sfile.mobi/download/1250839/626705/b11a3d9e6944630f122177758d88be2f/college-brawl-mod-apk-samudranesia.id.apk&is=fb98804a823f57039fd28d458e526de9
172.67.69.138301 Moved Permanently 0 B URL User Request GET HTTP/1.1 sfile.mobi/download/1250839/626705/b11a3d9e6944630f122177758d88be2f/college-brawl-mod-apk-samudranesia.id.apk&is=fb98804a823f57039fd28d458e526de9
IP 172.67.69.138:80
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /download/1250839/626705/b11a3d9e6944630f122177758d88be2f/college-brawl-mod-apk-samudranesia.id.apk&is=fb98804a823f57039fd28d458e526de9 HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Wed, 26 Apr 2023 15:21:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 26 Apr 2023 16:21:23 GMT
Location: https://sfile.mobi/download/1250839/626705/b11a3d9e6944630f122177758d88be2f/college-brawl-mod-apk-samudranesia.id.apk&is=fb98804a823f57039fd28d458e526de9
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8pmKomCroooZAbeDKDGyoZDXJqelEXSz5COm2bqhz45oVOwUvW%2Bodb%2BpVe2Kq5NTAoBxgEQ2Thmvs6EHduk5%2Bc%2BPhQr%2Fwl1GRBpNiejdKzB7JweldIlmLjBLKjo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bdfd0b4dd8d0b59-OSL
alt-svc: h2=":443"; ma=60
sfile.mobi/includes/adsby.js
104.26.5.191200 OK 13 B URL GET HTTP/2 sfile.mobi/includes/adsby.js
IP 104.26.5.191:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type ASCII text, with no line terminators
Hash c5f96fbf51ae71c2ab29237fa415bbf8
5f9cbbf13fe8e1775c3b8a99a7cc92ba5a32b81f
4b788930a60496876be01bf2dbc9e79d1ce226545438697f5333a4bf57f952d4
GET /includes/adsby.js HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/XWDOYzTYiY7
Cookie: PHPSESSID=ae519h06t1eo43vngsv8lpv61c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Apr 2023 15:21:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 13
cache-control: max-age=604800
cf-bgj: minify
cf-polished: origSize=15
etag: "f-5b3f44e345d40"
expires: Thu, 27 Apr 2023 19:03:50 GMT
last-modified: Fri, 13 Nov 2020 03:05:49 GMT
vary: User-Agent, Accept-Encoding
x-frame-options: DENY
cf-cache-status: HIT
age: 505054
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wguqv5FLsqhhuZWc9e2two2g%2Fhx4bhA9SjCPpQ0BWGQVLrFvTOGGWwLkzM%2FcrDJrY7l6RiYJlxg3eukqvBoOLXBjc8JxSBPDJYu7%2BvA7spos5OAPVckw4tjkiSs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bdfd0b9acdbb4ff-OSL
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
104.17.24.14200 OK 5.6 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.17.24.14:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (30837)
Hash 109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc
GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 26 Apr 2023 15:21:24 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1191595
expires: Mon, 15 Apr 2024 15:21:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QywPVpbPYE8vTw%2BLc%2BsdPzoR0dSQrZYHu%2BLUMCFpyjmDHvLs5SnMnscwOpx8f%2BxWWEz2BZZNV4ZsUJkf%2Bj%2FgqgmcBYdQClq8%2BhuGKpHowdhHp5YzCsyQ1p5fmPq5IlK30gWxmklH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7bdfd0b9cbfdb4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 8dbb5a8fd69f746de3208cc49dafae81
34ad84fdecf7d8bf01b56dcc3ef37fe57ffba448
67a65b4bef0b7ab7bfcd00dcc4c76d3f5ada1e79c6b7a9b8cad4039d1ed5e7d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Apr 2023 15:21:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sfile.mobi/icon/smallicon/pdf.svg
104.26.5.191200 OK 79 kB URL GET HTTP/2 sfile.mobi/icon/smallicon/pdf.svg
IP 104.26.5.191:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 3a463d655b295cdacf04e9ceb3c5c4c0
a53fe6237a680b76289c5bc101f6fe93b145e171
c69a6a01405d93bedabefc6238041b4a48ec9a40e472e1467c2b37c2cee1d6d5
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/pdf.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/XWDOYzTYiY7
Cookie: PHPSESSID=ae519h06t1eo43vngsv8lpv61c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Apr 2023 15:21:24 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 04:55:06 GMT
etag: W/"ea8-554f4e6e3de80-gzip"
cache-control: max-age=604800
expires: Wed, 03 May 2023 03:22:51 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 43113
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2Bx4PgtWj7Nb7cO%2B7tg0bSdlAohh76q4MQwQYzVs32UvQ8iQPPHJ%2FX%2B%2FPsuPuUPg08oAImwRrVUiugWp9tYX0XxlMQWwzJr0PB8Yv3DU2%2Fd%2BfASSbA%2BaiyVtz5Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bdfd0b9bcf3b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-XNQ10X1V2J
142.250.74.168200 OK 73 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-XNQ10X1V2J
