www.googletagmanager.com/gtag/js?id=G-BL9163LYG1
142.250.74.168 92 kB URL www.googletagmanager.com/gtag/js?id=G-BL9163LYG1
IP 142.250.74.168:0
File type ASCII text, with very long lines (4179)
Hash 3efe07f01ec509a3e9cd3ebd2a4ab9a9
c2a52bf77bda3ffe06440852c550d1358e371e0a
4da4978a9a581ad856b5ca8cbfc3e864bca66a106d34d5f6ff1d063ea2a9b7d9
GET /gtag/js?id=G-BL9163LYG1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 23:12:12 GMT
expires: Mon, 04 Dec 2023 23:12:12 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 91932
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.depositfiles.com/js/download_utils.js
91.226.124.106 13 kB URL static.depositfiles.com/js/download_utils.js
IP 91.226.124.106:0
File type ASCII text, with very long lines (2250)
Hash 90a706006bc709cdc974ff3e0e01b34f
89585d2c7cac44c9c03c118bbb38aefba1d8a1e4
16f1515b9938fc7de086c504fe214484d97e237647a5d7fa2cb742a93f00c1ea
GET /js/download_utils.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=300
content-type: application/javascript
date: Mon, 04 Dec 2023 23:12:12 GMT
etag: "651c240d-3447"
expires: Mon, 04 Dec 2023 23:17:12 GMT
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 13383
X-Firefox-Spdy: h2
static.depositfiles.com/images/no.png
91.226.124.106200 OK 3.1 kB URL GET HTTP/2 static.depositfiles.com/images/no.png
IP 91.226.124.106:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
FingerprintCC:58:6C:73:8E:64:B8:52:23:86:28:DD:7F:A1:B4:56:B5:95:D2:EF
ValiditySun, 05 Nov 2023 13:35:24 GMT - Sat, 03 Feb 2024 13:35:23 GMT
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 1724ae7b4437c460dafe40dfe9f96d41
8dc80d5b802f180254a8ee1bf1edf0b843205f1e
9b95b8f24b2b0808d611f4fd9bf5f3c548b352ae6100ab7b298b99a86905db79
GET /images/no.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
date: Mon, 04 Dec 2023 23:12:12 GMT
etag: "651c240d-c4a"
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 3146
X-Firefox-Spdy: h2
static.depositfiles.com/images/speed_small_gold.gif
91.226.124.106 14 kB URL static.depositfiles.com/images/speed_small_gold.gif
IP 91.226.124.106:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash c5f8f0e9ecd16637e267912376c24bed
324567a641d318ecfafe6374dfba86ccb2f90dd7
13678b229b6c4224bcb9578a2f29bc3686958f4bea73af7645eb39af4246e6a9
GET /images/speed_small_gold.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=432000
content-type: image/gif
date: Mon, 04 Dec 2023 23:12:12 GMT
etag: "651c240d-389c"
expires: Sat, 09 Dec 2023 23:12:12 GMT
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 14492
X-Firefox-Spdy: h2
static.depositfiles.com/images/speed_small.gif
91.226.124.106 24 kB URL static.depositfiles.com/images/speed_small.gif
IP 91.226.124.106:0
File type GIF image data, version 89a, 200 x 200\012- data
Hash 5cbc96bbb7230dd17ed38b5dd6e3271c
6ee1f0b9e29ac3e824cccd6e5135d51c8d3aaea1
01edcbb65e514def555b1e999d3a72f118f67e572f628293b91893b3758c6991
GET /images/speed_small.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=432000
content-type: image/gif
date: Mon, 04 Dec 2023 23:12:12 GMT
etag: "651c240d-5dac"
expires: Sat, 09 Dec 2023 23:12:12 GMT
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 23980
X-Firefox-Spdy: h2
static.depositfiles.com/js/jquery.validate.js
91.226.124.106 38 kB URL static.depositfiles.com/js/jquery.validate.js
IP 91.226.124.106:0
File type Unicode text, UTF-8 text, with very long lines (1238)
Hash d5231b6378847ebdb55f64c77d5a234f
eed97aa0b2aa9486b6f6831ed8a85dc729ad6b9c
95434a8a2568a6481a1fbcf5808a75dd58e77348ed6d70b4f7aeda8842e8f0c7
GET /js/jquery.validate.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=300
content-type: application/javascript
date: Mon, 04 Dec 2023 23:12:12 GMT
etag: "651c240d-957d"
expires: Mon, 04 Dec 2023 23:17:12 GMT
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 38269
X-Firefox-Spdy: h2
static.depositfiles.com/js/gold_offer.js
91.226.124.106 9.9 kB URL static.depositfiles.com/js/gold_offer.js
IP 91.226.124.106:0
File type HTML document text\012- HTML document, ASCII text
Hash 041bdbbe3ac15bc57b14933e164b55f8
790f921426d0b602424fb3077ca900af94b5ad9e
a86d8d81e5c254822628c578c40d2d62956ab3060632d1884b5080093365b97b
GET /js/gold_offer.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=300
content-type: application/javascript
date: Mon, 04 Dec 2023 23:12:12 GMT
etag: "651c240d-269f"
expires: Mon, 04 Dec 2023 23:17:12 GMT
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 9887
X-Firefox-Spdy: h2
static.depositfiles.com/js/function.js
91.226.124.106200 OK 35 kB URL GET HTTP/2 static.depositfiles.com/js/function.js
IP 91.226.124.106:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
FingerprintCC:58:6C:73:8E:64:B8:52:23:86:28:DD:7F:A1:B4:56:B5:95:D2:EF
ValiditySun, 05 Nov 2023 13:35:24 GMT - Sat, 03 Feb 2024 13:35:23 GMT
File type ASCII text, with very long lines (4240)
Hash a5779d2f560cd50376dbba372b0fd15b
07b08e35b9254288c1372e37577db8b9e4da01b4
51d26403861d61a7842bc73f518d4a4351a7027c40c9f0347f61421226950b84
GET /js/function.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=300
content-type: application/javascript
date: Mon, 04 Dec 2023 23:12:12 GMT
etag: "651c240d-8863"
expires: Mon, 04 Dec 2023 23:17:12 GMT
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 34915
X-Firefox-Spdy: h2
static.depositfiles.com/images/yes.png
91.226.124.106 3.3 kB URL static.depositfiles.com/images/yes.png
IP 91.226.124.106:0
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 3055b8489aeb385fb40b27f0bf0a5ae7
4cfbe45a0ba393ab8ad535cc04af30debef0a1ab
b325d6cb153b02050e59230e2abfb01e05f4bda708ad54bd8f6d9693fa9c2dac
GET /images/yes.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
date: Mon, 04 Dec 2023 23:12:12 GMT
etag: "651c240d-ccb"
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 3275
X-Firefox-Spdy: h2
static.depositfiles.com/js/base2.js
91.226.124.106 399 kB URL static.depositfiles.com/js/base2.js
IP 91.226.124.106:0
File type Unicode text, UTF-8 text, with very long lines (65481)
Size 399 kB (398927 bytes)
Hash 2fcae8126c3fd9a626370a701f0bd887
f3496fb7bbe122a9774d7dcfcd68da03a24dc285
d29ab86f64b4fcfbc45b9ef806c147f1e42e37e37d44a559147232288063badc
GET /js/base2.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=300
content-type: application/javascript
date: Mon, 04 Dec 2023 23:12:12 GMT
etag: "651c240d-6164f"
expires: Mon, 04 Dec 2023 23:17:12 GMT
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 398927
X-Firefox-Spdy: h2
relationbeehive.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
173.233.137.60 16 kB URL relationbeehive.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
IP 173.233.137.60:0
File type ASCII text, with very long lines (42932), with no line terminators
Hash 45b209c3b11c51edcbe0f00fd715543a
30322d758a271b7e15db14cab2ba2e1988ca7ede
32ba697dfca0a0fc9d2c785a4eeb484df99e468144487f00619d7e919df2ab2e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js HTTP/1.1
