88019645c39dbd895dbdf510bf553b841859537a173df4c1bd8dc5e154cc267a

Analysis

max time kernel
269s
max time network
263s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02/06/2024, 19:23 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

orthodox.exe
Size

1.8MB
MD5

15c7b84efb6e1185cbb8f68898b3d2cf
SHA1

153b7ec96bf2997205c28de525de658dddc49232
SHA256

88019645c39dbd895dbdf510bf553b841859537a173df4c1bd8dc5e154cc267a
SHA512

3429192e7bbf5e0ce657eef59551652081c64485a3eadaf9d9ac810184334b8ea0a128f150778c1e4f9605c4df8e14763c7a26233f83d90f4dfae816f590655a
SSDEEP

49152:1cmEHl5+VvoeFMIpRnCsOTVE6iBunMODY:OmuIoeFLiTIODY

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2748	winrar-x64-701.exe
5028	orthodox.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618298603946837"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
2792	chrome.exe
2792	chrome.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
2980	chrome.exe
2980	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3600	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
2748	winrar-x64-701.exe
2748	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 4976	2792	chrome.exe	79
PID 2792 wrote to memory of 4976	2792	chrome.exe	79
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 3792	2792	chrome.exe	82
PID 2792 wrote to memory of 3792	2792	chrome.exe	82
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83

C:\Users\Admin\AppData\Local\Temp\orthodox.exe
"C:\Users\Admin\AppData\Local\Temp\orthodox.exe"
1⤵
PID:3400

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9d0fc9758,0x7ff9d0fc9768,0x7ff9d0fc9778
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:2
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4812 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4884 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2228 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2972 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3232 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6036 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6140 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5716 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5156 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3392 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6196 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6284 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3392 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6640 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6704 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4016 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:992
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2276 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6304 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3008 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4608 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6772 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6328 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3008 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:2148

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4688

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3600
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\orthodox.rar"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1872
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:2164
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=879D474BAFBF5A2BB12932FA4A556D24 --mojo-platform-channel-handle=1620 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3472
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=11FD296FA3B02678E6E5AD0E79131605 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=11FD296FA3B02678E6E5AD0E79131605 --renderer-client-id=2 --mojo-platform-channel-handle=1612 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:984

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\cf82bbe003d64bb5b7d248a997a14a07 /t 2220 /p 2748
1⤵
PID:4980

C:\Users\Admin\Downloads\orthodox.exe
"C:\Users\Admin\Downloads\orthodox.exe"
1⤵
- Executes dropped EXE
PID:5028

Network

DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: COiBywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

142.250.187.196:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

apis.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.200.14
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.JHoMBbBABZg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_6Zf8M75AJqSyaaLg_vD7Vr9kevQ/cb=gapi.loaded_0

chrome.exe

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.JHoMBbBABZg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_6Zf8M75AJqSyaaLg_vD7Vr9kevQ/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

3.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR

Response

3.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f31e100net
DNS

195.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.212.58.216.in-addr.arpa

IN PTR

Response

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f1951e100net

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f3�J

195.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f3�J
DNS

196.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.187.250.142.in-addr.arpa

IN PTR

Response

196.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f41e100net
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.238
POST

https://play.google.com/log?format=json&hasfast=true

chrome.exe

Remote address:

142.250.179.238:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 905
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
origin: chrome-untrusted://new-tab-page
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.187.238
GET

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D59%2526e%253D1

chrome.exe

Remote address:

142.250.187.238:443

Request

GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D59%2526e%253D1 HTTP/2.0
host: clients2.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=514=nK-6axhdqCfTxrIZYeZl4jwRn9JIzAcFzXwpjxqdB2wDs7o-7BH__AFI5hlz9IGFQ_ao6um1yCyfT6LItpCb81NU5K25e2EFvWbX9KDozcboixQFSR9lEjj4n8gCZ_vX3ByyE2qIu4TaGpp6v39Xg7y25UWzv82hjqG1SdyPLEM
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

238.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.187.250.142.in-addr.arpa