IP 142.250.74.168:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint07:22:19:79:30:9E:4C:35:4E:21:BD:55:7D:44:2F:A9:71:9E:4C:AA
ValidityMon, 03 Apr 2023 08:16:11 GMT - Mon, 26 Jun 2023 08:16:10 GMT
File type ASCII text, with very long lines (4620)
Hash 8441871128e9b502785fdb2546d1190e
d75cb5c3a8cd122317e1611ac97595e867ec1130
4a1b41de8f06f7496f9a1188013652e4384c09d37fa3d97466e7903d846ff131
GET /gtag/js?id=G-XNQ10X1V2J HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 26 Apr 2023 15:21:24 GMT
expires: Wed, 26 Apr 2023 15:21:24 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73014
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash b4cd1a910070fef78b7681bf28c6c7fa
cf9334303549164cc98c40f0e19c6542320a20a8
df0fe60323cd2a6d0fe9fc35afdc99afd43434ddd996f2b4f12b730ae2f8f6bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Apr 2023 15:21:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sfile.mobi/icon/smallicon/npv4.svg
104.26.5.191200 OK 31 kB URL GET HTTP/2 sfile.mobi/icon/smallicon/npv4.svg
IP 104.26.5.191:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (397)
Hash 4f6a7b2a9f732f7d83d46b302bcf66f5
f4c9af17cbb1909818c5bcbd8328636a7d588500
9313f1f9d2ba30d48e4325ff1d20e8ffc79b3049e3d6af625130ac0d2be46c62
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/npv4.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/XWDOYzTYiY7
Cookie: PHPSESSID=ae519h06t1eo43vngsv8lpv61c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Apr 2023 15:21:24 GMT
content-type: image/svg+xml
last-modified: Wed, 23 Jun 2021 01:54:25 GMT
etag: W/"6a8-5c5652fa0f640-gzip"
cache-control: max-age=604800
expires: Wed, 03 May 2023 02:54:23 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 44821
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2F%2Fxxx0AKoUfW7AD0jR6hWr2FLsXZQ97MmUt2Y2JHgY0g62tMfr8jhKpw0P1GCMQFsz0K8V35mIhpIk0dAj8X4XBKdFCSDi27jsUNmzkezHhRYUYJV7%2BIYjsKmk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bdfd0b9acedb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/icon/sfile-favicon.png
104.26.5.191200 OK 1.6 kB URL GET HTTP/2 sfile.mobi/icon/sfile-favicon.png
IP 104.26.5.191:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c95ba8563fa6c88c0a431fc97b8175b
52d10299240136ff498c6dae3847662f9953d150
3438b8c9e88b10b9ea2cd353929ab4d345d679a842313c78123b25c290bb7902
GET /icon/sfile-favicon.png HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/XWDOYzTYiY7
Cookie: PHPSESSID=ae519h06t1eo43vngsv8lpv61c; _ga=GA1.1.753868951.1682522485; _gid=GA1.2.137912291.1682522485; _gat=1; _ga_XNQ10X1V2J=GS1.1.1682522485.1.0.1682522485.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Apr 2023 15:21:25 GMT
content-type: image/png
content-length: 1626
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2055, status=vary_header_present
etag: "807-554f42e2ce1c0"
expires: Thu, 27 Apr 2023 16:11:17 GMT
last-modified: Sun, 23 Jul 2017 04:03:27 GMT
vary: User-Agent, Accept-Encoding
x-frame-options: DENY
cf-cache-status: HIT
age: 2502608
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eJPVfS7s5oiRXAHs%2BWiOEbPGy%2BJvH%2ByOFpHifXbIjeywd1Yir4RQvM04XbvYvxxw3NjOann3y7d5h3F1gVvPYzASsrgNpOkbNqQWbD7z1y%2Baw8%2BaVlYCAJqbN2c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bdfd0bbaf91b4ff-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 91bad13343bf50861568260fa7ebbba4
e6c51903d4940f5bbfa960f783da0dccff58bd8b
3524e80a0e88cde927c6cb2ac514b0b6818db2bd1abb4b2a0b809de8884dbe2c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Apr 2023 15:21:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 91bad13343bf50861568260fa7ebbba4
e6c51903d4940f5bbfa960f783da0dccff58bd8b
3524e80a0e88cde927c6cb2ac514b0b6818db2bd1abb4b2a0b809de8884dbe2c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Apr 2023 15:21:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8624516704918086
142.250.74.66200 OK 47 kB URL GET HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8624516704918086
IP 142.250.74.66:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
File type ASCII text, with very long lines (3605)
Hash d96df8fd75096739cc62535663f89ea0
8396dd23450a7336a05cc048021be421ec367ef2
5767d4bde610020569f5214082bbf65d54b7f43d6ec769f12900b58748c64777
GET /pagead/js/adsbygoogle.js?client=ca-pub-8624516704918086 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sfile.mobi
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 26 Apr 2023 15:21:25 GMT
expires: Wed, 26 Apr 2023 15:21:25 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 11995656099909177671
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 47354
