK1R6d%2FtmdjGby6jfvyt3CWLF%2B042%2BfpNPiWn58K502S2aCJX0HPl2VQkh7ZqxXJLv1922ZFu521nNbZKnt7beWluPUyudUyapQNXZh5%2BAqwl52vZn2%2FjKn2tQtoLNS8T5KZkHlKnA0324dKHeGQKrFz0s9VDk5dg22OJRKwItF5iyEu4%2FmC3qA3cfPeuBZvdmOziwJQa6BNUjuPzqOEvt6Y2fm7MA096YaesdMm31F5ejdeq8JluRH0m%2FIVnUZVGH%2BqIbhV1Gu4HssBYNkLkJ%2F%2FWp9X8BAAD%2F%2FwEAAP%2F%2Fq4890GUEAAA%3D HTTP/1.1
Host: peevishchasingstir.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 01 Feb 2023 06:31:37 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 416afaf4792e591cf9c4bab5487f289d
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9361
Expires: Wed, 01 Feb 2023 09:07:39 GMT
Date: Wed, 01 Feb 2023 06:31:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9361
Expires: Wed, 01 Feb 2023 09:07:39 GMT
Date: Wed, 01 Feb 2023 06:31:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9361
Expires: Wed, 01 Feb 2023 09:07:39 GMT
Date: Wed, 01 Feb 2023 06:31:38 GMT
Connection: keep-alive
adpatrof.com/r/p.html?f=hdrmtnmky&e=1602166715491
54.230.111.63200 OK 12 kB URL HTTP/2 adpatrof.com/r/p.html?f=hdrmtnmky&e=1602166715491
IP 54.230.111.63:0
Hash fe271e5c92b9d6bce45224dac04bcd69
cca850234c12b4a38b927ccec75672ec8666131b
76a6adb1d0d20df5b7557a5021b07e9179a3bf3a7dd1ab7b020a4d7d8236706f
GET /r/p.html?f=hdrmtnmky&e=1602166715491 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Wed, 01 Feb 2023 05:14:54 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5YQc0zYAwm3j4a3AIkYfXJTPSF6_Rc-_LrfX_Y7bkOsty9UOYzqSSA==
age: 9322
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.130200 OK 27 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (39525)
Hash b46d1fcb431096e0624ac5f25fc3d1dc
0640f51d40333abedb1f0cb73f2d2445420dda74
34705e09cc3fdc1c26e3f5c123c847daf194c576941b16c978c77f930d954239
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27285
date: Wed, 01 Feb 2023 06:31:38 GMT
expires: Wed, 01 Feb 2023 06:31:38 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1469 / 443 of 1000 / last-modified: 1675206595"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adpatrof.com/r/p.html?f=nsibxgc&e=1602166715491
54.230.111.63200 OK 8.0 kB URL HTTP/2 adpatrof.com/r/p.html?f=nsibxgc&e=1602166715491
IP 54.230.111.63:0
Hash 6a492ab129c0035672f2570fa7a50ae0
81d0a38dd8151f7e2b596698fef7bd35f85836f5
a3883a30ba8870479247a7c656aa56c815a3debf67add062189fa52c99343141
GET /r/p.html?f=nsibxgc&e=1602166715491 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Wed, 01 Feb 2023 05:14:54 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ghiPJsR5Bae2Dd4vknGly1oPdppMEMPOJZ5Z7g-xEl1TdTZ5481cBg==
age: 9322
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ecb7da6-1717-43aa-b55e-cac2ea0272ce.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ecb7da6-1717-43aa-b55e-cac2ea0272ce.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 047bbffc1f0f6f90b9bccba83c5e0a9a
74d4eeea563d3d0514caf90cd7e99f368622c97b
d12c16dbb4c87c4b291fbf3b753bd330319bf7d29516669b0133391f08b9ce6c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ecb7da6-1717-43aa-b55e-cac2ea0272ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6993
x-amzn-requestid: 4ea76d66-e9be-460e-a503-2076755f96d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fln9kGKYoAMFsqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d886bd-715420b3594dfb827abb0d93;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 03:10:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jGc6hOmzWmSMiFOhAWScYYuvHEO8UN3rFAJhlPT9AJNJbBThAfKPjg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 04:07:32 GMT
age: 8646
etag: "74d4eeea563d3d0514caf90cd7e99f368622c97b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb36bfce9-5d67-458e-846d-ca30f9242449.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb36bfce9-5d67-458e-846d-ca30f9242449.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78fe9a77211d6f9a462f625af0c6f9bc
ac0b58423d7578e7a1b60a62220c0a57924dda82
e047466c3ae0a55509f4ace49d0476f94271b5a25e71caa3b06ec468a238b652
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb36bfce9-5d67-458e-846d-ca30f9242449.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14041
x-amzn-requestid: 2be6655d-3b0e-4e65-b44b-11682610b640
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaRGFpIAMFbMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-5554d18d5db235913afa77a2;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: MeSOuCSjsjhK6FOS67rw6oF4rS08twjOACGbXJrNPH6vwZb8lZh9lw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:51:18 GMT
etag: "ac0b58423d7578e7a1b60a62220c0a57924dda82"
content-type: image/jpeg
age: 31220
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71bb87d4-a329-46af-946e-9b5edda7dddb.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71bb87d4-a329-46af-946e-9b5edda7dddb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2419bbbf287e620325438f5620183e32
257963245f14742bf9cd90e71ca748066d5495c3
47c7495be97a81189da17fc3abf430d1f4ecae95fdda30006cc462a4cea4c643
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71bb87d4-a329-46af-946e-9b5edda7dddb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7628
x-amzn-requestid: 29c70d62-ed3a-4c90-8f32-2dc0c1caf5e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fcDSnG4RIAMF5eg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4b276-0267c928110be13d26906bed;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 05:28:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nW57-OyTmJaehRAaQAG-qljKRd2_tDViGnSn8Pj_z8xndH_oVnE8pQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 04:57:03 GMT
age: 5675
etag: "257963245f14742bf9cd90e71ca748066d5495c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faab963dd-ee21-4e6c-866b-f8ea6bb88bd9.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faab963dd-ee21-4e6c-866b-f8ea6bb88bd9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash df1930b96e7ab4f5d4cbf64e473cc957
b793c3b6ca95d09a88635aec9eef99d12a1afe42
e5062168e5c4e1c11ebc9c653990e01546c3c60fbb59e49635934bc98e931ce0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faab963dd-ee21-4e6c-866b-f8ea6bb88bd9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4863
x-amzn-requestid: 80518d3b-e049-429c-b67d-4f4897ded9c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foetPGPaIAMFlBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9ab21-00e41ad75acd71267a490f52;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 23:58:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Unsu1YKTCfvXjH8mQQXa-yupSZhwKznXaWyaRYAlThq32JbR4OZ0fA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 00:18:07 GMT
age: 22411
etag: "b793c3b6ca95d09a88635aec9eef99d12a1afe42"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e55279b0641fb8435b27a53d5af7d6e8
cd3ac0125fc6e1705f9340d797e76d4cd1045ff4
0e8644ff039742611260e8288f1466bcce8bdfa61b0bc9b6223b75836225dc34
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0E8644FF039742611260E8288F1466BCCE8BDFA61B0BC9B6223B75836225DC34"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3667
Expires: Wed, 01 Feb 2023 07:32:45 GMT
Date: Wed, 01 Feb 2023 06:31:38 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e55279b0641fb8435b27a53d5af7d6e8
cd3ac0125fc6e1705f9340d797e76d4cd1045ff4
0e8644ff039742611260e8288f1466bcce8bdfa61b0bc9b6223b75836225dc34
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0E8644FF039742611260E8288F1466BCCE8BDFA61B0BC9B6223B75836225DC34"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3667
Expires: Wed, 01 Feb 2023 07:32:45 GMT
Date: Wed, 01 Feb 2023 06:31:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash efe2987e73eb290b5361f34e7396cb67
73fdd5972f7341ef84a1953d8f5409dd1a406083
4df592276cef5d667743880f6b3a940364edbef912f3d036c72110aa7e0fcfe0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4DF592276CEF5D667743880F6B3A940364EDBEF912F3D036C72110AA7E0FCFE0"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2122
Expires: Wed, 01 Feb 2023 07:07:00 GMT
Date: Wed, 01 Feb 2023 06:31:38 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 5a3b8ee23f21740c11c01213a2a19819
9887d6fe0b1669d9f1905bb76d085ec7ded8e158
abbd84d6812e9a405ae14e563c4bb30f11186e0c782280b2aebed054921e4fb7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3322
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:38 GMT
Last-Modified: Wed, 01 Feb 2023 05:36:16 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 312
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 0dea93a9adb1e26a6ebfaf2e12c22cd5
e286810b718e374858f11adf0aae18dc65f27d66