IN PTR

Response

238.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f141e100net
DNS

gofile.io

chrome.exe

Remote address:

8.8.8.8:53

Request

gofile.io

IN A

Response

gofile.io

IN A

51.38.43.18

gofile.io

IN A

151.80.29.83

gofile.io

IN A

51.178.66.33
GET

https://gofile.io/d/D2SDUS

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /d/D2SDUS HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: text/html; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Thu, 25 Jan 2024 10:59:02 GMT
etag: W/"278f-18d4045f1d9"
content-encoding: gzip
GET

https://gofile.io/dist/css/bootstrap.min.css

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/bootstrap.min.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"2fbaa-1857d39aa87"
content-encoding: gzip
GET

https://gofile.io/dist/css/bootstrap-icons.css

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/bootstrap-icons.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"17579-1857d39aa87"
content-encoding: gzip
GET

https://gofile.io/dist/css/bootstrap-nightfall.css

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/bootstrap-nightfall.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"c869-1857d39aa87"
content-encoding: gzip
GET

https://gofile.io/dist/css/plyr.css

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/plyr.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Sun, 08 Jan 2023 19:47:36 GMT
etag: W/"85ae-18592ec961b"
content-encoding: gzip
GET

https://gofile.io/dist/css/allcss.css

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/allcss.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Fri, 26 Jan 2024 00:18:13 GMT
etag: W/"758-18d43219e7e"
content-encoding: gzip
GET

https://gofile.io/dist/js/bootstrap.bundle.min.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/bootstrap.bundle.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"13a49-1857d39aa87"
content-encoding: gzip
GET

https://gofile.io/dist/js/sha256.min.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/sha256.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"2339-1857d39aa8b"
content-encoding: gzip
GET

https://gofile.io/dist/js/qrcode.min.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/qrcode.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"4dda-1857d39aa8b"
content-encoding: gzip
GET

https://gofile.io/dist/js/dayjs.min.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/dayjs.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"1a0e-1857d39aa8b"
content-encoding: gzip
GET

https://gofile.io/dist/js/customParseFormat.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/customParseFormat.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"ea2-1857d39aa8b"
content-encoding: gzip
GET

https://gofile.io/dist/js/marked.min.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/marked.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"aca2-1857d39aa8b"
content-encoding: gzip
GET

https://gofile.io/dist/js/plyr.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/plyr.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Sun, 08 Jan 2023 19:47:36 GMT
etag: W/"1b1b2-18592ec961b"
content-encoding: gzip
GET

https://gofile.io/dist/js/chart.umd.min.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/chart.umd.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 08 Mar 2023 18:58:17 GMT
etag: W/"3094c-186c296a29e"
content-encoding: gzip
GET

https://gofile.io/dist/js/alljs.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/alljs.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Sun, 02 Jun 2024 12:41:19 GMT
etag: W/"37635-18fd8f7f2f4"
content-encoding: gzip
GET

https://gofile.io/dist/img/logo-small-70.png

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/img/logo-small-70.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: image/png
content-length: 2367
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"93f-1857d39aa87"
GET

https://gofile.io/dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47 HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://gofile.io
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: font/woff2
content-length: 121296
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"1d9d0-1857d39aa87"
GET

https://gofile.io/dist/img/favicon96.png

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/img/favicon96.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: image/png
content-length: 2886
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"b46-1857d39aa87"
GET

https://gofile.io/dist/img/favicon32.png

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/img/favicon32.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: image/png
content-length: 903
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"387-1857d39aa87"
GET

https://gofile.io/dist/img/favicon16.png

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/img/favicon16.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: image/png
content-length: 503
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"1f7-1857d39aa87"
GET

https://gofile.io/contents/files.html

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /contents/files.html HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:17 GMT
content-type: text/html; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 13 Mar 2024 02:44:34 GMT
etag: W/"4c46-18e35b27e9a"
content-encoding: gzip
DNS

api.gofile.io

chrome.exe

Remote address:

8.8.8.8:53

Request

api.gofile.io

IN A

Response

api.gofile.io

IN A

51.38.43.18

api.gofile.io

IN A

51.178.66.33

api.gofile.io

IN A

151.80.29.83
POST

https://api.gofile.io/accounts

chrome.exe

Remote address:

51.38.43.18:443

Request

POST /accounts HTTP/2.0
host: api.gofile.io
content-length: 2
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:16 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"6f-jAqwOnTrEphTwHZ3k9R+1Aijak8"
content-encoding: gzip
OPTIONS

https://api.gofile.io/accounts/43429efa-cb9b-4ec4-a78c-06586b0e3b3b

chrome.exe

Remote address:

51.38.43.18:443

Request

OPTIONS /accounts/43429efa-cb9b-4ec4-a78c-06586b0e3b3b HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:17 GMT
content-type: text/html; charset=utf-8
content-length: 8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
allow: GET,HEAD
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
GET

https://api.gofile.io/accounts/43429efa-cb9b-4ec4-a78c-06586b0e3b3b

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /accounts/43429efa-cb9b-4ec4-a78c-06586b0e3b3b HTTP/2.0
host: api.gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
authorization: Bearer 59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:17 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"111-pQ4nRa+stti9GNcSSQnAckDIPtQ"
content-encoding: gzip
OPTIONS

https://api.gofile.io/contents/D2SDUS?wt=4fd6sg89d7s6

chrome.exe

Remote address:

51.38.43.18:443

Request

OPTIONS /contents/D2SDUS?wt=4fd6sg89d7s6 HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:17 GMT
content-type: text/html; charset=utf-8
content-length: 15
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
allow: GET,HEAD,DELETE
etag: W/"f-vwvPzyVoI/ffOSHTCooZCn+JbCg"
GET

https://api.gofile.io/contents/D2SDUS?wt=4fd6sg89d7s6

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /contents/D2SDUS?wt=4fd6sg89d7s6 HTTP/2.0
host: api.gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
authorization: Bearer 59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:25:17 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"289-UkSGVVJvILk2pZstKOJL91E1MmI"
content-encoding: gzip
DNS

18.43.38.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.43.38.51.in-addr.arpa

IN PTR

Response

18.43.38.51.in-addr.arpa

IN PTR

ns3120834ip-51-38-43eu
DNS

s.gofile.io

chrome.exe

Remote address:

8.8.8.8:53

Request

s.gofile.io

IN A

Response

s.gofile.io

IN A

51.75.242.210
GET

https://s.gofile.io/js/script.js

chrome.exe

Remote address:

51.75.242.210:443

Request

GET /js/script.js HTTP/2.0
host: s.gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/2.0 200

access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
content-type: application/javascript
cross-origin-resource-policy: cross-origin
date: Sun, 02 Jun 2024 19:25:17 GMT
server: Cowboy
x-content-type-options: nosniff
content-length: 1346
DNS

ad.a-ads.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ad.a-ads.com

IN A

Response

ad.a-ads.com

IN A

148.251.152.47
POST

https://s.gofile.io/api/event

chrome.exe

Remote address:

51.75.242.210:443

Request

POST /api/event HTTP/2.0
host: s.gofile.io
content-length: 74
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 202

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
content-type: text/plain; charset=utf-8
date: Sun, 02 Jun 2024 19:25:17 GMT
server: Cowboy
x-request-id: F9VGeNV4lkNnaGDY0kpE
content-length: 2
POST

https://s.gofile.io/api/event

chrome.exe

Remote address:

51.75.242.210:443

Request

POST /api/event HTTP/2.0
host: s.gofile.io
content-length: 74
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 202

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
content-type: text/plain; charset=utf-8
date: Sun, 02 Jun 2024 19:27:02 GMT
server: Cowboy
x-request-id: F9VGkSyZtPgHu51VzIsD
content-length: 2
GET

https://ad.a-ads.com/2059298?size=300x250

chrome.exe

Remote address:

148.251.152.47:443

Request

GET /2059298?size=300x250 HTTP/2.0
host: ad.a-ads.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 02 Jun 2024 19:25:18 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
vary: Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://gofile.io/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