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8624516704918086
142.250.74.66200 OK 48 kB URL GET HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8624516704918086
IP 142.250.74.66:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
File type ASCII text, with very long lines (3606)
Hash 503b2a6ab33aedf4bc6ecc683bfdc2fe
fa294752db897c0b7e8b181b9c63662c8360f94f
13f0933f401643776739355ffadd98f6769fd4f3284c8f22044c17cad9c9d054
GET /pagead/js/adsbygoogle.js?client=ca-pub-8624516704918086 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sfile.mobi
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 26 Apr 2023 15:21:25 GMT
expires: Wed, 26 Apr 2023 15:21:25 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 8308318685505113346
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 47561
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 91bad13343bf50861568260fa7ebbba4
e6c51903d4940f5bbfa960f783da0dccff58bd8b
3524e80a0e88cde927c6cb2ac514b0b6818db2bd1abb4b2a0b809de8884dbe2c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Apr 2023 15:21:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sfile.mobi/icon/smallicon/ehi.svg
104.26.5.191200 OK 22 kB URL GET HTTP/2 sfile.mobi/icon/smallicon/ehi.svg
IP 104.26.5.191:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1428), with no line terminators
Hash 59b0fbd57e2d07929f7c0f04553cd590
a3bfbde759dda50487c1126327fc11f81dd9fa9d
be873cf543473e7ebd1d6b9d80b2bb82c459e18e6d1540b6afaf954021a45d87
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/ehi.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/XWDOYzTYiY7
Cookie: PHPSESSID=ae519h06t1eo43vngsv8lpv61c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Apr 2023 15:21:24 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 06:12:11 GMT
etag: W/"594-554f5fa8fc4c0-gzip"
cache-control: max-age=604800
expires: Sat, 29 Apr 2023 03:16:48 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 389075
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W8iUI6qPbVmVUfroE8ay0X6Mov7HUPwIebFksF9uhBzFZzkY5zrU1EtErUgc2vLWiD1NHjcy6eHJy2TRSS1%2F5nKcmvI2WiiyFjpmob%2FojMzdrS8HzFTxM5mhLiM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bdfd0b9bcefb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304240101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8624516704918086&plah=sfile.mobi&bust=31074159
142.250.74.66200 OK 122 kB URL GET HTTP/2 pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304240101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8624516704918086&plah=sfile.mobi&bust=31074159
IP 142.250.74.66:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
File type ASCII text, with very long lines (4405)
Size 122 kB (121848 bytes)
Hash 7eb2ced47d637b08ceb2dc267aed9ba0
8859042e5777d81e9db26c890c85f12b3de7d47d
380a634f6f56f0cf206754e82641e355414d597b9c73571fd721ea35157e2644
GET /pagead/managed/js/adsense/m202304240101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8624516704918086&plah=sfile.mobi&bust=31074159 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 26 Apr 2023 15:21:25 GMT
expires: Wed, 26 Apr 2023 15:21:25 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 2993543647894762379
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 121848
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sfile.mobi/includes/fonts/raleway-v14-latin-regular.woff2
104.26.5.191200 OK 21 kB URL GET HTTP/2 sfile.mobi/includes/fonts/raleway-v14-latin-regular.woff2
IP 104.26.5.191:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type Web Open Font Format (Version 2), TrueType, length 20724, version 1.0\012- data
Hash 43c849ea0258ce0d23a480e840881f16
5222f2283ff9eed9c05025b15dcca453a43cb8c3
b3287a4018a220fe4a205c68bbb34a847fe5038c5dfbe575dd538df025b0497a
GET /includes/fonts/raleway-v14-latin-regular.woff2 HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://sfile.mobi/XWDOYzTYiY7
Cookie: PHPSESSID=ae519h06t1eo43vngsv8lpv61c; _ga=GA1.1.753868951.1682522485; _gid=GA1.2.137912291.1682522485; _gat=1; _ga_XNQ10X1V2J=GS1.1.1682522485.1.0.1682522485.0.0.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Apr 2023 15:21:25 GMT
content-length: 20724
last-modified: Mon, 26 Aug 2019 01:13:52 GMT
etag: "50f4-590fade753400"
cache-control: max-age=604800
expires: Wed, 03 May 2023 15:21:25 GMT
x-frame-options: DENY
vary: User-Agent, Accept-Encoding