Host: relationbeehive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:12:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 58d30c332b0533e4b27d5825adbb0759
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.depositfiles.com/images/logo.png
91.226.124.106 3.6 kB URL static.depositfiles.com/images/logo.png
IP 91.226.124.106:0
File type PNG image data, 176 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash c41fdd84b04e45a91cb17cfdeccb1b38
fec7fffe104c7e169aeb159032078c4b71ff2cdc
7f89eb8ab03684f4db282ca30eb231b1e254bca10c7b511950df5e0eab0a68a0
GET /images/logo.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
date: Mon, 04 Dec 2023 23:12:13 GMT
etag: "651c240d-e27"
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 3623
X-Firefox-Spdy: h2
static.depositfiles.com/images/sprite.png
91.226.124.106200 OK 37 kB URL GET HTTP/2 static.depositfiles.com/images/sprite.png
IP 91.226.124.106:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
FingerprintCC:58:6C:73:8E:64:B8:52:23:86:28:DD:7F:A1:B4:56:B5:95:D2:EF
ValiditySun, 05 Nov 2023 13:35:24 GMT - Sat, 03 Feb 2024 13:35:23 GMT
File type PNG image data, 102 x 630, 8-bit/color RGBA, non-interlaced\012- data
Hash 2333675d7e431d5313c6dbb5230a14cd
93c4032e5b8b85793a9cda7167804445d950dd96
b287134a60667ce8e2c3fa1603e3a8f2ffa59c64e746d026d1a13ef19f3f38a0
GET /images/sprite.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
date: Mon, 04 Dec 2023 23:12:13 GMT
etag: "651c240d-8fc2"
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 36802
X-Firefox-Spdy: h2
static.depositfiles.com/images/member_menu_bg.gif
91.226.124.106200 OK 78 B URL GET HTTP/2 static.depositfiles.com/images/member_menu_bg.gif
IP 91.226.124.106:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
FingerprintCC:58:6C:73:8E:64:B8:52:23:86:28:DD:7F:A1:B4:56:B5:95:D2:EF
ValiditySun, 05 Nov 2023 13:35:24 GMT - Sat, 03 Feb 2024 13:35:23 GMT
File type GIF image data, version 89a, 1 x 48\012- data
Hash 20a24b56dcedf6a71a71ebec771e1f7d
d7bed493d5d4eeaed5dbbf7d30d45107840790a0
6f57f29224d8e9e51ed0839e329055426fba7dcd97ef31e93ed495f93a6063df
GET /images/member_menu_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=432000
content-type: image/gif
date: Mon, 04 Dec 2023 23:12:13 GMT
etag: "651c240d-4e"
expires: Sat, 09 Dec 2023 23:12:13 GMT
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 78
X-Firefox-Spdy: h2
js.wpadmngr.com/static/adManager.js
45.133.44.52200 OK 30 kB URL GET HTTP/2 js.wpadmngr.com/static/adManager.js
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectjs.wpadmngr.com
FingerprintAC:C2:DC:B6:95:8A:52:42:68:CB:0F:19:3F:56:A9:E9:1F:E6:04:8C
ValiditySun, 12 Nov 2023 03:01:15 GMT - Sat, 10 Feb 2024 03:01:14 GMT
File type gzip compressed data, from Unix\012- data
Hash eac730b9c0440d20d79b8657681e66f1
730b8c430bdca9927675ad54011706255b6bbd95
66d2104de1bff529cff832160ff09715f6c8d7679e39540ba59443ef26e3de7b
GET /static/adManager.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:12:12 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 28 Nov 2023 12:19:41 GMT
etag: W/"6565dadd-681"
content-encoding: gzip
expires: Mon, 04 Dec 2023 23:17:12 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
static.depositfiles.com/images/upload_btn_bg.gif
91.226.124.106 9.0 kB URL static.depositfiles.com/images/upload_btn_bg.gif
IP 91.226.124.106:0
File type GIF image data, version 89a, 209 x 75\012- data
Hash 6f312f0f4ff138758bae76420f6efd78
b40a28f162140fedff9ee5ce0d687868b1f73d17
c667d75c7f916bf8b140b0e1f7ab0c996f76d4642faed85bd9fef3c738f0912b
GET /images/upload_btn_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=432000
content-type: image/gif
date: Mon, 04 Dec 2023 23:12:13 GMT
etag: "651c240d-2332"
expires: Sat, 09 Dec 2023 23:12:13 GMT
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 9010
X-Firefox-Spdy: h2
static.depositfiles.com/images/flags/lang24.png
91.226.124.106 9.2 kB URL static.depositfiles.com/images/flags/lang24.png
IP 91.226.124.106:0
File type PNG image data, 24 x 552, 8-bit/color RGBA, non-interlaced\012- data
Hash efdcd1ca23d564ddd811f41152a2b83c
0b5aa064e7f8f241363c55fa17eb448f42a5f8df
ce23be242e34c5b420f8ba0390aef20fa50ffc69f700091029616eff524e8f9b
GET /images/flags/lang24.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
date: Mon, 04 Dec 2023 23:12:13 GMT
etag: "651c240d-23d4"
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 9172
X-Firefox-Spdy: h2
static.depositfiles.com/images/sprite16.png
91.226.124.106200 OK 28 kB URL GET HTTP/2 static.depositfiles.com/images/sprite16.png
IP 91.226.124.106:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
FingerprintCC:58:6C:73:8E:64:B8:52:23:86:28:DD:7F:A1:B4:56:B5:95:D2:EF
ValiditySun, 05 Nov 2023 13:35:24 GMT - Sat, 03 Feb 2024 13:35:23 GMT
File type PNG image data, 32 x 1072, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e86fe2d2c2650c5f4663f0fc135ebc1
ba86e14a9abcff0581eda84a307594ef1288b982
604187f8828381a47ae70249f55f21c78c53ab1401d20a5f2230a0d6c9ae50d1
GET /images/sprite16.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
date: Mon, 04 Dec 2023 23:12:13 GMT
etag: "651c240d-6f55"
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 28501
X-Firefox-Spdy: h2
ocsp.r2m03.amazontrust.com/
54.230.218.11 471 B URL ocsp.r2m03.amazontrust.com/
IP 54.230.218.11:0
Hash 24a776b1f2e9d3fff472472cff5e9b16
38a6b9ce7b18c9204f5ace875325ca74c863d1a9
108f3caa2c7db8c122fcea5f02f4f0f1e058d4da8e913dc2b4e8ace4e5a50e81
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Mon, 04 Dec 2023 23:12:13 GMT
Last-Modified: Mon, 04 Dec 2023 22:02:32 GMT
Server: ECAcc (ska/F7A7)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 4pNHZ2C8VCxVGDqPPequryjXE7SYxTxQIoNhim6oqRFaWyOvV9_0xg==
Age: 4181
loader.unblockia.com/c/dfiles.eu/config.json
143.204.55.84200 OK 47 kB URL GET HTTP/2 loader.unblockia.com/c/dfiles.eu/config.json
IP 143.204.55.84:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (46747), with no line terminators
Hash f365c1e4619a90bbadadacf55598fe90
1623c939b72aecd3831e1da35e4c0a5229383e91
23e2e4d868bb2652b97e9e13d36df1dfeeba338d4e9c4d1d737fba6b2b2b2d52
GET /c/dfiles.eu/config.json HTTP/1.1
Host: loader.unblockia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 46747
last-modified: Fri, 09 Jun 2023 09:20:17 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: trENJHq0I9QxpCJnwtrkDFWJYsxIhjKV
accept-ranges: bytes
server: AmazonS3
date: Mon, 04 Dec 2023 21:20:21 GMT
etag: "f365c1e4619a90bbadadacf55598fe90"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: oDvPz1zdP-eIAjT4rRuNljiFJSeq8ZNG7aDhWoBGQcaRC8wJLNuxEw==
age: 6713
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
proftrafficcounter.com/stats
18.184.210.76200 OK 40 B URL GET HTTP/2 proftrafficcounter.com/stats
IP 18.184.210.76:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash cf06435079b09668c765eef97af3de3b
3bd0c6d6e9c44b0665ac4cf74d361278237371c2
a97c68e11a9855f2c995c4b41bb742a216708f85a912e3148908da0f9c703f98