73dafa5cd629cdf850ca05894932507c209713024ef27ce7597cb25365f2150e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9e880b943a6dff1a2e8229e5b4187e85
2251fdee9804ba646510e1560aaa53900139afaf
759b62f43a43fc1ea604ff84f10752dcd21563c1db29a8c7901f83818997753e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3557
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:38 GMT
Last-Modified: Wed, 01 Feb 2023 05:32:22 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 84f5d49aa339b7291b3a04cd36335ea8
8b8c3ab163c1a6280fa0acd460f2477b73aeb423
e9d03fb9fd03b71a7705c79f07282f6a222cc3b098e08e32feadba6d8b74274d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 943
Cache-Control: max-age=151028
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:38 GMT
Etag: "63d9ae90-1d7"
Expires: Fri, 03 Feb 2023 00:28:46 GMT
Last-Modified: Wed, 01 Feb 2023 00:13:04 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
cdn.barscreative1.com/sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html
45.133.44.3200 OK 6.5 kB URL HTTP/2 cdn.barscreative1.com/sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Hash dd293f275cad15594675985a6fd909f7
3740ce18db7273de827aa41a4084f38b67bd16bc
a5859403f2d75fdba518e88a650c87734b99232bcbcfbaa77121bfb02b71b8d1
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:38 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:27 GMT
etag: W/"6275e5b7-616"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 01 Feb 2023 07:31:38 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/css/style.css
172.64.166.9200 OK 2.1 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/css/style.css
IP 172.64.166.9:0
Hash b318836b1ac15731699167c7b954a001
6e664afc441f3b09435808037a5de260ebbae2e8
f94b6ac3f10e1377efedecfc0dba01b427825f26094bc9443b3977a2088a7c29
GET /sb/ssp/utility/live-message/3-2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:38 GMT
content-type: text/css
last-modified: Thu, 28 Apr 2022 08:29:13 GMT
etag: W/"626a5059-22dc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 117960
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZsxxKyA1MXkvLKZ7ifgtQ1uUPBrXTahR75GIf5LsOTmC3Pr9FqUFfA2gOdnYZkaTgjhRzbexX5rr6J6iPBbSFfktFCQygSjgzBulK7%2BbIDuNkTxfOlWQzKxNHZzB66n%2B7bW1XFtd3fRu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7928a5300e730696-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=56005128235&lsavail=0
178.250.2.131200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=56005128235&lsavail=0
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.19.0&cb=56005128235&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 543
Origin: https://adsbb.dfiles.eu
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:38 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://adsbb.dfiles.eu
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/common/config.js
45.133.44.25200 OK 19 B URL HTTP/2 js.wpshsdk.com/npc/sdk/common/config.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash 67fc2c9421e21f4a3707c7fabc8e9f33
0d311fbfaea3d64122b4c5e575a5c3fbea11f718
b93ed3f9c6f2c27004ef57a9fa8f11248af5bd9848cc56a1c215db36d4ecc1bb
GET /npc/sdk/common/config.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 19
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: "63d270a1-13"
expires: Wed, 01 Feb 2023 06:36:38 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
prebid-eu.creativecdn.com/bidder/prebid/bids
185.184.8.90204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP 185.184.8.90:0
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 537
Origin: https://adsbb.dfiles.eu
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 01 Feb 2023 06:31:38 GMT
access-control-allow-origin: https://adsbb.dfiles.eu
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.106200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.106:0
Hash 2f4f480cf5972a6ed41111c29f0e29aa
4cd6a4d03c95781dca0305d97141747a46b6e15f
0386e3005097c87541c0d2b07829ce0d3162b9f5d962e44caab79de39a1f0495
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 01 Feb 2023 06:31:38 GMT
date: Wed, 01 Feb 2023 06:31:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sw.wpush.org/ps/sw.js
45.133.44.25200 OK 2.1 kB IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash f1d5aee1894d2c8fdcb8e1909faf481b
d4dd85ea991ae0d4c31375f5e68a2dcfd93a170d
821f0e1443613d20f59e9f8f19c853e0630716a257f8faac3d9da746f6e5eaff
GET /ps/sw.js HTTP/1.1
Host: sw.wpush.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:38 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-158c"
content-encoding: gzip
expires: Wed, 01 Feb 2023 06:36:38 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/common/core.js
45.133.44.25200 OK 40 kB URL HTTP/2 js.wpshsdk.com/npc/sdk/common/core.js
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash a7ad10df080d93cbf0d9c0e12becd5eb
c008fb02489eb8960aedf6dee4ad9db91b75a07e
ab19fe2c54226da1519306b293ba587c1403818c6b3e136f697f8902051b1167
GET /npc/sdk/common/core.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:38 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-1bf5c"
content-encoding: gzip
expires: Wed, 01 Feb 2023 06:36:38 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d1ede23ab1ddbc0d7fa930fd3810e49e
879f79b820606c514ae97d5a3c2be12533440a51
7ec120a673fc6ae1a147829269069666ef47b0258b832030906da7dc97ab2a14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7EC120A673FC6AE1A147829269069666EF47B0258B832030906DA7DC97AB2A14"
Last-Modified: Tue, 31 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15642
Expires: Wed, 01 Feb 2023 10:52:20 GMT
Date: Wed, 01 Feb 2023 06:31:38 GMT
Connection: keep-alive
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.189.112204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.189.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 906
Origin: https://adsbb.dfiles.eu
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://adsbb.dfiles.eu
cache-control: no-cache, no-store, must-revalidate
date: Wed, 01 Feb 2023 06:31:37 GMT
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
37.252.171.84200 OK 146 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 37.252.171.84:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ff6fdbc6d2682e84fc0e0d392920e441
1095aac4c36d22906130ab6497854c6f6a6c3af3
db8e7e64518158da04efa1338972754156d1dbc38add434aa7a2cf26979dc361
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 884
Origin: https://adsbb.dfiles.eu
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 06:31:38 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 146
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://adsbb.dfiles.eu
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: cfe328c7-bb99-44c7-85a8-efb72a75f4cf
Set-Cookie: icu=ChgIipZ9EAoYASABKAEwyo7ongY4AUABSAEQyo7ongYYAA..; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 02-May-2023 06:31:38 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=5966577096221148706; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 02-May-2023 06:31:38 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/js/jquery.min.js
172.64.166.9200 OK 32 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/js/jquery.min.js
IP 172.64.166.9:0
File type ASCII text, with very long lines (65451)
Hash 5e12508889f9c8c9d93550c57460961a
cb8f9e675bfc1dd84b35112d185f5a9437f10a60
97783ebdd5f2223ec1bebb40d692cf2ecf9ab1c9460e834f0d6b5818df541eb7
GET /sb/ssp/utility/live-message/3-2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:38 GMT
content-type: application/javascript
last-modified: Thu, 28 Apr 2022 08:29:17 GMT
etag: W/"626a505d-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6712848
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4VTpke%2FUIgU4tP2zN2amGkFkQegUvj9%2BqaedemDjwhVTLwN7zg2Pnd5VfLOu465EJhQy4xyLZlFkB5bqd1ErItixaG2XVwEFHFjarg%2BIBR5U8lVlCda2BBlh4s%2FxivieGsBnyO73DXS6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7928a5305976d184-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/d8/9e/7e/d89e7e93f9084c1603a4d5c5eb150bd5/1667590681.png
45.133.44.9200 OK 32 kB URL HTTP/2 cdn.cloudimagesb.com/si/d8/9e/7e/d89e7e93f9084c1603a4d5c5eb150bd5/1667590681.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash b849d6fec2795f05895691bebbaaf6e8
5bfd0781ebb28abf8bfe3afd2557a6290985eeea
394300ca7334229a7fee43d05aa2fc53d5e5acfea953c3852ecc9420abd9005c
GET /si/d8/9e/7e/d89e7e93f9084c1603a4d5c5eb150bd5/1667590681.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:38 GMT
content-type: image/png
content-length: 32483
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:38:09 GMT
etag: "63656a21-7ee3"