216.58.213.10

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

172.217.169.74

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

172.217.16.234
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAmYyA9JLGj4_xIFDRVSgeI=?alt=proto

chrome.exe

Remote address:

142.250.200.10:443

Request

GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAmYyA9JLGj4_xIFDRVSgeI=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: COiBywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

210.242.75.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.242.75.51.in-addr.arpa

IN PTR

Response

210.242.75.51.in-addr.arpa

IN PTR

mailgofileio
DNS

47.152.251.148.in-addr.arpa

Remote address:

8.8.8.8:53

Request

47.152.251.148.in-addr.arpa

IN PTR

Response

47.152.251.148.in-addr.arpa

IN PTR

static47152251148clientsyour-serverde
DNS

10.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.200.250.142.in-addr.arpa

IN PTR

Response

10.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f101e100net
DNS

101.58.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.58.20.217.in-addr.arpa

IN PTR

Response
DNS

static.a-ads.com

chrome.exe

Remote address:

8.8.8.8:53

Request

static.a-ads.com

IN A

Response

static.a-ads.com

IN CNAME

ad.a-ads.com

ad.a-ads.com

IN A

148.251.194.214
GET

https://static.a-ads.com/a-ads-banners/511866/300x250?region=eu-central-1

chrome.exe

Remote address:

148.251.194.214:443

Request

GET /a-ads-banners/511866/300x250?region=eu-central-1 HTTP/2.0
host: static.a-ads.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ad.a-ads.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 02 Jun 2024 19:25:18 GMT
content-type: image/gif
content-length: 154542
x-amz-id-2: jVJmQ7JTIjPyg20zkq53grzzSlOXGMmrqLRHBhMZfNX+FfKeXRy9KlxDllS3XlU5YMGGDYMsOkMwYMhZVzQwFg==
x-amz-request-id: 77ZCKH39ZE184WNT
x-amz-replication-status: COMPLETED
last-modified: Wed, 08 May 2024 02:44:14 GMT
etag: "ad9f09cbfeca5c982db924f6421e0bc3"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: 5OGsD1cG6yZeKbFkG.aLnVOSM9gAh9he
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
DNS

202.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.187.250.142.in-addr.arpa

IN PTR

Response

202.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f101e100net
DNS

99.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.201.58.216.in-addr.arpa

IN PTR

Response

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f31e100net

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f99�G

99.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f3�G
DNS

214.194.251.148.in-addr.arpa

Remote address:

8.8.8.8:53

Request

214.194.251.148.in-addr.arpa

IN PTR

Response

214.194.251.148.in-addr.arpa

IN PTR

static214194251148clientsyour-serverde
DNS

store1.gofile.io

chrome.exe

Remote address:

8.8.8.8:53

Request

store1.gofile.io

IN A

Response

store1.gofile.io

IN A

45.112.123.227
GET

https://store1.gofile.io/download/web/16e5a3e2-43be-41f2-82dd-44c2161ad442/orthodox.rar

chrome.exe

Remote address:

45.112.123.227:443

Request

GET /download/web/16e5a3e2-43be-41f2-82dd-44c2161ad442/orthodox.rar HTTP/1.1
Host: store1.gofile.io
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://gofile.io/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/1.1 200 OK

Server: nginx/1.25.4
Date: Sun, 02 Jun 2024 19:25:19 GMT
Content-Type: application/vnd.rar
Content-Length: 793462
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range
Content-Disposition: attachment; filename="orthodox.rar"
Last-Modified: Sun, 02 Jun 2024 19:08:11 GMT
DNS

227.123.112.45.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.123.112.45.in-addr.arpa

IN PTR

Response
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

192.178.49.195
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.49.195:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 269
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.49.195:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 336
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.49.195:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 1010
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

195.49.178.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.49.178.192.in-addr.arpa