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=um7ptDMcmluVTaosDf7QYCH%2FjzPAnczs0AI2J1QoOOneNgYAKhGGYI%2BBNSv0z4qZ2niw79HNvqatKikUam%2Fgb8l%2FFwhKejn7yaZ%2B7shFUqsi2TAebTCBcW4uvmA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bdfd0bbaf93b4ff-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash ce3c075488d16011c12933c3bc36a086
51a2e76166ff5670c267165f85d7396bacf1f4a0
0554b4ccdf66f36c47e5b0b7ea221ba3b4b8a01dffcf5a96dff956b564d5f5c3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Apr 2023 15:21:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 739e9dc077edacf5117fd59d02e5cb9b
593f03696142e20782ae66f046812c833aa07cba
da1debe8e9b991e8e3ca9d78107bee913d373e7f0168e95547b757735a3c268f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Apr 2023 15:21:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=sfile.mobi
142.250.74.98200 OK 100 B URL GET HTTP/2 adservice.google.no/adsid/integrator.js?domain=sfile.mobi
IP 142.250.74.98:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.google.no
FingerprintA5:D0:38:67:8E:62:86:24:29:BC:82:07:2E:29:1E:0B:C8:29:09:29
ValidityMon, 03 Apr 2023 08:27:03 GMT - Mon, 26 Jun 2023 08:27:02 GMT
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=sfile.mobi HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 26 Apr 2023 15:21:25 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=sfile.mobi
142.250.74.34200 OK 100 B URL GET HTTP/2 adservice.google.com/adsid/integrator.js?domain=sfile.mobi
IP 142.250.74.34:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintD5:3A:80:A6:03:B0:E4:36:0E:46:7B:36:45:CB:50:4C:D6:98:CE:59
ValidityMon, 03 Apr 2023 08:17:58 GMT - Mon, 26 Jun 2023 08:17:57 GMT
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=sfile.mobi HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 26 Apr 2023 15:21:25 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash dae0b203b67a4f6ce21ca95a029511dc
fe2a2d086c6c0cb7aa2344dbc698849cad30479f
0c06c298c8fd45ff58a77a06b6f54060792d7bd7d43687244199e1bc76e62ee5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Apr 2023 15:21:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 7633b2a5b831500dd06c1fbe66d00781
f50e0a6532225ecc800fa31938e29a4ea41b2d88
f6bfb5e32ada12f322201629e9b6ba6bac7bf4aff50c093d251bd82ed4b5d6ff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Apr 2023 15:21:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=w3-top&ign=false&pw=1280&ph=1024&x=0&y=0
142.250.74.66204 No Content 0 B URL GET HTTP/3 pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=w3-top&ign=false&pw=1280&ph=1024&x=0&y=0
IP 142.250.74.66:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/gen_204?id=ach_evt&tn=DIV&cls=w3-top&ign=false&pw=1280&ph=1024&x=0&y=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 15:21:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 42598e11d1d6d94169d3e441b14077a6
f829c9beb0b9c4a5919deb80e714b92041e71d43
096bf4a13fdbe4a516e2380cc674162fc2db74e1bd7124757c94a67aac07fab5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Apr 2023 15:21:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=sfile.mobi&callback=_gfp_s_&client=ca-pub-8624516704918086
216.58.207.226200 OK 251 B URL GET HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=sfile.mobi&callback=_gfp_s_&client=ca-pub-8624516704918086
IP 216.58.207.226:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.googleadservices.com
Fingerprint64:FB:54:D3:87:13:FF:E1:0B:82:AB:82:7D:DD:06:E3:5E:CB:77:C2
ValidityMon, 03 Apr 2023 08:21:53 GMT - Mon, 26 Jun 2023 08:21:52 GMT
File type ASCII text, with very long lines (387), with no line terminators
Hash 5bcb5cd088526230fc2ea2497e7c3638
01a163ccf6327be711c545890cb9a11f989116ed
df9e0f6ee18daa7ad5e312e86693f6efed8b39fdec4b132bcc69d5374775806a
GET /gampad/cookie.js?domain=sfile.mobi&callback=_gfp_s_&client=ca-pub-8624516704918086 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 26 Apr 2023 15:21:25 GMT
server: cafe
cache-control: private
content-length: 251
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230420&st=env
142.250.74.66200 OK 11 kB URL GET HTTP/3 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230420&st=env
IP 142.250.74.66:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
File type JSON data\012- , ASCII text, with very long lines (14921), with no line terminators
Hash 9e9cb1f05d94ad597f55d8d5f9020e14
c1199c7cdf09c1872db27770e763b1b300aee659
7d0d7fc03f2d9095741ec0060a04d14a2bd2680247cdb75eda3f0700cc36df2f
GET /getconfig/sodar?sv=200&tid=gda&tv=r20230420&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sfile.mobi
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Wed, 26 Apr 2023 15:21:25 GMT
server: cafe
content-length: 11262