expires: Fri, 03 Feb 2023 06:31:38 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/bf/aa/60/bfaa60fe895a002eba68c7c50f3bbb9c/1667590665.png
45.133.44.9200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/si/bf/aa/60/bfaa60fe895a002eba68c7c50f3bbb9c/1667590665.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 2cb2500acb00f247ef19403c3a0f89e1
7c57e8b84b2bb0003810ffae7a14e24869155464
7efcd5082673b787603d2a0b8d768fb26807cf2ab79771a69886a916d0cda3ce
GET /si/bf/aa/60/bfaa60fe895a002eba68c7c50f3bbb9c/1667590665.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:38 GMT
content-type: image/png
content-length: 32763
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:37:53 GMT
etag: "63656a11-7ffb"
expires: Fri, 03 Feb 2023 06:31:38 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
prg.smartadserver.com/prebid/v1
217.182.178.224200 OK 0 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 217.182.178.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 401
Origin: https://adsbb.dfiles.eu
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-length: 0
content-type: application/json; charset=UTF-8
date: Wed, 01 Feb 2023 06:31:38 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://adsbb.dfiles.eu
cache-control: no-cache,no-store
pragma: no-cache
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
unseenreport.com/pxf.gif?uuid=62f9e171-9b2e-4097-9f7a-4f976337e32c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=6
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=62f9e171-9b2e-4097-9f7a-4f976337e32c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=6
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=62f9e171-9b2e-4097-9f7a-4f976337e32c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=6 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 01 Feb 2023 06:31:38 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 81e5d3d21007186a0317cd8d4076f67c
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=62f9e171-9b2e-4097-9f7a-4f976337e32c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=6
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=62f9e171-9b2e-4097-9f7a-4f976337e32c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=6
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=62f9e171-9b2e-4097-9f7a-4f976337e32c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=6 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 01 Feb 2023 06:31:38 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 46d23df2f30e1c394edfd4285925673f
Strict-Transport-Security: max-age=0; includeSubdomains
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 22:02:00 GMT
expires: Mon, 29 Jan 2024 22:02:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 203378
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 13:09:06 GMT
expires: Wed, 31 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 62552
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b4c9a8ce96aa57d27a6bd55df00f08ac
180302ed4863fb5b22b45ab0cc7c770a12a8c63d
3707163ad693f536f95ed3331f045060ad51b12e95d55690d341a4a93e7f1d12
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e0bc98d03057dabba1334b62bea0975b
b358a8123908fe4b1c94a1273cac45c4e23b212e
10ef320ba825ca0e17d039b66fd2f321f4d2c687a8734d226fa25e9b45e109d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
peevishchasingstir.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3l0V1MuqF0Gljwoy293T88s9LMY1ElyTuLsa8FZdVT0pp7qrqeqengQPwQXZizCe9Nj5JtmgLrL7BwjS8SI5ZTxIBONNvCueZSYDow%2Bq3vvqe4fve%2FU%2B2y%2FOiYeCnm2%2Bp3elUvRaq%2BG5r27JlOvSuut3Xd9reNfdLZm2w%2BvuaHaZ4Ru%2B12p4r7nvCDbQ1wLP9zzf891VaUSsR9fmLGT2sOc3el4jDBp%2BK8TI%2FB%2FbwoGlDvjwnDwHyadPbP%2F0GJLVSJNHN4Ud5Dp7%2Fe2kUDTXBkN%2B9EE6SHWZIlmWsXEQp0eLbmg7JeSrS9Dp0cIB9PBg5gCRnBLnFx9RerSQiWh4eKE0UhApIv4MymENoWpIWoPpe5D8lACMY30DafJgXZuS7lywdMZOyZV%2F%2FoIsp%2BTKby8gTb5bUXLk3tGqyKVOLUZxBTmqIfs1suIY%2Ba4DWR6D5Z9CcoI0qSB5NXctZQ0Z11BiDGodFLMjHRSxgyJzkPAzl7Z6sed14ihuNrshY6zZZKzVbfMWb4bd2EPBZrLGyLMxmBqDmT1kZg8DOYYpfoDdrmC5A5tPifP%2BHoa8QikISktQUoJSEpQ5QTmsDrmyga0ecGWLyF%2FkYJGb1UTn%2FX16qPO%2BSMl%2Bdk6uzufxd1tjIM7cIAgpD6kfRmHkt5jfCdpx3PFagrU7gaBtWFlB2ktzq7vy9PkMmTx99iVE9BhWHYPJq6DFy6DlpBN4oNuTsOthN33ERaatzGOphG0wnYDrCll%2BBfmOs6%2FOyYtzHb0%2FnoRgJze%2B%2FHzj9%2Bv8IzBTITMVPpY%2FEvTV%2FcltXZKD27q05PFGlstE7tLZn93JaS4uf%2FOu2Cm14Ws37fjrN9mMmJUP7wqb36Ipl2nfkm9XJOfCrGrDBPl%2BzW6JaLOw2yuFSYvs1uZbq2tJZoS1Uqc1qDz98BMwOSVPm8F8G1%2F5cxXS1DBFhaQ4IYuA1DVYtgebLdVbTWDUsifKHJRFNTFBtHxUkkCJJaZRBfsfHC3rfXsffeOA5vfmOzg0FYaqAlVj2OLyJM%2FMyY2fm%2FNApJxJpIxzECmjvrgYrZVnbssPRTfqdhjnkWDc7wTNbtPzAs7DTk%2F4PeR2yn59au1fAAAA%2F%2F8BAAD%2F%2F7%2BHszZlBAAA
192.243.59.12200 OK 7 B URL HTTP/1.1 peevishchasingstir.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3l0V1MuqF0Gljwoy293T88s9LMY1ElyTuLsa8FZdVT0pp7qrqeqengQPwQXZizCe9Nj5JtmgLrL7BwjS8SI5ZTxIBONNvCueZSYDow%2Bq3vvqe4fve%2FU%2B2y%2FOiYeCnm2%2Bp3elUvRaq%2BG5r27JlOvSuut3Xd9reNfdLZm2w%2BvuaHaZ4Ru%2B12p4r7nvCDbQ1wLP9zzf891VaUSsR9fmLGT2sOc3el4jDBp%2BK8TI%2FB%2FbwoGlDvjwnDwHyadPbP%2F0GJLVSJNHN4Ud5Dp7%2Fe2kUDTXBkN%2B9EE6SHWZIlmWsXEQp0eLbmg7JeSrS9Dp0cIB9PBg5gCRnBLnFx9RerSQiWh4eKE0UhApIv4MymENoWpIWoPpe5D8lACMY30DafJgXZuS7lywdMZOyZV%2F%2FoIsp%2BTKby8gTb5bUXLk3tGqyKVOLUZxBTmqIfs1suIY%2Ba4DWR6D5Z9CcoI0qSB5NXctZQ0Z11BiDGodFLMjHRSxgyJzkPAzl7Z6sed14ihuNrshY6zZZKzVbfMWb4bd2EPBZrLGyLMxmBqDmT1kZg8DOYYpfoDdrmC5A5tPifP%2BHoa8QikISktQUoJSEpQ5QTmsDrmyga0ecGWLyF%2FkYJGb1UTn%2FX16qPO%2BSMl%2Bdk6uzufxd1tjIM7cIAgpD6kfRmHkt5jfCdpx3PFagrU7gaBtWFlB2ktzq7vy9PkMmTx99iVE9BhWHYPJq6DFy6DlpBN4oNuTsOthN33ERaatzGOphG0wnYDrCll%2BBfmOs6%2FOyYtzHb0%2FnoRgJze%2B%2FHzj9%2Bv8IzBTITMVPpY%2FEvTV%2FcltXZKD27q05PFGlstE7tLZn93JaS4uf%2FOu2Cm14Ws37fjrN9mMmJUP7wqb36Ipl2nfkm9XJOfCrGrDBPl%2BzW6JaLOw2yuFSYvs1uZbq2tJZoS1Uqc1qDz98BMwOSVPm8F8G1%2F5cxXS1DBFhaQ4IYuA1DVYtgebLdVbTWDUsifKHJRFNTFBtHxUkkCJJaZRBfsfHC3rfXsffeOA5vfmOzg0FYaqAlVj2OLyJM%2FMyY2fm%2FNApJxJpIxzECmjvrgYrZVnbssPRTfqdhjnkWDc7wTNbtPzAs7DTk%2F4PeR2yn59au1fAAAA%2F%2F8BAAD%2F%2F7%2BHszZlBAAA
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3l0V1MuqF0Gljwoy293T88s9LMY1ElyTuLsa8FZdVT0pp7qrqeqengQPwQXZizCe9Nj5JtmgLrL7BwjS8SI5ZTxIBONNvCueZSYDow%2Bq3vvqe4fve%2FU%2B2y%2FOiYeCnm2%2Bp3elUvRaq%2BG5r27JlOvSuut3Xd9reNfdLZm2w%2BvuaHaZ4Ru%2B12p4r7nvCDbQ1wLP9zzf891VaUSsR9fmLGT2sOc3el4jDBp%2BK8TI%2FB%2FbwoGlDvjwnDwHyadPbP%2F0GJLVSJNHN4Ud5Dp7%2Fe2kUDTXBkN%2B9EE6SHWZIlmWsXEQp0eLbmg7JeSrS9Dp0cIB9PBg5gCRnBLnFx9RerSQiWh4eKE0UhApIv4MymENoWpIWoPpe5D8lACMY30DafJgXZuS7lywdMZOyZV%2F%2FoIsp%2BTKby8gTb5bUXLk3tGqyKVOLUZxBTmqIfs1suIY%2Ba4DWR6D5Z9CcoI0qSB5NXctZQ0Z11BiDGodFLMjHRSxgyJzkPAzl7Z6sed14ihuNrshY6zZZKzVbfMWb4bd2EPBZrLGyLMxmBqDmT1kZg8DOYYpfoDdrmC5A5tPifP%2BHoa8QikISktQUoJSEpQ5QTmsDrmyga0ecGWLyF%2FkYJGb1UTn%2FX16qPO%2BSMl%2Bdk6uzufxd1tjIM7cIAgpD6kfRmHkt5jfCdpx3PFagrU7gaBtWFlB2ktzq7vy9PkMmTx99iVE9BhWHYPJq6DFy6DlpBN4oNuTsOthN33ERaatzGOphG0wnYDrCll%2BBfmOs6%2FOyYtzHb0%2FnoRgJze%2B%2FHzj9%2Bv8IzBTITMVPpY%2FEvTV%2FcltXZKD27q05PFGlstE7tLZn93JaS4uf%2FOu2Cm14Ws37fjrN9mMmJUP7wqb36Ipl2nfkm9XJOfCrGrDBPl%2BzW6JaLOw2yuFSYvs1uZbq2tJZoS1Uqc1qDz98BMwOSVPm8F8G1%2F5cxXS1DBFhaQ4IYuA1DVYtgebLdVbTWDUsifKHJRFNTFBtHxUkkCJJaZRBfsfHC3rfXsffeOA5vfmOzg0FYaqAlVj2OLyJM%2FMyY2fm%2FNApJxJpIxzECmjvrgYrZVnbssPRTfqdhjnkWDc7wTNbtPzAs7DTk%2F4PeR2yn59au1fAAAA%2F%2F8BAAD%2F%2F7%2BHszZlBAAA HTTP/1.1
Host: peevishchasingstir.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 01 Feb 2023 06:31:38 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 772792b35c863ef49ca8452b5b13573b
Strict-Transport-Security: max-age=0; includeSubdomains
adservice.google.no/adsid/integrator.js?domain=adsbb.dfiles.eu
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=adsbb.dfiles.eu
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=adsbb.dfiles.eu HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 01 Feb 2023 06:31:38 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=adsbb.dfiles.eu
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=adsbb.dfiles.eu
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=adsbb.dfiles.eu HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 01 Feb 2023 06:31:38 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
peevishchasingstir.com/pixel/sbs?c=1
192.243.59.12200 OK 0 B URL HTTP/1.1 peevishchasingstir.com/pixel/sbs?c=1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: peevishchasingstir.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 01 Feb 2023 06:31:38 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b4c9a8ce96aa57d27a6bd55df00f08ac
180302ed4863fb5b22b45ab0cc7c770a12a8c63d
3707163ad693f536f95ed3331f045060ad51b12e95d55690d341a4a93e7f1d12