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:12:13 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=61fa4d3e-ebe5-4d11-a51a-72b28df06b0b:2:1; expires=Thu, 01 Dec 2033 23:12:13 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.172.31200 OK 28 kB URL GET HTTP/2 friendshipmale.com/sfp.js
IP 172.64.172.31:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:12:13 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: e9498dda4f495c1862974b18cd7f0fe4
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 04 Dec 2023 23:12:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ubGqeYqanB9y8tsDbA9B5VA3XIx60tpHcchKgTiC483R0HzOZvn3CBwkx2Qv%2B%2BChGSjL3GPdy3Pz8%2BzXGOgZgvrfwKECQFb1ec0l4fcL8U6cBhb3fjVpkaFW1PG6AHREA5Qu6I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bba409ee52e7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
na.nawpush.com/tags/46445?version_name=b
45.133.44.25 579 B URL na.nawpush.com/tags/46445?version_name=b
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (579), with no line terminators
Hash 0bb9c6e874901156bf0a0dbcf7f36553
836c18d0d2422f34857133d976d3a5001b0c5f65
761dd4e9b4acfa5254039af128e2581badd9568fc8a2558ade0ca36893c602fd
GET /tags/46445?version_name=b HTTP/1.1
Host: na.nawpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:12:13 GMT
content-type: application/json
content-length: 579
server: nginx/1.18.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.capndr.com/advertising.js
45.133.44.52 0 B URL js.capndr.com/advertising.js
IP 45.133.44.52:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertising.js HTTP/1.1
Host: js.capndr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:12:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 14 Jul 2023 08:23:25 GMT
etag: "64b105fd-0"
expires: Mon, 04 Dec 2023 23:17:13 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.106 85 kB URL adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.106:0
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: last_file=y0nf06jdd; lang_current=en; _ga_BL9163LYG1=GS1.1.1701731538.1.0.1701731538.0.0.0; _ga=GA1.1.1135501640.1701731538; _nf58=1; _nf56=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: no-cache, private, no-cache, no-store, must-revalidate
content-type: application/javascript
date: Mon, 04 Dec 2023 23:12:13 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
server: nginx
content-length: 85260
X-Firefox-Spdy: h2
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.106 85 kB URL adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.106:0
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: last_file=y0nf06jdd; lang_current=en; _ga_BL9163LYG1=GS1.1.1701731538.1.0.1701731538.0.0.0; _ga=GA1.1.1135501640.1701731538; _nf58=1; _nf56=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: no-cache, private, no-cache, no-store, must-revalidate
content-type: application/javascript
date: Mon, 04 Dec 2023 23:12:13 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
server: nginx
content-length: 85260
X-Firefox-Spdy: h2
marbleapplicationsblushing.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
173.233.139.164200 OK 23 kB URL GET HTTP/1.1 marbleapplicationsblushing.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
IP 173.233.139.164:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectmarbleapplicationsblushing.com
FingerprintE2:63:34:5D:24:6D:4F:CA:3F:15:91:D6:52:D6:ED:69:F9:28:84:7E
ValidityTue, 28 Nov 2023 10:36:41 GMT - Mon, 26 Feb 2024 10:36:40 GMT
File type ASCII text, with very long lines (59532)
Hash ef440b421fc6d70ce1ce89132debe359
45f63cbdaf2945e1ae4434d727205a305d61e0ba
1aba6280213e8921f1efbf7d0579bc0683b9afcdf34cc3b0c9a1aeb78f99cc93
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js HTTP/1.1
Host: marbleapplicationsblushing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:12:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_AN-1159_new=0; expires=Sat, 09 Dec 2023 03:12:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c54ebe7daff04f1dbd0b90083bcf5e53
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.depositfiles.com/images/favicon.ico
91.226.124.106 318 B URL static.depositfiles.com/images/favicon.ico
IP 91.226.124.106:0
File type MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Hash 0f0b975ee529197ec75780ebc2de5907
59688c6aafca5606e388ba9a44fc9dc25fc32cd3
28a0b52229f05b66354ca38b6b813d2281af3efb7e8b0a424ef8b4c68b9e583c
GET /images/favicon.ico HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/x-icon
date: Mon, 04 Dec 2023 23:12:13 GMT
etag: "651c240d-13e"
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 318
X-Firefox-Spdy: h2
jsc.mgid.com/d/e/depositfiles.com.7998.js
104.19.133.76 1.9 kB URL jsc.mgid.com/d/e/depositfiles.com.7998.js
IP 104.19.133.76:0
File type ASCII text, with very long lines (3762), with no line terminators
Hash e2662e447ff7366a5845380f55f79d95
b11bba2245623f574d86aa8aa3ae16e67f27d97d
e7add1378db0a440a17d13b2bbbc1c8db328a60bf6aaae40097be42d0dea8ed5
GET /d/e/depositfiles.com.7998.js HTTP/1.1
Host: jsc.mgid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:12:13 GMT
content-type: text/javascript
cf-bgj: minify
cf-polished: origSize=3763
etag: W/"d5b4c449fd4379afd8eae413a68d1ad7"
last-modified: Tue, 28 Nov 2023 07:28:27 GMT
x-amz-id-2: BknX29aU3MMkEcthUC6e4jx8bjaiP/tTQJAHG+2wogVr/0O6kYK2QVUmT/t3Yx7hdISZ5ki8KwI=
x-amz-request-id: Q4KNQTQERGV0N29Y
x-amz-server-side-encryption: AES256
x-amz-version-id: RMbCurdK22jju5XkDTPvf4TQWr.qyGnj
cf-cache-status: HIT
age: 289
expires: Tue, 05 Dec 2023 02:12:13 GMT
cache-control: public, max-age=10800
set-cookie: __cf_bm=Xl4nN1dZFWQVMJprUanclKia44atxruf7G22AOsqPRM-1701731533-0-Aft7KKM8WeJTN6HoAzOGK8cP3/PMjrnWp6LueJdM5ijPwfViwlLW0fYNRlfuSlLaiYURJqrFnJgrfhvqmE87WRs=; path=/; expires=Mon, 04-Dec-23 23:42:13 GMT; domain=.mgid.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
server: cloudflare
cf-ray: 8307bba5fd33569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
proftrafficcounter.com/stats
18.184.210.76200 OK 40 B URL GET HTTP/2 proftrafficcounter.com/stats
IP 18.184.210.76:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash cf06435079b09668c765eef97af3de3b
3bd0c6d6e9c44b0665ac4cf74d361278237371c2
a97c68e11a9855f2c995c4b41bb742a216708f85a912e3148908da0f9c703f98
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=61fa4d3e-ebe5-4d11-a51a-72b28df06b0b:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:12:13 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
142.250.74.35200 OK 191 kB URL GET HTTP/2 www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js
IP 142.250.74.35:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (563)
Size 191 kB (190682 bytes)
Hash 23b9dd721490a4062ba8d01454ef6ba9
efdbb7331585411f7d397dacbf51fd3e95f3031d
4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7
GET /recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 190682
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 03 Dec 2023 11:52:30 GMT
expires: Mon, 02 Dec 2024 11:52:30 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 127183
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=656e5c49b24f527448601365077796