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 42598e11d1d6d94169d3e441b14077a6
f829c9beb0b9c4a5919deb80e714b92041e71d43
096bf4a13fdbe4a516e2380cc674162fc2db74e1bd7124757c94a67aac07fab5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Apr 2023 15:21:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 43feec2cb84d1bbdd18bee9b6734b9ce
bebc835b37c0fafeef6175e7e8a8934a7ed66dec
5b68f266e601306ece3617ff70c5b57630bd7ed56c8de3dee429d00a3a9fc233
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Apr 2023 15:21:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
216.58.207.225200 OK 6.4 kB URL GET HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 216.58.207.225:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subjecttpc.googlesyndication.com
FingerprintFA:BE:2D:1E:F9:2F:85:0D:1C:53:23:E1:8F:CB:37:95:4E:97:B5:6F
ValidityMon, 03 Apr 2023 08:24:19 GMT - Mon, 26 Jun 2023 08:24:18 GMT
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Wed, 26 Apr 2023 15:21:26 GMT
expires: Wed, 26 Apr 2023 15:21:26 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
216.58.207.225200 OK 5.0 kB URL GET HTTP/3 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 216.58.207.225:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tpc.googlesyndication.com
Connection: keep-alive
Referer: https://sfile.mobi/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Apr 2023 07:31:06 GMT
expires: Sun, 21 Apr 2024 07:31:06 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
vary: Accept-Encoding
age: 373820
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 572e8313973924c43967a6363b582c9d
a19221d500b784d25f6096fa1a4d1aaae6234dd0
98f17d79e7151e60c0998fa7fc065ccfeaa170dd27cbb8a3d8589b43fe01dc9c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Apr 2023 15:21:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 514 B URL GET HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC3:7C:54:CD:86:09:A4:3E:2C:6D:EC:7C:FA:65:7B:3E:64:CB:10:E0
ValidityMon, 03 Apr 2023 08:25:07 GMT - Mon, 26 Jun 2023 08:25:06 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash a67d7738f69edc66dd226e2966621e60
a401b962058a48c381d4f5ee1d3d4866da5368d3
7f774a5355902f31fa4ee00f91e34fdd17242e87c0e1bf5da1947c6f2876dc88
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 26 Apr 2023 15:21:26 GMT
date: Wed, 26 Apr 2023 15:21:26 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-OJkJmERxkkNsnGpIZAU65w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/bg/CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js
142.250.74.66 14 kB URL pagead2.googlesyndication.com/bg/CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js
IP 142.250.74.66:0
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
File type ASCII text, with very long lines (35988)
Hash 444171eadcf997f0c9b57eff115c05bb
4b09aefa84333125d0726a7876ed17852a325685
baf54b9eeecaacdf0bf10f17de705d20cfd8ed7d662b669b8170f8a0d3fdfad5
GET /bg/CJVz-q1y4QcI86kHGme05ne9YeJsi3pnNRBXtIEru_s.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14219
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 26 Apr 2023 05:44:58 GMT
expires: Thu, 25 Apr 2024 05:44:58 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 17 Apr 2023 14:08:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 34588
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230420&jk=1213939592325747&rc=
142.250.74.66204 No Content 0 B URL GET HTTP/3 pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230420&jk=1213939592325747&rc=
IP 142.250.74.66:443
Requested by https://www.google.com/recaptcha/api2/aframe
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&li=gda_r20230420&jk=1213939592325747&rc= HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 26 Apr 2023 15:21:26 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
tpc.googlesyndication.com/generate_204?Xeptsw
216.58.207.225 0 B URL tpc.googlesyndication.com/generate_204?Xeptsw
IP 216.58.207.225:0
Certificate IssuerGoogle Trust Services LLC
Subjecttpc.googlesyndication.com
FingerprintFA:BE:2D:1E:F9:2F:85:0D:1C:53:23:E1:8F:CB:37:95:4E:97:B5:6F
ValidityMon, 03 Apr 2023 08:24:19 GMT - Mon, 26 Jun 2023 08:24:18 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /generate_204?Xeptsw HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tpc.googlesyndication.com
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-length: 0
cross-origin-resource-policy: cross-origin