IN PTR

Response

195.49.178.192.in-addr.arpa

IN PTR

phx19s06-in-f31e100net
DNS

id.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

id.google.com

IN A

Response

id.google.com

IN A

216.58.213.3
GET

https://id.google.com/verify/ABDN9YfrWzn3vuoE9y5Dk_R7xY3qpkYR_OEcfPGHkbnpEXx67d9GPOcmQCT_82n_hq5f4LvFkRKGb-eWIE7UF-MaQ3741lAI4QiwZ8HxnXoVwx4auA

chrome.exe

Remote address:

216.58.213.3:443

Request

GET /verify/ABDN9YfrWzn3vuoE9y5Dk_R7xY3qpkYR_OEcfPGHkbnpEXx67d9GPOcmQCT_82n_hq5f4LvFkRKGb-eWIE7UF-MaQ3741lAI4QiwZ8HxnXoVwx4auA HTTP/2.0
host: id.google.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: COiBywE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: 1P_JAR=2024-06-02-19
cookie: AEC=AQTF6HyDTgPr1Ty9ajj9A0QQZfuozUcQJo-rIOyMfSV1MUEz2OOXMSvHkg
cookie: NID=514=vM6UAiVnwKSp936Xg9T-mU26pam2_ojkreoJDa0taMcgvRk526Iph8A2y-UzoGI9CywnK4jY-gEH6x83oeN8SMa7wCcjfcHUHLUj-l1IFK2lo0mocttd3yaHoBeQeVsxgOUWgPk8iUIGFx_r4gpn6MsqA82HnZDOV6r1LWmuMaBdeWU0_7jm
DNS

3.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.213.58.216.in-addr.arpa

IN PTR

Response

3.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f31e100net

3.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f3�F
DNS

www.win-rar.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.win-rar.com

IN A

Response

www.win-rar.com

IN A

51.195.68.163
DNS

waa-pa.clients6.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

waa-pa.clients6.google.com

IN A

Response

waa-pa.clients6.google.com

IN A

216.58.212.234
GET

https://www.win-rar.com/download.html?&L=0

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /download.html?&L=0 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-length: 10400
content-type: text/html;charset=utf-8
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/download.html?&L=0

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /download.html?&L=0 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-length: 10400
content-type: text/html;charset=utf-8
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/style.css?1704275748

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/style.css?1704275748 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Wed, 03 Jan 2024 09:55:48 GMT
etag: "1416-60e079e9a0889-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1611
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/images.css?1627980766

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/images.css?1627980766 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Tue, 03 Aug 2021 08:52:46 GMT
etag: "73e-5c8a3cf5032e6-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 401
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/footer.css?1675426476

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/footer.css?1675426476 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Fri, 03 Feb 2023 12:14:36 GMT
etag: "a51-5f3ca9ffe72da-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 688
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/stile_db.css?1645707048

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/stile_db.css?1645707048 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Thu, 24 Feb 2022 12:50:48 GMT
etag: "173-5d8c308091aef-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 210
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/formhandler/jquery-3.5.1.min.js

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/formhandler/jquery-3.5.1.min.js HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Wed, 25 Nov 2020 12:11:05 GMT
etag: "15d84-5b4ed5257a59a-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 30910
content-type: application/javascript
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/logo-winrar.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/logo-winrar.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Mon, 20 Dec 2021 11:56:51 GMT
etag: "1b0b-5d392958c6c4a"
accept-ranges: bytes
content-length: 6923
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/awards/stars-45.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/awards/stars-45.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Thu, 07 Jul 2022 13:01:50 GMT
etag: "97a-5e336b0604b0e"
accept-ranges: bytes
content-length: 2426
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/icons/fb.svg

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/icons/fb.svg HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Tue, 05 Oct 2021 09:06:04 GMT
etag: "31d-5cd9756de4101"
accept-ranges: bytes
content-length: 797
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/icons/tw.svg

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/icons/tw.svg HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Wed, 13 Mar 2024 13:17:27 GMT
etag: "186-6138a989b8250"
accept-ranges: bytes
content-length: 390
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/icons/yt.svg