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
91080e2b2160b4be022a9a132c9b7b04.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
142.250.74.97200 OK 2.7 kB URL HTTP/2 91080e2b2160b4be022a9a132c9b7b04.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html?n=2 HTTP/1.1
Host: 91080e2b2160b4be022a9a132c9b7b04.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Wed, 01 Feb 2023 06:31:38 GMT
expires: Thu, 01 Feb 2024 06:31:38 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023013001&st=env
142.250.74.66200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023013001&st=env
IP 142.250.74.66:0
File type JSON data\012- , ASCII text, with very long lines (14709), with no line terminators
Hash 7bfb3369e8dcd51c16e0c433b56d626d
b9389d93d62d220510323bf2067b3c8743eca36b
0f23699694454ee500363223343e956bd5237b6753e08344a7626e2d9e640949
GET /getconfig/sodar?sv=200&tid=gpt&tv=2023013001&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://adsbb.dfiles.eu
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Wed, 01 Feb 2023 06:31:38 GMT
server: cafe
content-length: 11104
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash fac8be8cf632a008cb377ac953dd755c
1c397f779b8d357fcc9994396204bed4beec1d06
97e40ea51c81b4a552656d6556da89bde56209edf71cd810a710e04895f3297f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
172.217.21.161200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 172.217.21.161:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Wed, 01 Feb 2023 06:31:38 GMT
expires: Wed, 01 Feb 2023 06:31:38 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
172.217.21.161200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 20:43:30 GMT
expires: Fri, 26 Jan 2024 20:43:30 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 467288
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 731c618f6bbd8b7a4bce809f0c861ebe
53b59b229f89e0586c3933c193011c7d7ae76efb
d0e7768eb06f3203fdabd06f270e022703c1e0c3dd8dc61f067ece82e22dc96f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D0E7768EB06F3203FDABD06F270E022703C1E0C3DD8DC61F067ECE82E22DC96F"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4988
Expires: Wed, 01 Feb 2023 07:54:47 GMT
Date: Wed, 01 Feb 2023 06:31:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 84a619e9e5fe473391cba1166025d292
f91ce28271b76787d9fb3dae7a6aa0e5ae92f7bc
83280d0d6e15e7784bb091374dca46094441d678fe5afc386bcae98c0a463cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "83280D0D6E15E7784BB091374DCA46094441D678FE5AFC386BCAE98C0A463CAC"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21599
Expires: Wed, 01 Feb 2023 12:31:38 GMT
Date: Wed, 01 Feb 2023 06:31:39 GMT
Connection: keep-alive
dfiles.eu/ps/QW13h0.js
91.226.124.76304 Not Modified 0 B IP 91.226.124.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ps/QW13h0.js HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uprand=ec612746b9eaf167cd9c9fa182194e8c; last_file=y0nf06jdd; lang_current=en; u_count=%5B0%2C0%5D; sb_page_224ad4a14b4b15c1726ff705ec672ea6=1; sb_onpage_224ad4a14b4b15c1726ff705ec672ea6=1; sb_main_224ad4a14b4b15c1726ff705ec672ea6=1; sb_count_224ad4a14b4b15c1726ff705ec672ea6=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=62f9e171-9b2e-4097-9f7a-4f976337e32c%3A1%3A1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=peevishchasingstir.com; ppu_idelay_c22dc50dc2bbe4422c7f68d26ab95eb9=1; __gads=ID=3ee3062adf4d1d74:T=1675233098:S=ALNI_Mae81sy69Avw6KiWnb2OWUdI0D5qA; __gpi=UID=00000bad4da9f459:T=1675233098:RT=1675233098:S=ALNI_Ma20Gr0mXKajtKbCFDOqz_nXpwgVw
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Fri, 21 Oct 2022 18:16:45 GMT
If-None-Match: "6352e20d-30"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Server: nginx
Date: Wed, 01 Feb 2023 06:31:39 GMT
Last-Modified: Fri, 21 Oct 2022 18:16:45 GMT
Connection: close
ETag: "6352e20d-30"
hal9000.redintelligence.net/zone/4f6kuk8nqt03?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgCgSSgfaY7LLL56R-cAP5-WoGNf6-ptpyqep4-IP8C4QASDW5sVYYMOEgICYGMgBCakCh0FETJ02sj6oAwGqBPoBT9CFPLd6zg5gMfQsu78Dy6NeQPCOK2gzgR0ELYsrp1epDEFmc2zdbACx6W7o0w3ENjLZS5xYPkt5AvQniati5uYeGVIFPgEVorBsTq1Ll2AmiK6BLqjSqvNJTM1sk1GBoInYeh8EMchHnjkgpIjHb_uEttI9iGM79HOt07U5TVwQ2QI3ru63q48lFc1NCrD6mBxGwHCACnt7HH5WW2deq9JSqfxbIJQnbKhhayopeFbs5V7REqcZBkkdX5ib_n2LmiGEI2UlarVCzL0Y-wVEePgITYuDAy8p7rhXVbhcLrH4cho12yMeuMooG7xrYiDp6yEXDABBS_zHCsAEnf2hifAD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tMzY4NjkwNjUyNTY2MTY4NIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymEdLK7GPOLlgZ5XeIOnb1xzdiw2ANg1vQ4xvjs7waEMFGzziRvO7uyP5ZxaRaR7BTbD-81jCSoKuESZcGBOoaXZoufMX7NRgB%26sig%3DAOD64_3Z7kqvjRzxVPE5Idr0P53EQiwCvw%26client%3Dca-pub-2128757167812663%26dbm_c%3DAKAmf-Cm27aDF73QhM-WA-EPxtfgeY8n2yMOfIaemGYhO00dVxbrdZPcG3JmAzi-yRnSKuqb6okX2Fg3e7cgIBW7fG1GQ9L0pcyRfsypzR68FtLz_lfoWx0GmOHgHrhBsttSgGl2AFZaO9KpxXJz9zqT5_Y9FpYdzDkSX2CHnA8kFaaLHuC2yLo%26cry%3D1%26dbm_d%3DAKAmf-BQdmAsZYQF8q8kDZiqVJUFLgDi1gEd_eUdZf-fPyL_61iZgrOYYkUdNiZLT_D80CmG7DPJ12V_fo5dbOtuYyC5q5l0ldQrOFXsxTRZ12EUfrMyPGS3lH521F05C4eO4Aiqf1R35f30zQUKrRujDXDCkk8gOWQJv8JsQGBGushoOkPPB307j6e32A8VISg2Mtou6yQnsu5dfwKnLuUinHjiTZb5iipovS0uIU7mEJp7coLLibfCAko0mcKQ2kggf_h55ypagJx73SGlt70xCgAVkk_-JvY8NWfbjOn9cF1KNNfh0e2sZwYd3eRdoAHTPxSepJwnFKF6dVDyJbOdidFUvIHR93zngOHP2BAY-8SpRSwVG-UsqBCvMIVCehGXs1nq6mpUO4xxYYaJcTxQBmyS4L1BglmtietQmF47y_KuumGluKKXHWqZP3OVr7zjBeGfCeMWrxe7p4GbRGMnAz9wOjOQcXa3p8b8c-QweJGPz24Sy9kE54gBupqsoNTXilads51HSau3aDjLmA-X6AWWVpovDoSihu9uYd0c4A-c2Yp7HGLxbo41pFejbK4RiaSl-yv_3nfMTHoNB1mNHugK2EW7V2kZutF2nfKSZ5oDlAlvLw2P2jAznaBbVEsdtkmXNpNI%26adurl%3D
88.99.219.174200 OK 4.2 kB URL HTTP/1.1 hal9000.redintelligence.net/zone/4f6kuk8nqt03?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgCgSSgfaY7LLL56R-cAP5-WoGNf6-ptpyqep4-IP8C4QASDW5sVYYMOEgICYGMgBCakCh0FETJ02sj6oAwGqBPoBT9CFPLd6zg5gMfQsu78Dy6NeQPCOK2gzgR0ELYsrp1epDEFmc2zdbACx6W7o0w3ENjLZS5xYPkt5AvQniati5uYeGVIFPgEVorBsTq1Ll2AmiK6BLqjSqvNJTM1sk1GBoInYeh8EMchHnjkgpIjHb_uEttI9iGM79HOt07U5TVwQ2QI3ru63q48lFc1NCrD6mBxGwHCACnt7HH5WW2deq9JSqfxbIJQnbKhhayopeFbs5V7REqcZBkkdX5ib_n2LmiGEI2UlarVCzL0Y-wVEePgITYuDAy8p7rhXVbhcLrH4cho12yMeuMooG7xrYiDp6yEXDABBS_zHCsAEnf2hifAD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tMzY4NjkwNjUyNTY2MTY4NIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymEdLK7GPOLlgZ5XeIOnb1xzdiw2ANg1vQ4xvjs7waEMFGzziRvO7uyP5ZxaRaR7BTbD-81jCSoKuESZcGBOoaXZoufMX7NRgB%26sig%3DAOD64_3Z7kqvjRzxVPE5Idr0P53EQiwCvw%26client%3Dca-pub-2128757167812663%26dbm_c%3DAKAmf-Cm27aDF73QhM-WA-EPxtfgeY8n2yMOfIaemGYhO00dVxbrdZPcG3JmAzi-yRnSKuqb6okX2Fg3e7cgIBW7fG1GQ9L0pcyRfsypzR68FtLz_lfoWx0GmOHgHrhBsttSgGl2AFZaO9KpxXJz9zqT5_Y9FpYdzDkSX2CHnA8kFaaLHuC2yLo%26cry%3D1%26dbm_d%3DAKAmf-BQdmAsZYQF8q8kDZiqVJUFLgDi1gEd_eUdZf-fPyL_61iZgrOYYkUdNiZLT_D80CmG7DPJ12V_fo5dbOtuYyC5q5l0ldQrOFXsxTRZ12EUfrMyPGS3lH521F05C4eO4Aiqf1R35f30zQUKrRujDXDCkk8gOWQJv8JsQGBGushoOkPPB307j6e32A8VISg2Mtou6yQnsu5dfwKnLuUinHjiTZb5iipovS0uIU7mEJp7coLLibfCAko0mcKQ2kggf_h55ypagJx73SGlt70xCgAVkk_-JvY8NWfbjOn9cF1KNNfh0e2sZwYd3eRdoAHTPxSepJwnFKF6dVDyJbOdidFUvIHR93zngOHP2BAY-8SpRSwVG-UsqBCvMIVCehGXs1nq6mpUO4xxYYaJcTxQBmyS4L1BglmtietQmF47y_KuumGluKKXHWqZP3OVr7zjBeGfCeMWrxe7p4GbRGMnAz9wOjOQcXa3p8b8c-QweJGPz24Sy9kE54gBupqsoNTXilads51HSau3aDjLmA-X6AWWVpovDoSihu9uYd0c4A-c2Yp7HGLxbo41pFejbK4RiaSl-yv_3nfMTHoNB1mNHugK2EW7V2kZutF2nfKSZ5oDlAlvLw2P2jAznaBbVEsdtkmXNpNI%26adurl%3D
IP 88.99.219.174:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1811), with CRLF line terminators
Hash 3c1a65f0d5f530bf7000ef70edcf10b6
853ab1f95c2230652a189d4fd17040b6a13275e2
32604f5c8e666bbeac1339b13876ebdb27c1740221d3199b869f1babc30f5a46
GET /zone/4f6kuk8nqt03?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgCgSSgfaY7LLL56R-cAP5-WoGNf6-ptpyqep4-IP8C4QASDW5sVYYMOEgICYGMgBCakCh0FETJ02sj6oAwGqBPoBT9CFPLd6zg5gMfQsu78Dy6NeQPCOK2gzgR0ELYsrp1epDEFmc2zdbACx6W7o0w3ENjLZS5xYPkt5AvQniati5uYeGVIFPgEVorBsTq1Ll2AmiK6BLqjSqvNJTM1sk1GBoInYeh8EMchHnjkgpIjHb_uEttI9iGM79HOt07U5TVwQ2QI3ru63q48lFc1NCrD6mBxGwHCACnt7HH5WW2deq9JSqfxbIJQnbKhhayopeFbs5V7REqcZBkkdX5ib_n2LmiGEI2UlarVCzL0Y-wVEePgITYuDAy8p7rhXVbhcLrH4cho12yMeuMooG7xrYiDp6yEXDABBS_zHCsAEnf2hifAD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tMzY4NjkwNjUyNTY2MTY4NIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymEdLK7GPOLlgZ5XeIOnb1xzdiw2ANg1vQ4xvjs7waEMFGzziRvO7uyP5ZxaRaR7BTbD-81jCSoKuESZcGBOoaXZoufMX7NRgB%26sig%3DAOD64_3Z7kqvjRzxVPE5Idr0P53EQiwCvw%26client%3Dca-pub-2128757167812663%26dbm_c%3DAKAmf-Cm27aDF73QhM-WA-EPxtfgeY8n2yMOfIaemGYhO00dVxbrdZPcG3JmAzi-yRnSKuqb6okX2Fg3e7cgIBW7fG1GQ9L0pcyRfsypzR68FtLz_lfoWx0GmOHgHrhBsttSgGl2AFZaO9KpxXJz9zqT5_Y9FpYdzDkSX2CHnA8kFaaLHuC2yLo%26cry%3D1%26dbm_d%3DAKAmf-BQdmAsZYQF8q8kDZiqVJUFLgDi1gEd_eUdZf-fPyL_61iZgrOYYkUdNiZLT_D80CmG7DPJ12V_fo5dbOtuYyC5q5l0ldQrOFXsxTRZ12EUfrMyPGS3lH521F05C4eO4Aiqf1R35f30zQUKrRujDXDCkk8gOWQJv8JsQGBGushoOkPPB307j6e32A8VISg2Mtou6yQnsu5dfwKnLuUinHjiTZb5iipovS0uIU7mEJp7coLLibfCAko0mcKQ2kggf_h55ypagJx73SGlt70xCgAVkk_-JvY8NWfbjOn9cF1KNNfh0e2sZwYd3eRdoAHTPxSepJwnFKF6dVDyJbOdidFUvIHR93zngOHP2BAY-8SpRSwVG-UsqBCvMIVCehGXs1nq6mpUO4xxYYaJcTxQBmyS4L1BglmtietQmF47y_KuumGluKKXHWqZP3OVr7zjBeGfCeMWrxe7p4GbRGMnAz9wOjOQcXa3p8b8c-QweJGPz24Sy9kE54gBupqsoNTXilads51HSau3aDjLmA-X6AWWVpovDoSihu9uYd0c4A-c2Yp7HGLxbo41pFejbK4RiaSl-yv_3nfMTHoNB1mNHugK2EW7V2kZutF2nfKSZ5oDlAlvLw2P2jAznaBbVEsdtkmXNpNI%26adurl%3D HTTP/1.1