date: Wed, 26 Apr 2023 15:21:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230420&jk=1213939592325747&bg=!MzClMGTNAAYfNdXmPzU7ADkAdvg8WsjTGSaUfn6Dr_XXAQWahckz-2rBZKqnWp4I7fr78uyYp3ISXI1UUJvcXAKe6l6TyDSIIcMCAAAAzlIAAAAFaAEHmQKD508qqLgw9z4ItMr3MlgVxq2-XVfrKqQRntpSsvXYmxVN-edD09G516g5yt7PQ4uFF3cIFCqtJ1rSHipvi6I1ZiHSFXpL6PhToOofMqaoDlWpfE28hTeUgPgOYgs8aEQ0cn5iau0HLqjRBguqS22wXqQSo48xCFESoLAoGf3hGgElc88vFTMSSJNJ8D5_NQGwUI-mRclEqHHBzrcku4U0ckCNxr2PLvZoMoLWdEqXZ-O9IYH1W1lEg7a3HUWrGhVPrn1Jkh4amuepmC-Ha05ytxJVDAk7MgGsnaTDrhyph3lP_jtR57g4LkGe1wzK-R0EhGKSSsFSXewuURteJFH4kH5uy4nfF1JU5B9MAHwa814lEg-mPKxONbpU2DoxbQQh51YlGLQwhqkPJZ98ZrJz8QRv5QtPVtS1iuVVeuzBlVUFlRsZA5kRvNQ_tOs0qPbGqzu840hdNrlFdz0bHGcTITjDm1p5Gd2dcyUREltWhV1-KYtPGYTtv5a3ciqtLPRrEENpRfP8Z2yN7Cj4Ss-R60UlgO_5iA_XLG0kPy4b0N-MiwHpAuMt2F4qcZmGAgDkRHN4UPRvwq4hRT2QjXy3RDrC-YApzOete2JVpHtLFn6yMl4JcNtg6GO0ps3zW7IU-cMz6AM6FaN4l4-d6wRII9mWO3hmYnHiXugWF1BQLgjI1kvSRYnyXXaa2vOvfeQK9SC-j5w8g-dFCmYVPPY0OokO-iG6JdXChr62sVjLaPk1rje7vGr3cdJk5MZmV0h8tXYcLdnVNqiEF-eLVVfoDouIYS--n6mUT3MY4rfXVtQauhuEzV-5ssPUIQoCshy_u3QZmyLekYdZnkmZ3Qji3UEsaw
142.250.74.66204 No Content 0 B URL GET HTTP/3 pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230420&jk=1213939592325747&bg=!MzClMGTNAAYfNdXmPzU7ADkAdvg8WsjTGSaUfn6Dr_XXAQWahckz-2rBZKqnWp4I7fr78uyYp3ISXI1UUJvcXAKe6l6TyDSIIcMCAAAAzlIAAAAFaAEHmQKD508qqLgw9z4ItMr3MlgVxq2-XVfrKqQRntpSsvXYmxVN-edD09G516g5yt7PQ4uFF3cIFCqtJ1rSHipvi6I1ZiHSFXpL6PhToOofMqaoDlWpfE28hTeUgPgOYgs8aEQ0cn5iau0HLqjRBguqS22wXqQSo48xCFESoLAoGf3hGgElc88vFTMSSJNJ8D5_NQGwUI-mRclEqHHBzrcku4U0ckCNxr2PLvZoMoLWdEqXZ-O9IYH1W1lEg7a3HUWrGhVPrn1Jkh4amuepmC-Ha05ytxJVDAk7MgGsnaTDrhyph3lP_jtR57g4LkGe1wzK-R0EhGKSSsFSXewuURteJFH4kH5uy4nfF1JU5B9MAHwa814lEg-mPKxONbpU2DoxbQQh51YlGLQwhqkPJZ98ZrJz8QRv5QtPVtS1iuVVeuzBlVUFlRsZA5kRvNQ_tOs0qPbGqzu840hdNrlFdz0bHGcTITjDm1p5Gd2dcyUREltWhV1-KYtPGYTtv5a3ciqtLPRrEENpRfP8Z2yN7Cj4Ss-R60UlgO_5iA_XLG0kPy4b0N-MiwHpAuMt2F4qcZmGAgDkRHN4UPRvwq4hRT2QjXy3RDrC-YApzOete2JVpHtLFn6yMl4JcNtg6GO0ps3zW7IU-cMz6AM6FaN4l4-d6wRII9mWO3hmYnHiXugWF1BQLgjI1kvSRYnyXXaa2vOvfeQK9SC-j5w8g-dFCmYVPPY0OokO-iG6JdXChr62sVjLaPk1rje7vGr3cdJk5MZmV0h8tXYcLdnVNqiEF-eLVVfoDouIYS--n6mUT3MY4rfXVtQauhuEzV-5ssPUIQoCshy_u3QZmyLekYdZnkmZ3Qji3UEsaw
IP 142.250.74.66:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint09:1D:A9:AE:08:E0:55:47:86:0B:F7:70:DB:E9:AC:C4:2F:DE:19:E7
ValidityMon, 03 Apr 2023 08:16:10 GMT - Mon, 26 Jun 2023 08:16:09 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230420&jk=1213939592325747&bg=!MzClMGTNAAYfNdXmPzU7ADkAdvg8WsjTGSaUfn6Dr_XXAQWahckz-2rBZKqnWp4I7fr78uyYp3ISXI1UUJvcXAKe6l6TyDSIIcMCAAAAzlIAAAAFaAEHmQKD508qqLgw9z4ItMr3MlgVxq2-XVfrKqQRntpSsvXYmxVN-edD09G516g5yt7PQ4uFF3cIFCqtJ1rSHipvi6I1ZiHSFXpL6PhToOofMqaoDlWpfE28hTeUgPgOYgs8aEQ0cn5iau0HLqjRBguqS22wXqQSo48xCFESoLAoGf3hGgElc88vFTMSSJNJ8D5_NQGwUI-mRclEqHHBzrcku4U0ckCNxr2PLvZoMoLWdEqXZ-O9IYH1W1lEg7a3HUWrGhVPrn1Jkh4amuepmC-Ha05ytxJVDAk7MgGsnaTDrhyph3lP_jtR57g4LkGe1wzK-R0EhGKSSsFSXewuURteJFH4kH5uy4nfF1JU5B9MAHwa814lEg-mPKxONbpU2DoxbQQh51YlGLQwhqkPJZ98ZrJz8QRv5QtPVtS1iuVVeuzBlVUFlRsZA5kRvNQ_tOs0qPbGqzu840hdNrlFdz0bHGcTITjDm1p5Gd2dcyUREltWhV1-KYtPGYTtv5a3ciqtLPRrEENpRfP8Z2yN7Cj4Ss-R60UlgO_5iA_XLG0kPy4b0N-MiwHpAuMt2F4qcZmGAgDkRHN4UPRvwq4hRT2QjXy3RDrC-YApzOete2JVpHtLFn6yMl4JcNtg6GO0ps3zW7IU-cMz6AM6FaN4l4-d6wRII9mWO3hmYnHiXugWF1BQLgjI1kvSRYnyXXaa2vOvfeQK9SC-j5w8g-dFCmYVPPY0OokO-iG6JdXChr62sVjLaPk1rje7vGr3cdJk5MZmV0h8tXYcLdnVNqiEF-eLVVfoDouIYS--n6mUT3MY4rfXVtQauhuEzV-5ssPUIQoCshy_u3QZmyLekYdZnkmZ3Qji3UEsaw HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://sfile.mobi/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 26 Apr 2023 15:21:26 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
sfile.mobi/includes/main-min.css
104.26.5.191200 OK 27 kB URL GET HTTP/2 sfile.mobi/includes/main-min.css
IP 104.26.5.191:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type ASCII text, with very long lines (25590), with CRLF line terminators
Hash 986660afda6a541addaf77e7fb8a5d4f
cf4dba035df7a09f83d87839d41eb03a24903400
b85136bf0a494514ef0e4321ec8c6754b8f2520868b262811322a62c9863da40
GET /includes/main-min.css HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/XWDOYzTYiY7
Cookie: PHPSESSID=ae519h06t1eo43vngsv8lpv61c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 26 Apr 2023 15:21:24 GMT
content-type: text/css; charset=utf-8
last-modified: Sat, 05 Nov 2022 06:53:42 GMT
etag: W/"68ea-5ecb3a69a8980-gzip"
cache-control: max-age=2592000
expires: Tue, 23 May 2023 03:13:39 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 302865
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nynpBCuaLRUUlH8sqojSYlpNeSHVFDbP0VqJTdeBXUHB1jfT9%2ByyNx8Hjv%2F8K5rvYGUyvZVXw007RGkekos1MGEXxDXI2QxUEqdJR%2FQ8E2vtzOftuTZXsEGbvFw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bdfd0b9acdab4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