91.226.124.106 43 B URL adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=656e5c49b24f527448601365077796
IP 91.226.124.106:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2973&z=58&b=2775&u=656e5c49b24f527448601365077796 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: last_file=y0nf06jdd; lang_current=en; _ga_BL9163LYG1=GS1.1.1701731538.1.0.1701731538.0.0.0; _ga=GA1.1.1135501640.1701731538; _nf58=1; _nf56=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: no-cache, private, no-cache, no-store, must-revalidate
content-type: image/gif
date: Mon, 04 Dec 2023 23:12:14 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
server: nginx
content-length: 43
X-Firefox-Spdy: h2
adsbb.dfiles.eu/view.gif?c=2685&z=56&b=2758&u=656e5c49a57398241105018387533
91.226.124.106 43 B URL adsbb.dfiles.eu/view.gif?c=2685&z=56&b=2758&u=656e5c49a57398241105018387533
IP 91.226.124.106:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2685&z=56&b=2758&u=656e5c49a57398241105018387533 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: last_file=y0nf06jdd; lang_current=en; _ga_BL9163LYG1=GS1.1.1701731538.1.0.1701731538.0.0.0; _ga=GA1.1.1135501640.1701731538; _nf58=1; _nf56=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: no-cache, private, no-cache, no-store, must-revalidate
content-type: image/gif
date: Mon, 04 Dec 2023 23:12:14 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
server: nginx
content-length: 43
X-Firefox-Spdy: h2
c.mgid.com/pv/?lu=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fy0nf06jdd%2FCOD-G_update-2.exe&cbuster=1701731539952254718553&pvid=18c371a9bef90a15988&implVersion=11&cxurl=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fy0nf06jdd%2FCOD-G_update-2.exe&site=437&i=1
104.19.133.76 43 B URL c.mgid.com/pv/?lu=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fy0nf06jdd%2FCOD-G_update-2.exe&cbuster=1701731539952254718553&pvid=18c371a9bef90a15988&implVersion=11&cxurl=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fy0nf06jdd%2FCOD-G_update-2.exe&site=437&i=1
IP 104.19.133.76:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
GET /pv/?lu=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fy0nf06jdd%2FCOD-G_update-2.exe&cbuster=1701731539952254718553&pvid=18c371a9bef90a15988&implVersion=11&cxurl=https%3A%2F%2Fdfiles.eu%2Ffiles%2Fy0nf06jdd%2FCOD-G_update-2.exe&site=437&i=1 HTTP/1.1
Host: c.mgid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adsbb.dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=Xl4nN1dZFWQVMJprUanclKia44atxruf7G22AOsqPRM-1701731533-0-Aft7KKM8WeJTN6HoAzOGK8cP3/PMjrnWp6LueJdM5ijPwfViwlLW0fYNRlfuSlLaiYURJqrFnJgrfhvqmE87WRs=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:12:14 GMT
content-type: image/gif
content-length: 43
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 8307bba98b08568f-OSL
alt-svc: h3=":443"; ma=86400
adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
91.226.124.106 4.0 kB URL adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
IP 91.226.124.106:0
File type gzip compressed data, from Unix\012- data
Hash 7889622e102482c0aba57c6a96f2efe6
bb12b1c3dc815fc0678709b28879ef7f636980d7
b003f572104f72f250157f6d829db4a1d8a9af0d900ff9db1e96cd9251ff7709
GET //ad.php?z=58&c=NO&g=gateway HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: last_file=y0nf06jdd; lang_current=en; _ga_BL9163LYG1=GS1.1.1701731538.1.0.1701731538.0.0.0; _ga=GA1.1.1135501640.1701731538
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 303 See Other
content-security-policy: frame-ancestors depositfiles.com depositfiles.org dfiles.eu dfiles.com
content-type: text/html; charset=UTF-8
date: Mon, 04 Dec 2023 23:12:13 GMT
location: /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
server: nginx
set-cookie: _nf58=1; expires=Tue, 05-Dec-2023 23:12:13 GMT; Max-Age=86400
x-powered-by: PHP/5.6.30-0+deb8u1
X-Firefox-Spdy: h2
roughseaside.com/pixel/purst?dl=0&th=0&sc=0&rs=2524&rd=2524&fd=619&bv=23.12.v.1&tmpl=136
192.243.61.225 0 B URL roughseaside.com/pixel/purst?dl=0&th=0&sc=0&rs=2524&rd=2524&fd=619&bv=23.12.v.1&tmpl=136
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2524&rd=2524&fd=619&bv=23.12.v.1&tmpl=136 HTTP/1.1
Host: roughseaside.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:12:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
proftrafficcounter.com/stats
18.184.210.76200 OK 40 B URL GET HTTP/2 proftrafficcounter.com/stats
IP 18.184.210.76:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash cf06435079b09668c765eef97af3de3b
3bd0c6d6e9c44b0665ac4cf74d361278237371c2
a97c68e11a9855f2c995c4b41bb742a216708f85a912e3148908da0f9c703f98
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=61fa4d3e-ebe5-4d11-a51a-72b28df06b0b:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:12:14 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
proftrafficcounter.com/stats
18.184.210.76200 OK 40 B URL GET HTTP/2 proftrafficcounter.com/stats
IP 18.184.210.76:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash cf06435079b09668c765eef97af3de3b
3bd0c6d6e9c44b0665ac4cf74d361278237371c2
a97c68e11a9855f2c995c4b41bb742a216708f85a912e3148908da0f9c703f98
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=61fa4d3e-ebe5-4d11-a51a-72b28df06b0b:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:12:14 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true
143.204.55.94 54 kB URL cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true
IP 143.204.55.94:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 160x600, components 3\012- data
Hash 5dcf47442fc7fbb8d0263bbf4869537e
2c8232ac93448bbc06b5464f1839a5cdb2ed3e07
81804a1b2b20350ec009ba6429a4f58124c16ca30683af0af255544cd98c8fa6
GET /autopromos/unicef3.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 54292
last-modified: Tue, 12 Apr 2022 08:41:27 GMT
x-amz-version-id: iA22.ytP0i4dmuIhnc0eyNVgJlt2K4fl
accept-ranges: bytes
server: AmazonS3
date: Mon, 04 Dec 2023 09:07:09 GMT
etag: "5dcf47442fc7fbb8d0263bbf4869537e"
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: d7MbKY7QehJBCWPRk3FtSyRHEpS5BoG5T32N_QKkZ-zONZR5Cu1A2g==
age: 50706
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true
143.204.55.94 37 kB URL cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true
IP 143.204.55.94:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 728x90, components 3\012- data
Hash 58fbb6ffe72ac0c1aa468de39ee18e13
d25230f1ef89aecc6048b0ceb09dd0af609ee7b6
e8ff7f3a8926e5b5497d2ab7a1bf47c5655e287a51045f11846f426ac6c7d180
GET /autopromos/unicef2.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 36773
last-modified: Tue, 12 Apr 2022 08:41:28 GMT
x-amz-version-id: xUurxjfnscsyJn430NFsrgfbabIFowSl
accept-ranges: bytes
server: AmazonS3
date: Mon, 04 Dec 2023 22:27:49 GMT
etag: "58fbb6ffe72ac0c1aa468de39ee18e13"
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: kGIstbU5kfplIlYURLfDQ5ZcHqLT42a0WlxHPvJGm8Av-4fhgG5jRA==
age: 2675
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