Host: hal9000.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://91080e2b2160b4be022a9a132c9b7b04.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 06:31:39 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4203
Connection: close
Content-Type: text/html; charset=UTF-8
hal900016.redintelligence.net/request.php?zone=4f6kuk8nqt03&nw=20&renderingType=javascript&namespace=79d1b18bce&subid=&uid=8d0064810170f012&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgCgSSgfaY7LLL56R-cAP5-WoGNf6-ptpyqep4-IP8C4QASDW5sVYYMOEgICYGMgBCakCh0FETJ02sj6oAwGqBPoBT9CFPLd6zg5gMfQsu78Dy6NeQPCOK2gzgR0ELYsrp1epDEFmc2zdbACx6W7o0w3ENjLZS5xYPkt5AvQniati5uYeGVIFPgEVorBsTq1Ll2AmiK6BLqjSqvNJTM1sk1GBoInYeh8EMchHnjkgpIjHb_uEttI9iGM79HOt07U5TVwQ2QI3ru63q48lFc1NCrD6mBxGwHCACnt7HH5WW2deq9JSqfxbIJQnbKhhayopeFbs5V7REqcZBkkdX5ib_n2LmiGEI2UlarVCzL0Y-wVEePgITYuDAy8p7rhXVbhcLrH4cho12yMeuMooG7xrYiDp6yEXDABBS_zHCsAEnf2hifAD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tMzY4NjkwNjUyNTY2MTY4NIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymEdLK7GPOLlgZ5XeIOnb1xzdiw2ANg1vQ4xvjs7waEMFGzziRvO7uyP5ZxaRaR7BTbD-81jCSoKuESZcGBOoaXZoufMX7NRgB%26sig%3DAOD64_3Z7kqvjRzxVPE5Idr0P53EQiwCvw%26client%3Dca-pub-2128757167812663%26dbm_c%3DAKAmf-Cm27aDF73QhM-WA-EPxtfgeY8n2yMOfIaemGYhO00dVxbrdZPcG3JmAzi-yRnSKuqb6okX2Fg3e7cgIBW7fG1GQ9L0pcyRfsypzR68FtLz_lfoWx0GmOHgHrhBsttSgGl2AFZaO9KpxXJz9zqT5_Y9FpYdzDkSX2CHnA8kFaaLHuC2yLo%26cry%3D1%26dbm_d%3DAKAmf-BQdmAsZYQF8q8kDZiqVJUFLgDi1gEd_eUdZf-fPyL_61iZgrOYYkUdNiZLT_D80CmG7DPJ12V_fo5dbOtuYyC5q5l0ldQrOFXsxTRZ12EUfrMyPGS3lH521F05C4eO4Aiqf1R35f30zQUKrRujDXDCkk8gOWQJv8JsQGBGushoOkPPB307j6e32A8VISg2Mtou6yQnsu5dfwKnLuUinHjiTZb5iipovS0uIU7mEJp7coLLibfCAko0mcKQ2kggf_h55ypagJx73SGlt70xCgAVkk_-JvY8NWfbjOn9cF1KNNfh0e2sZwYd3eRdoAHTPxSepJwnFKF6dVDyJbOdidFUvIHR93zngOHP2BAY-8SpRSwVG-UsqBCvMIVCehGXs1nq6mpUO4xxYYaJcTxQBmyS4L1BglmtietQmF47y_KuumGluKKXHWqZP3OVr7zjBeGfCeMWrxe7p4GbRGMnAz9wOjOQcXa3p8b8c-QweJGPz24Sy9kE54gBupqsoNTXilads51HSau3aDjLmA-X6AWWVpovDoSihu9uYd0c4A-c2Yp7HGLxbo41pFejbK4RiaSl-yv_3nfMTHoNB1mNHugK2EW7V2kZutF2nfKSZ5oDlAlvLw2P2jAznaBbVEsdtkmXNpNI%26adurl%3D&documentReferer=https%3A%2F%2Fadsbb.dfiles.eu%2F&ancestorOrigins=null&random=690953337475&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
138.201.220.30302 Found 0 B URL HTTP/1.1 hal900016.redintelligence.net/request.php?zone=4f6kuk8nqt03&nw=20&renderingType=javascript&namespace=79d1b18bce&subid=&uid=8d0064810170f012&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgCgSSgfaY7LLL56R-cAP5-WoGNf6-ptpyqep4-IP8C4QASDW5sVYYMOEgICYGMgBCakCh0FETJ02sj6oAwGqBPoBT9CFPLd6zg5gMfQsu78Dy6NeQPCOK2gzgR0ELYsrp1epDEFmc2zdbACx6W7o0w3ENjLZS5xYPkt5AvQniati5uYeGVIFPgEVorBsTq1Ll2AmiK6BLqjSqvNJTM1sk1GBoInYeh8EMchHnjkgpIjHb_uEttI9iGM79HOt07U5TVwQ2QI3ru63q48lFc1NCrD6mBxGwHCACnt7HH5WW2deq9JSqfxbIJQnbKhhayopeFbs5V7REqcZBkkdX5ib_n2LmiGEI2UlarVCzL0Y-wVEePgITYuDAy8p7rhXVbhcLrH4cho12yMeuMooG7xrYiDp6yEXDABBS_zHCsAEnf2hifAD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tMzY4NjkwNjUyNTY2MTY4NIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymEdLK7GPOLlgZ5XeIOnb1xzdiw2ANg1vQ4xvjs7waEMFGzziRvO7uyP5ZxaRaR7BTbD-81jCSoKuESZcGBOoaXZoufMX7NRgB%26sig%3DAOD64_3Z7kqvjRzxVPE5Idr0P53EQiwCvw%26client%3Dca-pub-2128757167812663%26dbm_c%3DAKAmf-Cm27aDF73QhM-WA-EPxtfgeY8n2yMOfIaemGYhO00dVxbrdZPcG3JmAzi-yRnSKuqb6okX2Fg3e7cgIBW7fG1GQ9L0pcyRfsypzR68FtLz_lfoWx0GmOHgHrhBsttSgGl2AFZaO9KpxXJz9zqT5_Y9FpYdzDkSX2CHnA8kFaaLHuC2yLo%26cry%3D1%26dbm_d%3DAKAmf-BQdmAsZYQF8q8kDZiqVJUFLgDi1gEd_eUdZf-fPyL_61iZgrOYYkUdNiZLT_D80CmG7DPJ12V_fo5dbOtuYyC5q5l0ldQrOFXsxTRZ12EUfrMyPGS3lH521F05C4eO4Aiqf1R35f30zQUKrRujDXDCkk8gOWQJv8JsQGBGushoOkPPB307j6e32A8VISg2Mtou6yQnsu5dfwKnLuUinHjiTZb5iipovS0uIU7mEJp7coLLibfCAko0mcKQ2kggf_h55ypagJx73SGlt70xCgAVkk_-JvY8NWfbjOn9cF1KNNfh0e2sZwYd3eRdoAHTPxSepJwnFKF6dVDyJbOdidFUvIHR93zngOHP2BAY-8SpRSwVG-UsqBCvMIVCehGXs1nq6mpUO4xxYYaJcTxQBmyS4L1BglmtietQmF47y_KuumGluKKXHWqZP3OVr7zjBeGfCeMWrxe7p4GbRGMnAz9wOjOQcXa3p8b8c-QweJGPz24Sy9kE54gBupqsoNTXilads51HSau3aDjLmA-X6AWWVpovDoSihu9uYd0c4A-c2Yp7HGLxbo41pFejbK4RiaSl-yv_3nfMTHoNB1mNHugK2EW7V2kZutF2nfKSZ5oDlAlvLw2P2jAznaBbVEsdtkmXNpNI%26adurl%3D&documentReferer=https%3A%2F%2Fadsbb.dfiles.eu%2F&ancestorOrigins=null&random=690953337475&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
IP 138.201.220.30:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /request.php?zone=4f6kuk8nqt03&nw=20&renderingType=javascript&namespace=79d1b18bce&subid=&uid=8d0064810170f012&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgCgSSgfaY7LLL56R-cAP5-WoGNf6-ptpyqep4-IP8C4QASDW5sVYYMOEgICYGMgBCakCh0FETJ02sj6oAwGqBPoBT9CFPLd6zg5gMfQsu78Dy6NeQPCOK2gzgR0ELYsrp1epDEFmc2zdbACx6W7o0w3ENjLZS5xYPkt5AvQniati5uYeGVIFPgEVorBsTq1Ll2AmiK6BLqjSqvNJTM1sk1GBoInYeh8EMchHnjkgpIjHb_uEttI9iGM79HOt07U5TVwQ2QI3ru63q48lFc1NCrD6mBxGwHCACnt7HH5WW2deq9JSqfxbIJQnbKhhayopeFbs5V7REqcZBkkdX5ib_n2LmiGEI2UlarVCzL0Y-wVEePgITYuDAy8p7rhXVbhcLrH4cho12yMeuMooG7xrYiDp6yEXDABBS_zHCsAEnf2hifAD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tMzY4NjkwNjUyNTY2MTY4NIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymEdLK7GPOLlgZ5XeIOnb1xzdiw2ANg1vQ4xvjs7waEMFGzziRvO7uyP5ZxaRaR7BTbD-81jCSoKuESZcGBOoaXZoufMX7NRgB%26sig%3DAOD64_3Z7kqvjRzxVPE5Idr0P53EQiwCvw%26client%3Dca-pub-2128757167812663%26dbm_c%3DAKAmf-Cm27aDF73QhM-WA-EPxtfgeY8n2yMOfIaemGYhO00dVxbrdZPcG3JmAzi-yRnSKuqb6okX2Fg3e7cgIBW7fG1GQ9L0pcyRfsypzR68FtLz_lfoWx0GmOHgHrhBsttSgGl2AFZaO9KpxXJz9zqT5_Y9FpYdzDkSX2CHnA8kFaaLHuC2yLo%26cry%3D1%26dbm_d%3DAKAmf-BQdmAsZYQF8q8kDZiqVJUFLgDi1gEd_eUdZf-fPyL_61iZgrOYYkUdNiZLT_D80CmG7DPJ12V_fo5dbOtuYyC5q5l0ldQrOFXsxTRZ12EUfrMyPGS3lH521F05C4eO4Aiqf1R35f30zQUKrRujDXDCkk8gOWQJv8JsQGBGushoOkPPB307j6e32A8VISg2Mtou6yQnsu5dfwKnLuUinHjiTZb5iipovS0uIU7mEJp7coLLibfCAko0mcKQ2kggf_h55ypagJx73SGlt70xCgAVkk_-JvY8NWfbjOn9cF1KNNfh0e2sZwYd3eRdoAHTPxSepJwnFKF6dVDyJbOdidFUvIHR93zngOHP2BAY-8SpRSwVG-UsqBCvMIVCehGXs1nq6mpUO4xxYYaJcTxQBmyS4L1BglmtietQmF47y_KuumGluKKXHWqZP3OVr7zjBeGfCeMWrxe7p4GbRGMnAz9wOjOQcXa3p8b8c-QweJGPz24Sy9kE54gBupqsoNTXilads51HSau3aDjLmA-X6AWWVpovDoSihu9uYd0c4A-c2Yp7HGLxbo41pFejbK4RiaSl-yv_3nfMTHoNB1mNHugK2EW7V2kZutF2nfKSZ5oDlAlvLw2P2jAznaBbVEsdtkmXNpNI%26adurl%3D&documentReferer=https%3A%2F%2Fadsbb.dfiles.eu%2F&ancestorOrigins=null&random=690953337475&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP/1.1
Host: hal900016.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://91080e2b2160b4be022a9a132c9b7b04.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Wed, 01 Feb 2023 06:31:39 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 01 Feb 2023 06:31:39 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8lcfmzhxc8d6_uid=1cd58d93cc4141f6; expires=Tue, 02-May-2023 06:31:39 GMT; Max-Age=7776000; path=/; domain=.redintelligence.net; secure; SameSite=None
Location: request.php?zone=4f6kuk8nqt03&nw=20&renderingType=javascript&namespace=79d1b18bce&subid=&uid=8d0064810170f012&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgCgSSgfaY7LLL56R-cAP5-WoGNf6-ptpyqep4-IP8C4QASDW5sVYYMOEgICYGMgBCakCh0FETJ02sj6oAwGqBPoBT9CFPLd6zg5gMfQsu78Dy6NeQPCOK2gzgR0ELYsrp1epDEFmc2zdbACx6W7o0w3ENjLZS5xYPkt5AvQniati5uYeGVIFPgEVorBsTq1Ll2AmiK6BLqjSqvNJTM1sk1GBoInYeh8EMchHnjkgpIjHb_uEttI9iGM79HOt07U5TVwQ2QI3ru63q48lFc1NCrD6mBxGwHCACnt7HH5WW2deq9JSqfxbIJQnbKhhayopeFbs5V7REqcZBkkdX5ib_n2LmiGEI2UlarVCzL0Y-wVEePgITYuDAy8p7rhXVbhcLrH4cho12yMeuMooG7xrYiDp6yEXDABBS_zHCsAEnf2hifAD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tMzY4NjkwNjUyNTY2MTY4NIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymEdLK7GPOLlgZ5XeIOnb1xzdiw2ANg1vQ4xvjs7waEMFGzziRvO7uyP5ZxaRaR7BTbD-81jCSoKuESZcGBOoaXZoufMX7NRgB%26sig%3DAOD64_3Z7kqvjRzxVPE5Idr0P53EQiwCvw%26client%3Dca-pub-2128757167812663%26dbm_c%3DAKAmf-Cm27aDF73QhM-WA-EPxtfgeY8n2yMOfIaemGYhO00dVxbrdZPcG3JmAzi-yRnSKuqb6okX2Fg3e7cgIBW7fG1GQ9L0pcyRfsypzR68FtLz_lfoWx0GmOHgHrhBsttSgGl2AFZaO9KpxXJz9zqT5_Y9FpYdzDkSX2CHnA8kFaaLHuC2yLo%26cry%3D1%26dbm_d%3DAKAmf-BQdmAsZYQF8q8kDZiqVJUFLgDi1gEd_eUdZf-fPyL_61iZgrOYYkUdNiZLT_D80CmG7DPJ12V_fo5dbOtuYyC5q5l0ldQrOFXsxTRZ12EUfrMyPGS3lH521F05C4eO4Aiqf1R35f30zQUKrRujDXDCkk8gOWQJv8JsQGBGushoOkPPB307j6e32A8VISg2Mtou6yQnsu5dfwKnLuUinHjiTZb5iipovS0uIU7mEJp7coLLibfCAko0mcKQ2kggf_h55ypagJx73SGlt70xCgAVkk_-JvY8NWfbjOn9cF1KNNfh0e2sZwYd3eRdoAHTPxSepJwnFKF6dVDyJbOdidFUvIHR93zngOHP2BAY-8SpRSwVG-UsqBCvMIVCehGXs1nq6mpUO4xxYYaJcTxQBmyS4L1BglmtietQmF47y_KuumGluKKXHWqZP3OVr7zjBeGfCeMWrxe7p4GbRGMnAz9wOjOQcXa3p8b8c-QweJGPz24Sy9kE54gBupqsoNTXilads51HSau3aDjLmA-X6AWWVpovDoSihu9uYd0c4A-c2Yp7HGLxbo41pFejbK4RiaSl-yv_3nfMTHoNB1mNHugK2EW7V2kZutF2nfKSZ5oDlAlvLw2P2jAznaBbVEsdtkmXNpNI%26adurl%3D&documentReferer=https%3A%2F%2Fadsbb.dfiles.eu%2F&ancestorOrigins=null&random=690953337475&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