104.26.5.191200 OK 30 kB URL User Request GET HTTP/2 IP 104.26.5.191:443
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (585), with CRLF, LF line terminators
Hash 479e08f272e37f97f120cb9aebb388f1
cfbe4dc82def26fa0e5ef2306306b687c8456f6e
0a4603b207333b8a4e5fae845a2ab4978b82a22a571abaa5134dd52afb07d3cc
GET /XWDOYzTYiY7 HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=ae519h06t1eo43vngsv8lpv61c
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 26 Apr 2023 15:21:24 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: _v1250839=1; expires=Thu, 27-Apr-2023 15:21:24 GMT; Max-Age=86400; path=/XWDOYzTYiY7
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=msoZrlWiIInLtSgUnCsBYMvgnUOXJZ3RFA2JDlkYqlbAZCl5hJ9V145G%2BXcRWFqDRUYYu1DCHvhDa0E0xxPsW5sCBvtum20CTQ0TTLpqHaRZ4QR7ZMFpQPmxkww%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bdfd0b739deb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/txt.svg
104.26.5.191200 OK 3.2 kB URL GET HTTP/2 sfile.mobi/icon/smallicon/txt.svg
IP 104.26.5.191:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3461), with no line terminators
Hash 5d69bea6e596b46c47d4c48fa425cfe3
25ddd704f96d8704def4ba8faa0ca60d965ebdb4
b3355fc50d12aa158b37b16cd715a47517f45a4a521072990baf63a306e5569d
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/txt.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/XWDOYzTYiY7
Cookie: PHPSESSID=ae519h06t1eo43vngsv8lpv61c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 26 Apr 2023 15:21:24 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 04:35:21 GMT
etag: W/"c81-554f4a0423440-gzip"
cache-control: max-age=604800
expires: Fri, 28 Apr 2023 07:55:22 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 458762
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wKVrolPkvANm93lrQ9vd71LyDr8BPsHEOChwkL4rkF58l35znwfci9RNwyaRnZV%2FzZdSi7ffp39XZGC7oFQhVr9IatjYzCKsEzqGLfTgFigwZsyvgM%2BM5zJyR3k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bdfd0b9bcf6b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/hc.svg
104.26.5.191200 OK 1.9 kB URL GET HTTP/2 sfile.mobi/icon/smallicon/hc.svg
IP 104.26.5.191:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2012), with no line terminators
Hash ac183bad8a9dbea7038a83b440a985dd
eac21265d4d46cd44cd2b73efdc1c12e5af9d173
62d431a9b2d8a25f68461812168eb6a82ddc27246de49e73246d215b2a431aba
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/hc.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/XWDOYzTYiY7
Cookie: PHPSESSID=ae519h06t1eo43vngsv8lpv61c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 26 Apr 2023 15:21:24 GMT
content-type: image/svg+xml
last-modified: Mon, 07 Sep 2020 16:11:11 GMT
etag: W/"77a-5aebb7786e5c0-gzip"
cache-control: max-age=604800
expires: Fri, 28 Apr 2023 09:04:42 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 454602
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dHuf1Fy2fbbCo%2BCiMf7fMu4%2FpE9RKds%2F27p89yOLmdhghwp%2Bby9goW7PU%2Fj9tk4noJu9aO%2BixXAzipD%2FgHm%2FbrlyLLyn%2BkM8hxvOQoJYiJI2Osq2xUYiZz1e6Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bdfd0b9acebb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
104.17.24.14200 OK 77 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 104.17.24.14:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sfile.mobi
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 26 Apr 2023 15:21:24 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 77160
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5eb03e5f-12d68"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1806331
expires: Mon, 15 Apr 2024 15:21:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xLhCuRHNYK6%2BEzO%2B6LdTfXi4y%2Fm6kfBzDRtYcJbs5sLXGVEiEavzTb9OKmruHB7UiQOa6%2BWpcXCIzb1OkDaxftkL9UYY2kJ%2B%2BoClM6iwyLrbDsBt2Q0svJcVmz%2F1a%2Btu2sBqt9uF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7bdfd0ba8b020b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
sfile.mobi/icon/sfile-icon-192x192.png
104.26.5.191200 OK 10 kB URL GET HTTP/2 sfile.mobi/icon/sfile-icon-192x192.png
IP 104.26.5.191:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash c657c0b27e6a3e98ae2736eab216cdb3
2eab135276b13dc87bdd3314ad8d7462e8246d35
5c9d9f4629d28f3fda7ccf4bae7bf6c53285686854a238b9ac0f2bac00836cb3
GET /icon/sfile-icon-192x192.png HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/XWDOYzTYiY7