marbleapplicationsblushing.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3s3v9NPD6l4EhTmuIJPumZ6ZjHtYjGvWYEzi%2FiEHvVRXVU%2FKVFc1Vd3Tk%2FESXJA9juDBY%2BdNskFdll2PgiATLxJYyHiQHAyI970oe5aZDIx%2B0P299706vPdVfbGfn5MAOT3b%2FND0pVJ0sVH1K9e2pOamcJX1u5XAr%2FrXK1tSN8Prld7kZ7tvB36j6r9ZuSXYjlms%2BYHvB35QWZFWxKa3OFUh00ftoNr2q2GtGjRC9Ox%2Fucs9OOqBd8%2FJK5B8%2FL%2FtX55CshF08uSmcDuZSd96L8kVzYxFlx%2Fd0zvaFBrJHMbWQ6yPZqdh3JiQry%2FB6KNZApjuwSQBIjkm3m8BIn00s4moe3jhNFIQGhH%2FP4ruCEKNIOkIzNyH5KcEYBzrG9DJw3VjC7p7odKJOiYLL%2F6CLMZk4fer0MnjZSV7lTtG5Zk02qEXl5C9EWRnhDQ%2FRtb3IItjsOxzSP6MLL5Yg04ONpwykLycppdyBBmPoMQA1HnIJ5%2F0kMce8tRDws8qtNGOfb8VR3G9vhQyxup1xhpLTd7g9XAp9pGzib0BsnQApgZgdg%2Bp3cOOHMDmP8Ftl3Dcg8vGxPtoD11eohAEhSMoKEEhCYqMoOiWh1y5misfcuXyKJj12qzXy6HJOvv00GQdoQmoHeyn5%2BTKdDd%2FNw12xFmlVgspD2kQRmEUNFjQqjXjuOU3BGu2aoI24WQJ6S5N4%2Fbl6aspUnn60uuI6DGcOgaTV0DzN0CLYavmg24PwyUfff2Ei9Q4mcVSCVdlJgE3JdJsAdmut6%2FOyWtTH%2B%2F%2F8DEEO7nxVf%2BPW4%2BvfgZmS6S2xKfyZ4KOejC8bQpycNsUjjzdSDOZyD6d3N%2BdjGbi8rcfiN3CWL560w2%2BeYdNhAl8dFe4bI1qLnXHke%2BWJefCrhjLBPlx1W2JaDN328u51Xm6tvnuymqSWuGcNHoEKseEPP8eTI7Jy8%2Fd9G1eu%2FcnpB3B5iWS%2FITMCtIcg6V7cOl85gyBVXMepR6KvBzaWjQfKkmgxJzTqIT7F4%2FmeN89QMd6oNl96KRE15boqhJUDeDyy8MstSc3fq1PC5HyhpGy3kGkrPryYrlOnlVEI%2FZj4ddEFLejuEV93o7DdkTbgWhFDRogc2OhP3n2DwAAAP%2F%2FAQAA%2F%2F8vbKSwcwQAAA%3D%3D
173.233.139.164200 OK 7 B URL GET HTTP/1.1 marbleapplicationsblushing.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3s3v9NPD6l4EhTmuIJPumZ6ZjHtYjGvWYEzi%2FiEHvVRXVU%2FKVFc1Vd3Tk%2FESXJA9juDBY%2BdNskFdll2PgiATLxJYyHiQHAyI970oe5aZDIx%2B0P299706vPdVfbGfn5MAOT3b%2FND0pVJ0sVH1K9e2pOamcJX1u5XAr%2FrXK1tSN8Prld7kZ7tvB36j6r9ZuSXYjlms%2BYHvB35QWZFWxKa3OFUh00ftoNr2q2GtGjRC9Ox%2Fucs9OOqBd8%2FJK5B8%2FL%2FtX55CshF08uSmcDuZSd96L8kVzYxFlx%2Fd0zvaFBrJHMbWQ6yPZqdh3JiQry%2FB6KNZApjuwSQBIjkm3m8BIn00s4moe3jhNFIQGhH%2FP4ruCEKNIOkIzNyH5KcEYBzrG9DJw3VjC7p7odKJOiYLL%2F6CLMZk4fer0MnjZSV7lTtG5Zk02qEXl5C9EWRnhDQ%2FRtb3IItjsOxzSP6MLL5Yg04ONpwykLycppdyBBmPoMQA1HnIJ5%2F0kMce8tRDws8qtNGOfb8VR3G9vhQyxup1xhpLTd7g9XAp9pGzib0BsnQApgZgdg%2Bp3cOOHMDmP8Ftl3Dcg8vGxPtoD11eohAEhSMoKEEhCYqMoOiWh1y5misfcuXyKJj12qzXy6HJOvv00GQdoQmoHeyn5%2BTKdDd%2FNw12xFmlVgspD2kQRmEUNFjQqjXjuOU3BGu2aoI24WQJ6S5N4%2Fbl6aspUnn60uuI6DGcOgaTV0DzN0CLYavmg24PwyUfff2Ei9Q4mcVSCVdlJgE3JdJsAdmut6%2FOyWtTH%2B%2F%2F8DEEO7nxVf%2BPW4%2BvfgZmS6S2xKfyZ4KOejC8bQpycNsUjjzdSDOZyD6d3N%2BdjGbi8rcfiN3CWL560w2%2BeYdNhAl8dFe4bI1qLnXHke%2BWJefCrhjLBPlx1W2JaDN328u51Xm6tvnuymqSWuGcNHoEKseEPP8eTI7Jy8%2Fd9G1eu%2FcnpB3B5iWS%2FITMCtIcg6V7cOl85gyBVXMepR6KvBzaWjQfKkmgxJzTqIT7F4%2FmeN89QMd6oNl96KRE15boqhJUDeDyy8MstSc3fq1PC5HyhpGy3kGkrPryYrlOnlVEI%2FZj4ddEFLejuEV93o7DdkTbgWhFDRogc2OhP3n2DwAAAP%2F%2FAQAA%2F%2F8vbKSwcwQAAA%3D%3D
IP 173.233.139.164:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectmarbleapplicationsblushing.com
FingerprintE2:63:34:5D:24:6D:4F:CA:3F:15:91:D6:52:D6:ED:69:F9:28:84:7E
ValidityTue, 28 Nov 2023 10:36:41 GMT - Mon, 26 Feb 2024 10:36:40 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3s3v9NPD6l4EhTmuIJPumZ6ZjHtYjGvWYEzi%2FiEHvVRXVU%2FKVFc1Vd3Tk%2FESXJA9juDBY%2BdNskFdll2PgiATLxJYyHiQHAyI970oe5aZDIx%2B0P299706vPdVfbGfn5MAOT3b%2FND0pVJ0sVH1K9e2pOamcJX1u5XAr%2FrXK1tSN8Prld7kZ7tvB36j6r9ZuSXYjlms%2BYHvB35QWZFWxKa3OFUh00ftoNr2q2GtGjRC9Ox%2Fucs9OOqBd8%2FJK5B8%2FL%2FtX55CshF08uSmcDuZSd96L8kVzYxFlx%2Fd0zvaFBrJHMbWQ6yPZqdh3JiQry%2FB6KNZApjuwSQBIjkm3m8BIn00s4moe3jhNFIQGhH%2FP4ruCEKNIOkIzNyH5KcEYBzrG9DJw3VjC7p7odKJOiYLL%2F6CLMZk4fer0MnjZSV7lTtG5Zk02qEXl5C9EWRnhDQ%2FRtb3IItjsOxzSP6MLL5Yg04ONpwykLycppdyBBmPoMQA1HnIJ5%2F0kMce8tRDws8qtNGOfb8VR3G9vhQyxup1xhpLTd7g9XAp9pGzib0BsnQApgZgdg%2Bp3cOOHMDmP8Ftl3Dcg8vGxPtoD11eohAEhSMoKEEhCYqMoOiWh1y5misfcuXyKJj12qzXy6HJOvv00GQdoQmoHeyn5%2BTKdDd%2FNw12xFmlVgspD2kQRmEUNFjQqjXjuOU3BGu2aoI24WQJ6S5N4%2Fbl6aspUnn60uuI6DGcOgaTV0DzN0CLYavmg24PwyUfff2Ei9Q4mcVSCVdlJgE3JdJsAdmut6%2FOyWtTH%2B%2F%2F8DEEO7nxVf%2BPW4%2BvfgZmS6S2xKfyZ4KOejC8bQpycNsUjjzdSDOZyD6d3N%2BdjGbi8rcfiN3CWL560w2%2BeYdNhAl8dFe4bI1qLnXHke%2BWJefCrhjLBPlx1W2JaDN328u51Xm6tvnuymqSWuGcNHoEKseEPP8eTI7Jy8%2Fd9G1eu%2FcnpB3B5iWS%2FITMCtIcg6V7cOl85gyBVXMepR6KvBzaWjQfKkmgxJzTqIT7F4%2FmeN89QMd6oNl96KRE15boqhJUDeDyy8MstSc3fq1PC5HyhpGy3kGkrPryYrlOnlVEI%2FZj4ddEFLejuEV93o7DdkTbgWhFDRogc2OhP3n2DwAAAP%2F%2FAQAA%2F%2F8vbKSwcwQAAA%3D%3D HTTP/1.1
Host: marbleapplicationsblushing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:12:14 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e21db166560a73036c4d6d72b5babaea
Strict-Transport-Security: max-age=0; includeSubdomains
t.unblockia.com/?sid=140&o=1&b=2&p=1&t=1
143.204.55.91200 OK 0 B URL POST HTTP/2 t.unblockia.com/?sid=140&o=1&b=2&p=1&t=1
IP 143.204.55.91:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /?sid=140&o=1&b=2&p=1&t=1 HTTP/1.1
Host: t.unblockia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
content-type: application/json
content-length: 0
server: nginx/1.20.0
date: Mon, 04 Dec 2023 23:12:14 GMT
x-cache: Miss from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: gj7NP9KZiUjGTsNZxMzZUyQUOQs7R2Bk4m4sdLMUISOo_SvOfHeGYQ==
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
ntvpforever.com/keywords
157.90.84.246200 OK 0 B IP 157.90.84.246:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /keywords HTTP/1.1
Host: ntvpforever.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.20.1
date: Mon, 04 Dec 2023 23:12:15 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242204 No Content 0 B URL OPTIONS HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Mon, 04 Dec 2023 23:12:15 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://dfiles.eu
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
ntvpforever.com/keywords
157.90.84.246200 OK 15 B IP 157.90.84.246:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 32323194b8b07fd0aa9b6f7fc79a7b30
ea248c45722bff267b55a453dc794bc42171cef6
080040b4937f3f423f32cd7f19b2a79ba1e1e213f1d9f4f4db4f609d4ad778d8
POST /keywords HTTP/1.1
Host: ntvpforever.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 340
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Mon, 04 Dec 2023 23:12:15 GMT
content-type: application/json
content-length: 15
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242204 No Content 58 B URL OPTIONS HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
File type JSON data\012- , ASCII text
Hash 49cb75c0da6be8cc97daea0ae2498649
1dd230c3f22a2308b9c091fe1e952b5e8d44bc88
3f61f6927c8c29196e623750a164dcd6895cc2dc3a592ccc5d755b3d4d407841
POST /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 23170
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 04 Dec 2023 23:12:15 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dfiles.eu
Set-Cookie: id=3648886533666372136; Expires=Tue, 03 Dec 2024 23:12:15 GMT; Secure; SameSite=None
Vary: Origin
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png
172.64.109.10200 OK 591 B URL GET HTTP/3 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png
IP 172.64.109.10:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash 9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/big1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:12:15 GMT