notification.tubecup.net/in/subscription-offers?href=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fy0nf06jdd%2FCOD-G_update-2.exe&tcid=0&spot_id=13971&site=tcpublisher&source_id=0
88.198.204.168200 OK 0 B URL HTTP/2 notification.tubecup.net/in/subscription-offers?href=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fy0nf06jdd%2FCOD-G_update-2.exe&tcid=0&spot_id=13971&site=tcpublisher&source_id=0
IP 88.198.204.168:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/subscription-offers?href=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fy0nf06jdd%2FCOD-G_update-2.exe&tcid=0&spot_id=13971&site=tcpublisher&source_id=0 HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 01 Feb 2023 06:31:39 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
hal900016.redintelligence.net/request.php?zone=4f6kuk8nqt03&nw=20&renderingType=javascript&namespace=79d1b18bce&subid=&uid=8d0064810170f012&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgCgSSgfaY7LLL56R-cAP5-WoGNf6-ptpyqep4-IP8C4QASDW5sVYYMOEgICYGMgBCakCh0FETJ02sj6oAwGqBPoBT9CFPLd6zg5gMfQsu78Dy6NeQPCOK2gzgR0ELYsrp1epDEFmc2zdbACx6W7o0w3ENjLZS5xYPkt5AvQniati5uYeGVIFPgEVorBsTq1Ll2AmiK6BLqjSqvNJTM1sk1GBoInYeh8EMchHnjkgpIjHb_uEttI9iGM79HOt07U5TVwQ2QI3ru63q48lFc1NCrD6mBxGwHCACnt7HH5WW2deq9JSqfxbIJQnbKhhayopeFbs5V7REqcZBkkdX5ib_n2LmiGEI2UlarVCzL0Y-wVEePgITYuDAy8p7rhXVbhcLrH4cho12yMeuMooG7xrYiDp6yEXDABBS_zHCsAEnf2hifAD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tMzY4NjkwNjUyNTY2MTY4NIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymEdLK7GPOLlgZ5XeIOnb1xzdiw2ANg1vQ4xvjs7waEMFGzziRvO7uyP5ZxaRaR7BTbD-81jCSoKuESZcGBOoaXZoufMX7NRgB%26sig%3DAOD64_3Z7kqvjRzxVPE5Idr0P53EQiwCvw%26client%3Dca-pub-2128757167812663%26dbm_c%3DAKAmf-Cm27aDF73QhM-WA-EPxtfgeY8n2yMOfIaemGYhO00dVxbrdZPcG3JmAzi-yRnSKuqb6okX2Fg3e7cgIBW7fG1GQ9L0pcyRfsypzR68FtLz_lfoWx0GmOHgHrhBsttSgGl2AFZaO9KpxXJz9zqT5_Y9FpYdzDkSX2CHnA8kFaaLHuC2yLo%26cry%3D1%26dbm_d%3DAKAmf-BQdmAsZYQF8q8kDZiqVJUFLgDi1gEd_eUdZf-fPyL_61iZgrOYYkUdNiZLT_D80CmG7DPJ12V_fo5dbOtuYyC5q5l0ldQrOFXsxTRZ12EUfrMyPGS3lH521F05C4eO4Aiqf1R35f30zQUKrRujDXDCkk8gOWQJv8JsQGBGushoOkPPB307j6e32A8VISg2Mtou6yQnsu5dfwKnLuUinHjiTZb5iipovS0uIU7mEJp7coLLibfCAko0mcKQ2kggf_h55ypagJx73SGlt70xCgAVkk_-JvY8NWfbjOn9cF1KNNfh0e2sZwYd3eRdoAHTPxSepJwnFKF6dVDyJbOdidFUvIHR93zngOHP2BAY-8SpRSwVG-UsqBCvMIVCehGXs1nq6mpUO4xxYYaJcTxQBmyS4L1BglmtietQmF47y_KuumGluKKXHWqZP3OVr7zjBeGfCeMWrxe7p4GbRGMnAz9wOjOQcXa3p8b8c-QweJGPz24Sy9kE54gBupqsoNTXilads51HSau3aDjLmA-X6AWWVpovDoSihu9uYd0c4A-c2Yp7HGLxbo41pFejbK4RiaSl-yv_3nfMTHoNB1mNHugK2EW7V2kZutF2nfKSZ5oDlAlvLw2P2jAznaBbVEsdtkmXNpNI%26adurl%3D&documentReferer=https%3A%2F%2Fadsbb.dfiles.eu%2F&ancestorOrigins=null&random=690953337475&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
138.201.220.30200 OK 511 B URL HTTP/1.1 hal900016.redintelligence.net/request.php?zone=4f6kuk8nqt03&nw=20&renderingType=javascript&namespace=79d1b18bce&subid=&uid=8d0064810170f012&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgCgSSgfaY7LLL56R-cAP5-WoGNf6-ptpyqep4-IP8C4QASDW5sVYYMOEgICYGMgBCakCh0FETJ02sj6oAwGqBPoBT9CFPLd6zg5gMfQsu78Dy6NeQPCOK2gzgR0ELYsrp1epDEFmc2zdbACx6W7o0w3ENjLZS5xYPkt5AvQniati5uYeGVIFPgEVorBsTq1Ll2AmiK6BLqjSqvNJTM1sk1GBoInYeh8EMchHnjkgpIjHb_uEttI9iGM79HOt07U5TVwQ2QI3ru63q48lFc1NCrD6mBxGwHCACnt7HH5WW2deq9JSqfxbIJQnbKhhayopeFbs5V7REqcZBkkdX5ib_n2LmiGEI2UlarVCzL0Y-wVEePgITYuDAy8p7rhXVbhcLrH4cho12yMeuMooG7xrYiDp6yEXDABBS_zHCsAEnf2hifAD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tMzY4NjkwNjUyNTY2MTY4NIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymEdLK7GPOLlgZ5XeIOnb1xzdiw2ANg1vQ4xvjs7waEMFGzziRvO7uyP5ZxaRaR7BTbD-81jCSoKuESZcGBOoaXZoufMX7NRgB%26sig%3DAOD64_3Z7kqvjRzxVPE5Idr0P53EQiwCvw%26client%3Dca-pub-2128757167812663%26dbm_c%3DAKAmf-Cm27aDF73QhM-WA-EPxtfgeY8n2yMOfIaemGYhO00dVxbrdZPcG3JmAzi-yRnSKuqb6okX2Fg3e7cgIBW7fG1GQ9L0pcyRfsypzR68FtLz_lfoWx0GmOHgHrhBsttSgGl2AFZaO9KpxXJz9zqT5_Y9FpYdzDkSX2CHnA8kFaaLHuC2yLo%26cry%3D1%26dbm_d%3DAKAmf-BQdmAsZYQF8q8kDZiqVJUFLgDi1gEd_eUdZf-fPyL_61iZgrOYYkUdNiZLT_D80CmG7DPJ12V_fo5dbOtuYyC5q5l0ldQrOFXsxTRZ12EUfrMyPGS3lH521F05C4eO4Aiqf1R35f30zQUKrRujDXDCkk8gOWQJv8JsQGBGushoOkPPB307j6e32A8VISg2Mtou6yQnsu5dfwKnLuUinHjiTZb5iipovS0uIU7mEJp7coLLibfCAko0mcKQ2kggf_h55ypagJx73SGlt70xCgAVkk_-JvY8NWfbjOn9cF1KNNfh0e2sZwYd3eRdoAHTPxSepJwnFKF6dVDyJbOdidFUvIHR93zngOHP2BAY-8SpRSwVG-UsqBCvMIVCehGXs1nq6mpUO4xxYYaJcTxQBmyS4L1BglmtietQmF47y_KuumGluKKXHWqZP3OVr7zjBeGfCeMWrxe7p4GbRGMnAz9wOjOQcXa3p8b8c-QweJGPz24Sy9kE54gBupqsoNTXilads51HSau3aDjLmA-X6AWWVpovDoSihu9uYd0c4A-c2Yp7HGLxbo41pFejbK4RiaSl-yv_3nfMTHoNB1mNHugK2EW7V2kZutF2nfKSZ5oDlAlvLw2P2jAznaBbVEsdtkmXNpNI%26adurl%3D&documentReferer=https%3A%2F%2Fadsbb.dfiles.eu%2F&ancestorOrigins=null&random=690953337475&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
IP 138.201.220.30:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 7a8d104550b8d71a6e80f631595881d9
ef267ab041152cdab1c9f075ac004709c42efcbf
19fce33663dc59e3f2075d981f9a4d85ce6fb3898de10be393955021fd6193ec
GET /request.php?zone=4f6kuk8nqt03&nw=20&renderingType=javascript&namespace=79d1b18bce&subid=&uid=8d0064810170f012&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgCgSSgfaY7LLL56R-cAP5-WoGNf6-ptpyqep4-IP8C4QASDW5sVYYMOEgICYGMgBCakCh0FETJ02sj6oAwGqBPoBT9CFPLd6zg5gMfQsu78Dy6NeQPCOK2gzgR0ELYsrp1epDEFmc2zdbACx6W7o0w3ENjLZS5xYPkt5AvQniati5uYeGVIFPgEVorBsTq1Ll2AmiK6BLqjSqvNJTM1sk1GBoInYeh8EMchHnjkgpIjHb_uEttI9iGM79HOt07U5TVwQ2QI3ru63q48lFc1NCrD6mBxGwHCACnt7HH5WW2deq9JSqfxbIJQnbKhhayopeFbs5V7REqcZBkkdX5ib_n2LmiGEI2UlarVCzL0Y-wVEePgITYuDAy8p7rhXVbhcLrH4cho12yMeuMooG7xrYiDp6yEXDABBS_zHCsAEnf2hifAD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tMzY4NjkwNjUyNTY2MTY4NIAKA5gLAcgLAYAMAbATnKLNDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymEdLK7GPOLlgZ5XeIOnb1xzdiw2ANg1vQ4xvjs7waEMFGzziRvO7uyP5ZxaRaR7BTbD-81jCSoKuESZcGBOoaXZoufMX7NRgB%26sig%3DAOD64_3Z7kqvjRzxVPE5Idr0P53EQiwCvw%26client%3Dca-pub-2128757167812663%26dbm_c%3DAKAmf-Cm27aDF73QhM-WA-EPxtfgeY8n2yMOfIaemGYhO00dVxbrdZPcG3JmAzi-yRnSKuqb6okX2Fg3e7cgIBW7fG1GQ9L0pcyRfsypzR68FtLz_lfoWx0GmOHgHrhBsttSgGl2AFZaO9KpxXJz9zqT5_Y9FpYdzDkSX2CHnA8kFaaLHuC2yLo%26cry%3D1%26dbm_d%3DAKAmf-BQdmAsZYQF8q8kDZiqVJUFLgDi1gEd_eUdZf-fPyL_61iZgrOYYkUdNiZLT_D80CmG7DPJ12V_fo5dbOtuYyC5q5l0ldQrOFXsxTRZ12EUfrMyPGS3lH521F05C4eO4Aiqf1R35f30zQUKrRujDXDCkk8gOWQJv8JsQGBGushoOkPPB307j6e32A8VISg2Mtou6yQnsu5dfwKnLuUinHjiTZb5iipovS0uIU7mEJp7coLLibfCAko0mcKQ2kggf_h55ypagJx73SGlt70xCgAVkk_-JvY8NWfbjOn9cF1KNNfh0e2sZwYd3eRdoAHTPxSepJwnFKF6dVDyJbOdidFUvIHR93zngOHP2BAY-8SpRSwVG-UsqBCvMIVCehGXs1nq6mpUO4xxYYaJcTxQBmyS4L1BglmtietQmF47y_KuumGluKKXHWqZP3OVr7zjBeGfCeMWrxe7p4GbRGMnAz9wOjOQcXa3p8b8c-QweJGPz24Sy9kE54gBupqsoNTXilads51HSau3aDjLmA-X6AWWVpovDoSihu9uYd0c4A-c2Yp7HGLxbo41pFejbK4RiaSl-yv_3nfMTHoNB1mNHugK2EW7V2kZutF2nfKSZ5oDlAlvLw2P2jAznaBbVEsdtkmXNpNI%26adurl%3D&documentReferer=https%3A%2F%2Fadsbb.dfiles.eu%2F&ancestorOrigins=null&random=690953337475&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1 HTTP/1.1
Host: hal900016.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://91080e2b2160b4be022a9a132c9b7b04.safeframe.googlesyndication.com/
Connection: keep-alive
Cookie: 8lcfmzhxc8d6_uid=1cd58d93cc4141f6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 06:31:39 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 01 Feb 2023 06:31:39 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8lcfmzhxc8d6_uid=1cd58d93cc4141f6; expires=Tue, 02-May-2023 06:31:39 GMT; Max-Age=7776000; path=/; domain=.redintelligence.net; secure; SameSite=None
X-NEORY-SubId: 36630200022184704438058012222016
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 511
Connection: close
Content-Type: application/x-javascript; charset=utf-8
hb.adpone.com/prebid7.19.0.js