Cookie: PHPSESSID=ae519h06t1eo43vngsv8lpv61c; _ga=GA1.1.753868951.1682522485; _gid=GA1.2.137912291.1682522485; _gat=1; _ga_XNQ10X1V2J=GS1.1.1682522485.1.0.1682522485.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 26 Apr 2023 15:21:25 GMT
content-type: image/png
content-length: 10001
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=11566, status=vary_header_present
etag: "2d2e-572ecea29a780"
expires: Sat, 13 May 2023 23:49:40 GMT
last-modified: Wed, 08 Aug 2018 13:59:10 GMT
vary: User-Agent, Accept-Encoding
x-frame-options: DENY
cf-cache-status: HIT
age: 1092705
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t%2B%2BlK1%2BoWr0HoR83inBaqjMUZycrQs9NeArGLfv4Kn%2BaiU4mvPgRMLZrGQ2024Kp8AFbH%2Fppnj3f9iPDRMQpzHrPvca10%2FRQNP1Il%2BUe9D4JBfOQGyNN2JeRtbA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bdfd0bbaf8cb4ff-OSL
X-Firefox-Spdy: h2
sfile.mobi/icon/smallicon/apk.svg
104.26.5.191200 OK 2.5 kB URL GET HTTP/2 sfile.mobi/icon/smallicon/apk.svg
IP 104.26.5.191:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2467), with no line terminators
Hash 469674871e148e599e809ddc7572d14d
99394ad1a68c8998e3fe431110833bd7e66477bd
51b16bf6325b4773905added21bd82bfbd1f8fa9ee86039bc7b3b572f376ae99
Analyzer Verdict Alert fortinet Malware
GET /icon/smallicon/apk.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/XWDOYzTYiY7
Cookie: PHPSESSID=ae519h06t1eo43vngsv8lpv61c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 26 Apr 2023 15:21:24 GMT
content-type: image/svg+xml
last-modified: Sun, 23 Jul 2017 05:51:20 GMT
etag: W/"995-554f5afff0600-gzip"
cache-control: max-age=604800
expires: Mon, 01 May 2023 13:44:08 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 178636
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lRiegC%2FFSTv7oqrK8eMlScYS1JXdI5oU7x2zpcRUTgX%2FfY4MwTa9E7BPWL10%2FAhftGtluWV94lV7qeWRf51wkSXYQKtaMQFyLI6lXHO18uLSAsg72TvRKrLdT0E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bdfd0b9aceab4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/includes/analytics.js
104.26.5.191200 OK 50 kB URL GET HTTP/2 sfile.mobi/includes/analytics.js
IP 104.26.5.191:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type ASCII text, with very long lines (14946)
Hash 9c493c9f0a3696478b878ed94764f7e9
568d90acf515e5ec240042e1f0f66888e653789c
bfe2ed3e688b21ff35ce8633a35b43eff429bb09fc29964be0b4a8938080e3ad
GET /includes/analytics.js HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/XWDOYzTYiY7
Cookie: PHPSESSID=ae519h06t1eo43vngsv8lpv61c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 26 Apr 2023 15:21:24 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
cf-bgj: minify
cf-polished: origSize=50234
etag: W/"c43a-5f9b43167fc38-gzip"
expires: Thu, 27 Apr 2023 10:05:54 GMT
last-modified: Wed, 19 Apr 2023 18:00:01 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 537330
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=35hCGSZudK10EE70NGdy1Ciy%2ByVzBRJnhrO7cP2T4UkE3hkar5CgkHwHgEMKqs9Ap6ajjBJruEaiGLHYpwzD5VspU2KjCHG%2FP6jrzFfVvLpR1CNX2tiXRtAQdyE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bdfd0ba6ddeb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
sfile.mobi/img/Sfile-Logo.svg
104.26.5.191200 OK 5.6 kB URL GET HTTP/2 sfile.mobi/img/Sfile-Logo.svg
IP 104.26.5.191:443
Requested by https://sfile.mobi/XWDOYzTYiY7
Certificate IssuerGoogle Trust Services LLC
Subject*.sfile.mobi
FingerprintF6:1C:B1:63:3E:E2:BB:F0:B1:32:47:74:FD:1D:2A:46:B9:B4:9F:2D
ValiditySat, 01 Apr 2023 08:04:46 GMT - Fri, 30 Jun 2023 08:04:45 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5686), with no line terminators
Hash 29d9f3d0785d233602384223659ff407
2d87838a65792866a0a18c3d6b88b6714ba2a486
ccafb969fbadb6d9a63869f62a0538504001d5b0d59924e91ddc86b4a7b6d2f9
Analyzer Verdict Alert fortinet Malware
GET /img/Sfile-Logo.svg HTTP/1.1
Host: sfile.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sfile.mobi/XWDOYzTYiY7
Cookie: PHPSESSID=ae519h06t1eo43vngsv8lpv61c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 26 Apr 2023 15:21:24 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Oct 2020 09:51:24 GMT
etag: W/"15b1-5b0e96cdf5f00-gzip"
cache-control: max-age=604800
expires: Sat, 29 Apr 2023 14:37:12 GMT
vary: Accept-Encoding,User-Agent
x-frame-options: DENY
cf-cache-status: HIT
age: 348252
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U279FefRT2INjPpFolGipXKhUuCerMbrtff7nUAGToOH%2FNb2fqKZZh9bO7SganhfkXQRrJT0dJsf1b%2B6CyPo5SZUUloJkiCPcFGECXwQTW5bQLoLGpbBQBnCe6o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bdfd0b9ace9b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2