content-type: image/png
content-length: 591
last-modified: Mon, 21 Feb 2022 10:06:44 GMT
etag: "62136434-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1873855
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uh1yoaT6XrMLdap2FyAXgab5naf5kmyQBUG2tlxi9nW%2FOqtzSEAGFWtXXT8LfRLy920CH5GAv0R0oAn%2FhhwRSIo%2B9M0diN9jFg2zC80h7wXpSs%2FKIvLwnO6L%2B3uw4tfi9ZnD%2BUy284ht"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bbb07fa363cd-LHR
alt-svc: h3=":443"; ma=86400
efd8d8a247.86e7d35526.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMzU4NDIzMTc5MDE0NzgwNTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjkzLjIiLCJ0YWdfaWQiOjQ2NDQ1LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNDIsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkRlcG9zaXRGaWxlcyUyQ0RlcG9zaXRGaWxlcyUyQ3Byb3ZpZGVzJTJDeW91JTJDd2l0aCUyQ2ElMkNsZWdpdGltYXRlJTJDdGVjaG5pY2FsJTJDc29sdXRpb24lMkN3aGljaCUyQ2VuYWJsZXMlMkN5b3UlMkN0byUyQ3VwbG9hZCUyQ3N0b3JlJTJDYWNjZXNzJTJDYW5kJTJDZG93bmxvYWQlMkN0ZXh0JTJDc29mdHdhcmUlMkMlMkNzY3JpcHRzJTJDaW1hZ2VzJTJDc291bmRzJTJDdmlkZW9zJTJDYW5pbWF0aW9ucyUyQ2FuZCUyQ2FueSUyQ290aGVyJTJDbWF0ZXJpYWxzJTJDaW4lMkNmb3JtJTJDb2YlMkNvbmUlMkNvciUyQ3NldmVyYWwlMkNlbGVjdHJvbmljJTJDZmlsZXMuIn0=
45.133.44.52 0 B URL efd8d8a247.86e7d35526.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMzU4NDIzMTc5MDE0NzgwNTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjkzLjIiLCJ0YWdfaWQiOjQ2NDQ1LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNDIsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkRlcG9zaXRGaWxlcyUyQ0RlcG9zaXRGaWxlcyUyQ3Byb3ZpZGVzJTJDeW91JTJDd2l0aCUyQ2ElMkNsZWdpdGltYXRlJTJDdGVjaG5pY2FsJTJDc29sdXRpb24lMkN3aGljaCUyQ2VuYWJsZXMlMkN5b3UlMkN0byUyQ3VwbG9hZCUyQ3N0b3JlJTJDYWNjZXNzJTJDYW5kJTJDZG93bmxvYWQlMkN0ZXh0JTJDc29mdHdhcmUlMkMlMkNzY3JpcHRzJTJDaW1hZ2VzJTJDc291bmRzJTJDdmlkZW9zJTJDYW5pbWF0aW9ucyUyQ2FuZCUyQ2FueSUyQ290aGVyJTJDbWF0ZXJpYWxzJTJDaW4lMkNmb3JtJTJDb2YlMkNvbmUlMkNvciUyQ3NldmVyYWwlMkNlbGVjdHJvbmljJTJDZmlsZXMuIn0=
IP 45.133.44.52:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMzU4NDIzMTc5MDE0NzgwNTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjkzLjIiLCJ0YWdfaWQiOjQ2NDQ1LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNDIsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkRlcG9zaXRGaWxlcyUyQ0RlcG9zaXRGaWxlcyUyQ3Byb3ZpZGVzJTJDeW91JTJDd2l0aCUyQ2ElMkNsZWdpdGltYXRlJTJDdGVjaG5pY2FsJTJDc29sdXRpb24lMkN3aGljaCUyQ2VuYWJsZXMlMkN5b3UlMkN0byUyQ3VwbG9hZCUyQ3N0b3JlJTJDYWNjZXNzJTJDYW5kJTJDZG93bmxvYWQlMkN0ZXh0JTJDc29mdHdhcmUlMkMlMkNzY3JpcHRzJTJDaW1hZ2VzJTJDc291bmRzJTJDdmlkZW9zJTJDYW5pbWF0aW9ucyUyQ2FuZCUyQ2FueSUyQ290aGVyJTJDbWF0ZXJpYWxzJTJDaW4lMkNmb3JtJTJDb2YlMkNvbmUlMkNvciUyQ3NldmVyYWwlMkNlbGVjdHJvbmljJTJDZmlsZXMuIn0= HTTP/1.1
Host: efd8d8a247.86e7d35526.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:12:15 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
45.133.44.53200 OK 16 kB URL GET HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP 45.133.44.53:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectjs.wpshsdk.com
Fingerprint07:CF:9F:F6:6F:EC:12:8A:E5:15:45:BE:7A:31:00:17:EB:A4:EC:D8
ValidityTue, 21 Nov 2023 14:00:56 GMT - Mon, 19 Feb 2024 14:00:55 GMT
File type gzip compressed data, from Unix\012- data
Hash 348855ee9fe3f156eaa81603452dd0cd
70491be04b8db9550fa9eee6f4f219808b2c6cdb
88a24d3c2710e96e96a5d4660bf2b3ccfa8ee63e459c0531374d28b710ba2053
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:12:15 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 22 Nov 2023 11:58:43 GMT
etag: W/"655decf3-87a8"
content-encoding: gzip
expires: Mon, 04 Dec 2023 23:17:15 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png
45.133.44.10 20 kB URL cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash ea31001ce8fa95eb2ac1617515105332
d505ca04808c25cfa33a555c96886f421ddbbde7
0267f5cd21fe5609405724c20d6f021b8932a696ada766b8e86e42c670000ab3
GET /si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:12:15 GMT
content-type: image/png
content-length: 20001
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:52:40 GMT
etag: "655b72b8-4e21"
expires: Wed, 06 Dec 2023 23:12:15 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png
45.133.44.10200 OK 9.0 kB URL GET HTTP/2 cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png
IP 45.133.44.10:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash a56f06ca83ee06488a213b352e00bd90
aec437b74eb6f1143683872fb2d664286da4a664
7144c526762a9d91bdde1939194c2835f2cb1afe0ebac298bbdf1e9239b539ec
GET /si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:12:15 GMT
content-type: image/png
content-length: 9016
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:51:52 GMT
etag: "655b7288-2338"
expires: Wed, 06 Dec 2023 23:12:15 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js
172.64.109.10200 OK 31 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js
IP 172.64.109.10:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type ASCII text, with very long lines (32025)
Hash 4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
GET /sb/ssp/vpn/classic-push/big1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:12:15 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 488655
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OcZyeHSY2hA6jMbcNt7LwSZNiGtcv2DeTcr%2FyhSLnnDF%2BgewIYmCNaul%2FelynQ2LpqSkp76jUNuF%2Bav%2Bwlb5J0QOANdOu7QXcfz5Hs9ynovUsDkoV82nbg1QeFk5lB4laxpTo1SzdsC4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bbb0f82463cd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
unseenreport.com/pxf.gif?uuid=61fa4d3e-ebe5-4d11-a51a-72b28df06b0b&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23
192.243.61.225 1 B URL unseenreport.com/pxf.gif?uuid=61fa4d3e-ebe5-4d11-a51a-72b28df06b0b&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=61fa4d3e-ebe5-4d11-a51a-72b28df06b0b&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:12:15 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 17f7b4d31e1e147b1a0f874b8621b246
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=61fa4d3e-ebe5-4d11-a51a-72b28df06b0b&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23
192.243.61.225200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=61fa4d3e-ebe5-4d11-a51a-72b28df06b0b&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23
IP 192.243.61.225:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=61fa4d3e-ebe5-4d11-a51a-72b28df06b0b&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:12:15 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 79f5c696f893ecfcf062ee13260f66e8
Strict-Transport-Security: max-age=0; includeSubdomains
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227 16 kB URL fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:13:56 GMT
expires: Thu, 28 Nov 2024 21:13:56 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 439100
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 411282
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