104.26.10.25200 OK 124 kB URL HTTP/2 hb.adpone.com/prebid7.19.0.js
IP 104.26.10.25:0
File type ASCII text, with very long lines (64662)
Size 124 kB (124537 bytes)
Hash 4dae4c8fe26fc402eef3b05240aabe5a
fe7f4f92a9491cbac77fd3afef0235c91e0e6e11
a551ee6ebfc30a3d71b85f243fa7bc5cc88103730919d5945824dfe82587d4f8
GET /prebid7.19.0.js HTTP/1.1
Host: hb.adpone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:37 GMT
content-type: application/javascript
x-amz-id-2: z8zPPgpChpmPHjrETbNpCXccjPHhgx/GJFcxrGv5xpYywnazjILxUOl1MmK1mgPPDqHEJdhQRpw=
x-amz-request-id: AZB8RQQA6SHSSEK2
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
cache-control: max-age=14400
cf-cache-status: HIT
age: 2894
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2B%2BKPyUqjHxkUfvptZp1zA4hkSGnXLNgbqSGCM7ZnTrb5qoTk3U4S3xWDMvAdG%2FsKsA2znkhtdNpqLmUicmRUv%2BohBddlVjhjpH47WMTZ6Jx6%2BCao30gsVYk9CBgfaw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7928a52e5b77b4f9-OSL
content-encoding: br
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push/styles.css
45.133.44.25200 OK 9.5 kB URL HTTP/2 js.wpshsdk.com/npc/sdk/push/styles.css
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (3179)
Hash b11d4aa8913de0e5b6b86995f92a6ebf
63d4e2f66ccbcc8ca1d34415a1f5630fcf1a377a
00744dab91478d84f31ca49bc91730afa09d6a4d9056376016191ec46a72f8d4
GET /npc/sdk/push/styles.css HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:39 GMT
content-type: text/css
server: nginx/1.18.0
last-modified: Tue, 30 Aug 2022 09:15:33 GMT
etag: W/"630dd535-10f4"
content-encoding: gzip
expires: Wed, 01 Feb 2023 06:36:39 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
hal900016.redintelligence.net/request_content.php?s=36630200022184704438058012222016&a=f4b19370
138.201.220.30200 OK 2.3 kB URL HTTP/1.1 hal900016.redintelligence.net/request_content.php?s=36630200022184704438058012222016&a=f4b19370
IP 138.201.220.30:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 776f35edce9d908029150448cc01fc5e
0e16e5ae77f77da2c0482867376e19963689602b
5ed5fa03050fb459d3f6668c0ce749ab7e468bb6814bdd96d557cbfdfbb0a8c0
GET /request_content.php?s=36630200022184704438058012222016&a=f4b19370 HTTP/1.1
Host: hal900016.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://91080e2b2160b4be022a9a132c9b7b04.safeframe.googlesyndication.com/
Cookie: 8lcfmzhxc8d6_uid=1cd58d93cc4141f6
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 06:31:39 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 01 Feb 2023 06:31:39 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2284
Connection: close
Content-Type: text/html; charset=utf-8
ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js
142.250.74.170200 OK 32 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js
IP 142.250.74.170:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32764)
Hash 548260b20981c0be2d9dcf8d01c08c24
84230120f8f1bd559eca3fb2fec6acf6cffbf4e7
2f8a612a714e5c928525fdb193f8ec12f7965a6c0d63dd8e58ccae239358c8bb
GET /ajax/libs/jquery/1.6.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal900016.redintelligence.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 32245
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 06:39:49 GMT
expires: Wed, 31 Jan 2024 06:39:49 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 85911
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.contentspread.net/24i/content/soberfb/EN/S-728x90.gif
85.114.131.235200 OK 24 kB URL HTTP/1.1 cdn.contentspread.net/24i/content/soberfb/EN/S-728x90.gif
IP 85.114.131.235:0
ASN #24961 myLoc managed IT AG
File type GIF image data, version 89a, 728 x 90\012- data
Hash 16d604b22cf44e876b2c8f5a80b9fe18
42bc165a33da7671c208a66a0e9f3635cfe0d0bc
bb7af425c43258678e12b76bf22f6eaab51fd7dfd6e285131a86a3002d547ee9
GET /24i/content/soberfb/EN/S-728x90.gif HTTP/1.1
Host: cdn.contentspread.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal900016.redintelligence.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 06:31:40 GMT
Content-Type: image/gif
Content-Length: 24505
Last-Modified: Mon, 23 Jul 2018 15:19:29 GMT
Connection: close
ETag: "5b55f201-5fb9"
Accept-Ranges: bytes
hal900016.redintelligence.net/viewability?s=36630200022184704438058012222016&a=fc81eea0&vb=m
138.201.220.30200 OK 0 B URL HTTP/1.1 hal900016.redintelligence.net/viewability?s=36630200022184704438058012222016&a=fc81eea0&vb=m
IP 138.201.220.30:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /viewability?s=36630200022184704438058012222016&a=fc81eea0&vb=m HTTP/1.1
Host: hal900016.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal900016.redintelligence.net/request_content.php?s=36630200022184704438058012222016&a=f4b19370
Cookie: 8lcfmzhxc8d6_uid=1cd58d93cc4141f6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 06:31:40 GMT
Server: Apache
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
hal900016.redintelligence.net/viewability?s=36630200022184704438058012222016&a=fc81eea0&vb=v
138.201.220.30200 OK 0 B URL HTTP/1.1 hal900016.redintelligence.net/viewability?s=36630200022184704438058012222016&a=fc81eea0&vb=v
IP 138.201.220.30:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /viewability?s=36630200022184704438058012222016&a=fc81eea0&vb=v HTTP/1.1
Host: hal900016.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal900016.redintelligence.net/request_content.php?s=36630200022184704438058012222016&a=f4b19370
Cookie: 8lcfmzhxc8d6_uid=1cd58d93cc4141f6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 06:31:41 GMT
Server: Apache
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash b7c6437e7ee1b3850488ef9169818096
5417a7125e0b66171355016f30294dc4c580fe61
720fdb31870031d1f1c579359467e1a1431d26fc243c97b70d902764a66ac68a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5448
Cache-Control: max-age=134664
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:41 GMT
Etag: "63d95d0d-13a"
Expires: Thu, 02 Feb 2023 19:56:05 GMT
Last-Modified: Tue, 31 Jan 2023 18:25:17 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 314
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 77b9605ca59aef81d089753980d55552
a4a9e29e42ae2ed34f7fae5f5da98c78626c356a
fde0ba358cb7f2caedc1ae78245e575d03425e261e8d7bd921c61c6f7020bca0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2825
Cache-Control: max-age=114719
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:41 GMT
Etag: "63d91963-13a"
Expires: Thu, 02 Feb 2023 14:23:40 GMT
Last-Modified: Tue, 31 Jan 2023 13:36:35 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 314
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:40 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=H7hbzF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyRm1YU2xzVnNZUEtQTXRuUnRSRllZZU5iRG5kdE1jUXNyQWVTb2JCZk1kJTJG; expires=Mon, 26 Feb 2024 06:31:41 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 328280
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 7b5ea028348faa94d535ff0eadfe45ba
016a9261d12d94c3c0fa109e9c499de698d7c34d
990e56912cb9cd344e7784105202b127b7c9a38ad208f6f531d5b7ebdcd267c4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2768
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:41 GMT
Last-Modified: Wed, 01 Feb 2023 05:45:34 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 312
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 7b5ea028348faa94d535ff0eadfe45ba
016a9261d12d94c3c0fa109e9c499de698d7c34d
990e56912cb9cd344e7784105202b127b7c9a38ad208f6f531d5b7ebdcd267c4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2763
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 06:31:41 GMT
Last-Modified: Wed, 01 Feb 2023 05:45:38 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 312
image8.pubmatic.com/AdServer/ImgSync?p=156383
198.47.127.18302 Found 59 B URL HTTP/2 image8.pubmatic.com/AdServer/ImgSync?p=156383
IP 198.47.127.18:0
File type HTML document, ASCII text
Hash 992c77f78faff67c3f2a15342811620b
4879cd6da55176e39b8a519060bfb3a162eb30a9
87937e7cfd21b2d731f3230926884a9e2b040eef804857980eae2b0a4a32d943
GET /AdServer/ImgSync?p=156383 HTTP/1.1
Host: image8.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=utf-8
location: /AdServer/ImgSync?p=156383&rdf=1
set-cookie: KTPCACOOKIE=YES; domain=pubmatic.com; path=/; max-age=86400; secure;
date: Wed, 01 Feb 2023 06:31:40 GMT
content-length: 59
X-Firefox-Spdy: h2
image8.pubmatic.com/AdServer/ImgSync?p=156383&rdf=1
198.47.127.18200 OK 0 B URL HTTP/2 image8.pubmatic.com/AdServer/ImgSync?p=156383&rdf=1
IP 198.47.127.18:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /AdServer/ImgSync?p=156383&rdf=1 HTTP/1.1
Host: image8.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adsbb.dfiles.eu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:41 GMT
content-length: 0
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.29200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.29:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:41 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 92185
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=dfiles.eu&sn=FirefoxSyncframe&so=0&topUrl=dfiles.eu&info=fdNhNF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyRm1YU2xzVnNZUEtQTXRuUnRSRllZY1RjMHhFV3p2NGd6RVNCNW10WW5hRg&idsd=-322019164,-1496452494&cw=1&lsw=1
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=dfiles.eu&sn=FirefoxSyncframe&so=0&topUrl=dfiles.eu&info=fdNhNF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyRm1YU2xzVnNZUEtQTXRuUnRSRllZY1RjMHhFV3p2NGd6RVNCNW10WW5hRg&idsd=-322019164,-1496452494&cw=1&lsw=1
IP 178.250.0.157:0
GET /sid/json?origin=publishertag&domain=dfiles.eu&sn=FirefoxSyncframe&so=0&topUrl=dfiles.eu&info=fdNhNF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyRm1YU2xzVnNZUEtQTXRuUnRSRllZY1RjMHhFV3p2NGd6RVNCNW10WW5hRg&idsd=-322019164,-1496452494&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=dfiles.eu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:41 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1164145
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
adpatrof.com/t.js?i=luc8kp3c2wcmn47n3xzj&cb=1308541675233117606
54.230.111.63200 OK 0 B URL HTTP/2 adpatrof.com/t.js?i=luc8kp3c2wcmn47n3xzj&cb=1308541675233117606
IP 54.230.111.63:0
GET /t.js?i=luc8kp3c2wcmn47n3xzj&cb=1308541675233117606 HTTP/1.1
Host: adpatrof.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 17 Jan 2023 11:58:09 GMT
x-amz-version-id: d9TUuNfK07FAhZMLfVt8QhlIP0dGzjFx
server: AmazonS3
content-encoding: gzip
date: Tue, 31 Jan 2023 07:46:32 GMT
etag: W/"40b4331e9e2a1d8b2f52cc188cd1855e"
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TGj4PQHivDfj6YJcQLKFJCc3zahq0yulbzLT1jhhxtpC12J3EJtVBw==
age: 81945
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?referrer=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fy0nf06jdd%2FCOD-G_update-2.exe
168.119.79.223200 OK 0 B URL HTTP/2 sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?referrer=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fy0nf06jdd%2FCOD-G_update-2.exe
IP 168.119.79.223:0
ASN #24940 Hetzner Online GmbH
GET /bf7c142f4339da0278e83698a02b0854/?referrer=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fy0nf06jdd%2FCOD-G_update-2.exe HTTP/1.1
Host: sync.richaudience.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.14.2
date: Wed, 01 Feb 2023 06:31:41 GMT
content-type: image/png
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/css/animate.css
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/css/animate.css
IP 172.64.166.9:0
GET /sb/ssp/utility/live-message/3-2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:38 GMT
content-type: text/css
last-modified: Thu, 28 Apr 2022 08:29:13 GMT
etag: W/"626a5059-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 117960
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IAq6vIrWH9wjdmNZnIwrtPNBK7DHr90ijTbHPdXpvdFjw96w4o20B87kzhhkl17TfM1RloqR1eDGZAss8yItF1gy%2Ft0tadnPx8C%2BEbnWH31qw9aY2aeYpZdRFdGy2F58JZAJYoIaRtzH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7928a5300e6f0696-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.js
178.250.0.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP 178.250.0.130:0
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://adsbb.dfiles.eu
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 06:31:41 GMT
content-type: text/javascript
last-modified: Wed, 18 Jan 2023 01:20:50 GMT
etag: W/"63c74972-162fb"
expires: Thu, 02 Feb 2023 06:31:41 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=H7hbzF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyRm1YU2xzVnNZUEtQTXRuUnRSRllZZU5iRG5kdE1jUXNyQWVTb2JCZk1kJTJG
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:41 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=fdNhNF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyRm1YU2xzVnNZUEtQTXRuUnRSRllZY1RjMHhFV3p2NGd6RVNCNW10WW5hRg; expires=Mon, 26 Feb 2024 06:31:41 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 234871
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.203.23200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.203.23:0
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:37 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 75d26637e79a70a275717c18460db9fd
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 01 Feb 2023 06:31:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nF6FnvpDuxkfApoae8u4LPsA%2BSpqYM3PTrvaIwgAg7qxzNj6jxUAk9nFP7c5cPpDM65GuUramWcip%2BDgULqTSTnY37W1qpGSjMsASJ4zqdCmwfdxhCG6VlY0uM2mzrcVKph70CE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7928a527ea8175cf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=dfiles.eu
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=dfiles.eu
IP 178.250.0.157:0
GET /syncframe?origin=publishertag&topUrl=dfiles.eu HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:41 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=7e637acf-3328-4080-b09b-237f96d0b5f9; expires=Mon, 26 Feb 2024 06:31:41 GMT; domain=.criteo.com; path=/; secure; samesite=none
optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 603574
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
shb.richaudience.com/hb/
157.90.3.144200 OK 0 B IP 157.90.3.144:0
ASN #24940 Hetzner Online GmbH
POST /hb/ HTTP/1.1
Host: shb.richaudience.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 680
Origin: https://adsbb.dfiles.eu
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.14.2
date: Wed, 01 Feb 2023 06:31:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: https://adsbb.dfiles.eu
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/js/script.js
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/js/script.js
IP 172.64.166.9:0
GET /sb/ssp/utility/live-message/3-2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:38 GMT
content-type: application/javascript
last-modified: Thu, 28 Apr 2022 08:29:16 GMT
etag: W/"626a505c-495"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 29263
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CJ6%2Bzx1ZowGCb0dHa9Ucg2hDGDWgB3OGlMpBhe168%2FZJKF5EjAwsR%2F8ShdUNR0JZ099saEjUDGUMuhMEV%2BfZaC89UWkJPw2diTutyuRRrKCGr49Ky82BLzer58w8pXUkN9F528qPCOfO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7928a530ced80696-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.130.js
178.250.0.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.130.js
IP 178.250.0.130:0
GET /js/ld/publishertag.prebid.130.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 06:31:41 GMT
content-type: text/javascript
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
etag: W/"6326273b-16120"
expires: Thu, 02 Feb 2023 06:31:41 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.87200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.87:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:41 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 114622
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.unblockia.com/h.js
54.230.111.117200 OK 0 B IP 54.230.111.117:0
GET /h.js HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
date: Tue, 31 Jan 2023 10:20:38 GMT
last-modified: Tue, 31 Jan 2023 10:19:29 GMT
etag: W/"2764e8d4e02129ce2e635f5017227394"
x-amz-meta-codebuild-content-sha256: b82103de264faa36f9df7006229ca6f220408ed25a3af703d3568a4927fe33b6
x-amz-version-id: UiJkA6XTNlyrtXvN1ZQJUTaUr8urVVZn
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:987257285531:build/unblockia-loader-codebuild-project:2af1aa5f-20b0-48f4-a65b-20af9fff9c91
x-amz-meta-codebuild-content-md5: 10e39424cf528d74d55c3b87f90a076e
server: AmazonS3
content-encoding: br
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: s8KUebUw-QBl_1d1MplWx9rpj_gbZ6Z56cqRRU5k5jV8MmcQehSgBw==
age: 72659
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
sw.wpush.org/ps/sw.js
45.133.44.25200 OK 0 B IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
GET /ps/sw.js HTTP/1.1
Host: sw.wpush.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 06:31:39 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Jan 2023 12:22:57 GMT
etag: W/"63d270a1-158c"
content-encoding: gzip
expires: Wed, 01 Feb 2023 06:36:39 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2