marbleapplicationsblushing.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3s3v9NPD6l4EhT6uIJPunp4%2FcQ%2BLcc0ajEncP%2BSgl%2Bqq6kmZ6q6mqnt6Ml6CC7LHETx47LxJNqjLsutREGTiRQILGQ%2BSgwHxvhdlzzKTgdEPur%2F3vleH976qL%2FaLc%2BKjoGebH%2Bq%2BVIouNmqee21LplyX1l2%2F6%2Fpezbvubsm0GV53e5Of6b7te42a96Z7S7AdvRh4vuf5nu%2BuSCNi3VucqpDZoyW%2FtuTVwqDmN0L0zH%2B5LRxY6oB3z8krkHz8v%2B1fnkKyEdLkyU1hd3KdvfVeUiiaa4MuP7qX7qS6TJHMYWwcxOnR7DS0HRPy9SXo9GiWALp7MEmASI6J85uPKD2a2UTUPbxwGimIFBH%2FP8ruCEKNIOkITN%2BH5KcEYBzrG0iTh%2BvalHT3QqUTdUwWXvwFWY7Jwu9XkSaPl5XsuXe0KnKpU4teXEH2RpCdEbLiGHnfgSyPwfLPIfkzsvhiDWlysGGVhuTVNL2UI8h4BCUGoNZBMfmkgyJ2UGQOEn7m0sZS7HmtOIrr9XbIGKvXGWu0m7zB62E79lCwib0B8mwApgZgZg%2BZ2cOOHMAUP8FuV7Dcgc3HxPloD11eoRQEpSUoKUEpCcqcoOxWh1zZwFYPubJF5M96MOv1aqjzzj491HlHpATUDPazc3Jlupu%2Fmxo74swNgpDykPphFEZ%2Bg%2FmtoBnHLa8hWLMVCNqElRWkvTSN25enr2bI5OlLryOix7DqGExeAS3eAC2HrcAD3R6GbQ%2F99AkXmbYyj6UStsZ0Aq4rZPkC8l1nX52T16Y%2B3v%2FhYwh2cuOr%2Fh%2B3Hl%2F9DMxUyEyFT%2BXPBB31YHhbl%2BTgti4tebqR5TKRfTq5vzs5zcXlbz8Qu6U2fPWmHXzzDpsIE%2FjorrD5Gk25TDuWfLcsORdmRRsmyI%2BrdktEm4XdXi5MWmRrm%2B%2BurCaZEdZKnY5A5ZiQ59%2BDyTF5%2Bbmdvs1r9%2F6ENCOYokJSnJBZQepjsGwPNpvPrCYwas6jzEFZVEMTRPOhkgRKzDmNKth%2F8WiO9%2B0DdIwDmt9HmlTomgpdVYGqAWxxeZhn5uTGr%2FVpIVLOMFLGOYiUUV9eLNfKM7fhh6IdtVuM80gw7reCervueQHnYWtJ%2BEvI7Viknzz7BwAA%2F%2F8BAAD%2F%2FztkKlZzBAAA
173.233.139.164200 OK 7 B URL GET HTTP/1.1 marbleapplicationsblushing.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3s3v9NPD6l4EhT6uIJPunp4%2FcQ%2BLcc0ajEncP%2BSgl%2Bqq6kmZ6q6mqnt6Ml6CC7LHETx47LxJNqjLsutREGTiRQILGQ%2BSgwHxvhdlzzKTgdEPur%2F3vleH976qL%2FaLc%2BKjoGebH%2Bq%2BVIouNmqee21LplyX1l2%2F6%2Fpezbvubsm0GV53e5Of6b7te42a96Z7S7AdvRh4vuf5nu%2BuSCNi3VucqpDZoyW%2FtuTVwqDmN0L0zH%2B5LRxY6oB3z8krkHz8v%2B1fnkKyEdLkyU1hd3KdvfVeUiiaa4MuP7qX7qS6TJHMYWwcxOnR7DS0HRPy9SXo9GiWALp7MEmASI6J85uPKD2a2UTUPbxwGimIFBH%2FP8ruCEKNIOkITN%2BH5KcEYBzrG0iTh%2BvalHT3QqUTdUwWXvwFWY7Jwu9XkSaPl5XsuXe0KnKpU4teXEH2RpCdEbLiGHnfgSyPwfLPIfkzsvhiDWlysGGVhuTVNL2UI8h4BCUGoNZBMfmkgyJ2UGQOEn7m0sZS7HmtOIrr9XbIGKvXGWu0m7zB62E79lCwib0B8mwApgZgZg%2BZ2cOOHMAUP8FuV7Dcgc3HxPloD11eoRQEpSUoKUEpCcqcoOxWh1zZwFYPubJF5M96MOv1aqjzzj491HlHpATUDPazc3Jlupu%2Fmxo74swNgpDykPphFEZ%2Bg%2FmtoBnHLa8hWLMVCNqElRWkvTSN25enr2bI5OlLryOix7DqGExeAS3eAC2HrcAD3R6GbQ%2F99AkXmbYyj6UStsZ0Aq4rZPkC8l1nX52T16Y%2B3v%2FhYwh2cuOr%2Fh%2B3Hl%2F9DMxUyEyFT%2BXPBB31YHhbl%2BTgti4tebqR5TKRfTq5vzs5zcXlbz8Qu6U2fPWmHXzzDpsIE%2FjorrD5Gk25TDuWfLcsORdmRRsmyI%2BrdktEm4XdXi5MWmRrm%2B%2BurCaZEdZKnY5A5ZiQ59%2BDyTF5%2Bbmdvs1r9%2F6ENCOYokJSnJBZQepjsGwPNpvPrCYwas6jzEFZVEMTRPOhkgRKzDmNKth%2F8WiO9%2B0DdIwDmt9HmlTomgpdVYGqAWxxeZhn5uTGr%2FVpIVLOMFLGOYiUUV9eLNfKM7fhh6IdtVuM80gw7reCervueQHnYWtJ%2BEvI7Viknzz7BwAA%2F%2F8BAAD%2F%2FztkKlZzBAAA
IP 173.233.139.164:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectmarbleapplicationsblushing.com
FingerprintE2:63:34:5D:24:6D:4F:CA:3F:15:91:D6:52:D6:ED:69:F9:28:84:7E
ValidityTue, 28 Nov 2023 10:36:41 GMT - Mon, 26 Feb 2024 10:36:40 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3s3v9NPD6l4EhT6uIJPunp4%2FcQ%2BLcc0ajEncP%2BSgl%2Bqq6kmZ6q6mqnt6Ml6CC7LHETx47LxJNqjLsutREGTiRQILGQ%2BSgwHxvhdlzzKTgdEPur%2F3vleH976qL%2FaLc%2BKjoGebH%2Bq%2BVIouNmqee21LplyX1l2%2F6%2Fpezbvubsm0GV53e5Of6b7te42a96Z7S7AdvRh4vuf5nu%2BuSCNi3VucqpDZoyW%2FtuTVwqDmN0L0zH%2B5LRxY6oB3z8krkHz8v%2B1fnkKyEdLkyU1hd3KdvfVeUiiaa4MuP7qX7qS6TJHMYWwcxOnR7DS0HRPy9SXo9GiWALp7MEmASI6J85uPKD2a2UTUPbxwGimIFBH%2FP8ruCEKNIOkITN%2BH5KcEYBzrG0iTh%2BvalHT3QqUTdUwWXvwFWY7Jwu9XkSaPl5XsuXe0KnKpU4teXEH2RpCdEbLiGHnfgSyPwfLPIfkzsvhiDWlysGGVhuTVNL2UI8h4BCUGoNZBMfmkgyJ2UGQOEn7m0sZS7HmtOIrr9XbIGKvXGWu0m7zB62E79lCwib0B8mwApgZgZg%2BZ2cOOHMAUP8FuV7Dcgc3HxPloD11eoRQEpSUoKUEpCcqcoOxWh1zZwFYPubJF5M96MOv1aqjzzj491HlHpATUDPazc3Jlupu%2Fmxo74swNgpDykPphFEZ%2Bg%2FmtoBnHLa8hWLMVCNqElRWkvTSN25enr2bI5OlLryOix7DqGExeAS3eAC2HrcAD3R6GbQ%2F99AkXmbYyj6UStsZ0Aq4rZPkC8l1nX52T16Y%2B3v%2FhYwh2cuOr%2Fh%2B3Hl%2F9DMxUyEyFT%2BXPBB31YHhbl%2BTgti4tebqR5TKRfTq5vzs5zcXlbz8Qu6U2fPWmHXzzDpsIE%2FjorrD5Gk25TDuWfLcsORdmRRsmyI%2BrdktEm4XdXi5MWmRrm%2B%2BurCaZEdZKnY5A5ZiQ59%2BDyTF5%2Bbmdvs1r9%2F6ENCOYokJSnJBZQepjsGwPNpvPrCYwas6jzEFZVEMTRPOhkgRKzDmNKth%2F8WiO9%2B0DdIwDmt9HmlTomgpdVYGqAWxxeZhn5uTGr%2FVpIVLOMFLGOYiUUV9eLNfKM7fhh6IdtVuM80gw7reCervueQHnYWtJ%2BEvI7Viknzz7BwAA%2F%2F8BAAD%2F%2FztkKlZzBAAA HTTP/1.1
Host: marbleapplicationsblushing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:12:16 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3505b09838570737510789baf3d33171
Strict-Transport-Security: max-age=0; includeSubdomains
marbleapplicationsblushing.com/pixel/sbs?c=1
173.233.139.164200 OK 0 B URL GET HTTP/1.1 marbleapplicationsblushing.com/pixel/sbs?c=1
IP 173.233.139.164:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectmarbleapplicationsblushing.com
FingerprintE2:63:34:5D:24:6D:4F:CA:3F:15:91:D6:52:D6:ED:69:F9:28:84:7E
ValidityTue, 28 Nov 2023 10:36:41 GMT - Mon, 26 Feb 2024 10:36:40 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: marbleapplicationsblushing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:12:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
storage.multstorage.com/log/count.html
104.21.30.242200 OK 882 B URL GET HTTP/2 storage.multstorage.com/log/count.html
IP 104.21.30.242:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint1F:90:8C:BB:6B:B0:99:41:3A:23:DF:A4:57:1A:25:0F:88:BA:C6:DE
ValidityMon, 20 Nov 2023 10:07:51 GMT - Sun, 18 Feb 2024 10:07:50 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (919), with no line terminators
Hash 053b1fe641da8057571d40ebaf1624ab
09b2648b7d08c84621298f0b939cea5170a65022
6606334874a3edb8295831f41d3684433e4553ffe0a72e58c90926e00f39c6a4
GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:12:15 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: c05233b7c634c8389000edcaf7ce735f
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NBL2uXCS2KDBswh%2B%2FveTBt3iopmskOcolla00LJDY4go%2Byz7uYQvO1oUcN3KKK5HWtdQfQc%2BOgF4IfdUNAHh5%2FjlDWJejB2Ih1bdJLHELWmyS7hB5TbXgy07NMPt1Q4gNVjjrO8dlsm94A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bbadfe13b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.depositfiles.com/css/main.css
91.226.124.106200 OK 194 kB URL GET HTTP/2 static.depositfiles.com/css/main.css
IP 91.226.124.106:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
FingerprintCC:58:6C:73:8E:64:B8:52:23:86:28:DD:7F:A1:B4:56:B5:95:D2:EF
ValiditySun, 05 Nov 2023 13:35:24 GMT - Sat, 03 Feb 2024 13:35:23 GMT
Size 194 kB (194436 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /css/main.css HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=300
content-encoding: gzip
content-type: text/css
date: Mon, 04 Dec 2023 23:12:12 GMT
etag: W/"6545effd-2f784"
expires: Mon, 04 Dec 2023 23:17:12 GMT
last-modified: Sat, 04 Nov 2023 07:17:17 GMT
server: nginx
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js
172.64.109.10200 OK 958 B URL GET HTTP/3 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js
IP 172.64.109.10:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type ASCII text, with very long lines (1009), with no line terminators
Hash 04835fd7dd7f8cfbad901bee8cff2170
38e9ed1e93f8f0beba9447a99afe3995e63b6f3e
be63bbd38c66ca9a9ee1c8abfed042fd5fc090c40b91ad561e922744ece47c41
GET /sb/ssp/vpn/classic-push/big1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:12:15 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-3be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 578871
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qTgpjlMiZuQD2A%2FnV8iapY%2B4A5LhnsnG61UHhl6TkePa6DSXeHZbCx9rvgXCUl01eG8FE3%2BlJG7ZKbKZUK9ebLLiyi8WbHDozyD0Pxbqpjcgm4EFlFPQXWvt5q5tAk2vGCmtEsDs%2FinL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bbb2398263cd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
js.wpadmngr.com/static/adManager.m.js
45.133.44.52200 OK 166 kB URL GET HTTP/2 js.wpadmngr.com/static/adManager.m.js
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectjs.wpadmngr.com
FingerprintAC:C2:DC:B6:95:8A:52:42:68:CB:0F:19:3F:56:A9:E9:1F:E6:04:8C
ValiditySun, 12 Nov 2023 03:01:15 GMT - Sat, 10 Feb 2024 03:01:14 GMT
Size 166 kB (165885 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/adManager.m.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:12:13 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 04 Dec 2023 11:23:10 GMT
etag: W/"656db69e-287fd"
content-encoding: gzip
expires: Mon, 04 Dec 2023 23:17:13 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js
142.250.74.132200 OK 850 B URL GET HTTP/2 www.google.com/recaptcha/api.js
IP 142.250.74.132:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT
File type ASCII text, with very long lines (850), with no line terminators
Hash 57e10dcd72dd2953878092014eae522b
95ba7e48825c26c5d9395ef2edb73e790bce6fa7
c7b54326365940d062bce26ed41579eebcb4946a86ba280790b603926692bd59
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Mon, 04 Dec 2023 23:12:12 GMT
date: Mon, 04 Dec 2023 23:12:12 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.106200 OK 1.5 kB URL GET HTTP/2 adsbb.dfiles.eu/upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.106:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectdfiles.eu
FingerprintCC:57:A8:99:82:65:9E:AE:6B:7C:68:C0:CE:7C:F7:6F:A8:6B:23:E0
ValiditySun, 05 Nov 2023 13:34:41 GMT - Sat, 03 Feb 2024 13:34:40 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1534), with no line terminators
Hash 59c71f6549136341843ab9936281384f
365aab4a705c92542ee4ec90265ecb8c07f246f8
c9dc140fd850913036c4fc49fad62c567db06628e4a207dd61cfd0ff889d77bd
GET /upload/2112/ad27582685f5c72c.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: last_file=y0nf06jdd; lang_current=en; _ga_BL9163LYG1=GS1.1.1701731538.1.0.1701731538.0.0.0; _ga=GA1.1.1135501640.1701731538; _nf58=1; _nf56=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
content-security-policy: frame-ancestors depositfiles.com depositfiles.org dfiles.eu dfiles.com
content-type: text/html
date: Mon, 04 Dec 2023 23:12:13 GMT
last-modified: Mon, 04 Dec 2023 23:10:01 GMT
server: nginx
X-Firefox-Spdy: h2
static.depositfiles.com/images/sprite64.png
91.226.124.106200 OK 29 kB URL GET HTTP/2 static.depositfiles.com/images/sprite64.png
IP 91.226.124.106:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
FingerprintCC:58:6C:73:8E:64:B8:52:23:86:28:DD:7F:A1:B4:56:B5:95:D2:EF
ValiditySun, 05 Nov 2023 13:35:24 GMT - Sat, 03 Feb 2024 13:35:23 GMT
File type PNG image data, 64 x 1088, 8-bit/color RGBA, non-interlaced\012- data
Hash e50649ecf6a2094c25da755ea0ea7bd1
e1c3e229a62f049442fa16cf43ec07f384b27362
a9ed59ab3bbcfdf66224664aeb14fa0f0e8f034d8472a58dadcf65cfff17685d
GET /images/sprite64.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
date: Mon, 04 Dec 2023 23:12:13 GMT
etag: "651c240d-704b"
last-modified: Tue, 03 Oct 2023 14:24:13 GMT
server: nginx
content-length: 28747
X-Firefox-Spdy: h2
marbleapplicationsblushing.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
173.233.139.164200 OK 5.8 kB URL GET HTTP/1.1 marbleapplicationsblushing.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
IP 173.233.139.164:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectmarbleapplicationsblushing.com
FingerprintE2:63:34:5D:24:6D:4F:CA:3F:15:91:D6:52:D6:ED:69:F9:28:84:7E
ValidityTue, 28 Nov 2023 10:36:41 GMT - Mon, 26 Feb 2024 10:36:40 GMT
File type ASCII text, with very long lines (5908), with no line terminators
Hash 88f0445160900e36fe8599cdd2a67506
581279c26c2dba2bd1389466e429dc27f097b1ed
e18f4d19bd8bd22388b91bd1808ebb8a1b0a5144e2d9cb47fdc6759c371c735d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6 HTTP/1.1
Host: marbleapplicationsblushing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:12:14 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dfiles.eu
Access-Control-Allow-Origin: https://dfiles.eu
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16004719; expires=Tue, 05 Dec 2023 23:12:14 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 05 Dec 2023 23:12:14 GMT; secure; SameSite=None
uncs=1; expires=Tue, 05 Dec 2023 23:12:14 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 05 Dec 2023 23:12:14 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 05 Dec 2023 23:12:14 GMT; secure; SameSite=None
slec224ad4a14b4b15c1726ff705ec672ea6=[4766299]; expires=Mon, 04 Dec 2023 23:12:19 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1ee00da4ea1cdfbec38d85fc970d1412
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.106200 OK 1.5 kB URL GET HTTP/2 adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.106:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerLet's Encrypt
Subjectdfiles.eu
FingerprintCC:57:A8:99:82:65:9E:AE:6B:7C:68:C0:CE:7C:F7:6F:A8:6B:23:E0
ValiditySun, 05 Nov 2023 13:34:41 GMT - Sat, 03 Feb 2024 13:34:40 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1549), with no line terminators
Hash 6450461ccdff322fbc11fe8051e01007
424ff181ef642c68361c89791eff37d93214639c
b767b9b7b42f2af10f5c655ec2cf2bb970f21c264c5a0ec73eb462ffccad30d9
GET /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: last_file=y0nf06jdd; lang_current=en; _ga_BL9163LYG1=GS1.1.1701731538.1.0.1701731538.0.0.0; _ga=GA1.1.1135501640.1701731538; _nf58=1; _nf56=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
content-security-policy: frame-ancestors depositfiles.com depositfiles.org dfiles.eu dfiles.com
content-type: text/html
date: Mon, 04 Dec 2023 23:12:13 GMT
last-modified: Mon, 04 Dec 2023 23:10:01 GMT
server: nginx
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.42200 OK 6.8 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.42:443
Requested by https://dfiles.eu/files/y0nf06jdd/COD-G_update-2.exe
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (7013), with no line terminators
Hash 49475c425d6c00477bb339179326c49b
bd97deeb753f44f43a21feafa92d98239fa511bd
598841a98ad357d2896d2f093ea3e4e1d44e24b3351268ffd45e61ff8c1d0e09
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 23:12:15 GMT
date: Mon, 04 Dec 2023 23:12:15 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2