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/icons/yt.svg HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Tue, 05 Oct 2021 09:06:04 GMT
etag: "254-5cd9756de8f21"
accept-ranges: bytes
content-length: 596
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/formhandler/ckrule.js

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/formhandler/ckrule.js HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Mon, 06 Sep 2021 08:31:34 GMT
etag: "3d5f-5cb4f7a1525c0-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4056
content-type: application/javascript
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/formhandler/apphelp-min.js

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/formhandler/apphelp-min.js HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Tue, 23 Aug 2022 07:37:00 GMT
etag: "3212-5e6e3a134d14b-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2980
content-type: application/javascript
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/style-mx.css?1704277066

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/style-mx.css?1704277066 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Wed, 03 Jan 2024 10:17:46 GMT
etag: "404-60e07ed288df7-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 436
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/footer-mx.css?1661158051

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/footer-mx.css?1661158051 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Mon, 22 Aug 2022 08:47:31 GMT
etag: "46f-5e6d07f9a3140-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 356
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/buttons/button_download_blank.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/buttons/button_download_blank.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Thu, 04 Nov 2010 16:33:28 GMT
etag: "6d4-4943cb7b6c600"
accept-ranges: bytes
content-length: 1748
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/common/favicon.ico

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/common/favicon.ico HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:46 GMT
server: Apache
last-modified: Wed, 21 Mar 2018 10:53:34 GMT
etag: "9f6-567ea00a03eba"
accept-ranges: bytes
content-length: 2550
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:47 GMT
content-type: image/vnd.microsoft.icon
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/winrar-versions/winrar/winrar-x64-701.exe

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/winrar-versions/winrar/winrar-x64-701.exe HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:49 GMT
server: Apache
last-modified: Wed, 15 May 2024 07:43:28 GMT
etag: "3c3e58-61879463c588a"
accept-ranges: bytes
content-length: 3948120
cache-control: max-age=5184000
expires: Thu, 01 Aug 2024 19:25:49 GMT
content-type: application/octet-stream
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/helper/winrar-download-chrome.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/helper/winrar-download-chrome.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:51 GMT
server: Apache
last-modified: Wed, 22 Jul 2020 12:17:11 GMT
etag: "828-5ab06b82aedfc"
accept-ranges: bytes
content-length: 2088
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:52 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/helper/user_account_control.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/helper/user_account_control.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:51 GMT
server: Apache
last-modified: Mon, 09 Aug 2021 07:32:13 GMT
etag: "2906-5c91b624a792d"
accept-ranges: bytes
content-length: 10502
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:52 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/help/winrar-installation-step-1.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/help/winrar-installation-step-1.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:51 GMT
server: Apache
last-modified: Mon, 09 Aug 2021 07:32:59 GMT
etag: "ed35-5c91b6500eaab"
accept-ranges: bytes
content-length: 60725
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:52 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/help/winrar-installation-step-2.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/help/winrar-installation-step-2.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:51 GMT
server: Apache
last-modified: Mon, 09 Aug 2021 07:32:59 GMT
etag: "e766-5c91b650115a3"
accept-ranges: bytes
content-length: 59238
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:52 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/help/winrar-installation-step-3.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/help/winrar-installation-step-3.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/download.html?&L=0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 02 Jun 2024 19:25:51 GMT
server: Apache
last-modified: Mon, 09 Aug 2021 07:32:59 GMT
etag: "acec-5c91b65014c53"
accept-ranges: bytes
content-length: 44268
cache-control: max-age=172801
expires: Tue, 04 Jun 2024 19:25:52 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
OPTIONS

https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create

chrome.exe

Remote address:

216.58.212.234:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: waa-pa.clients6.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

2.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.180.250.142.in-addr.arpa

IN PTR

Response

2.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f21e100net
DNS

163.68.195.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.68.195.51.in-addr.arpa

IN PTR

Response

163.68.195.51.in-addr.arpa

IN PTR

wwwwin-rarcom
DNS

234.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.212.58.216.in-addr.arpa

IN PTR

Response

234.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f2341e100net

234.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f10�J

234.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f10�J
DNS

27.178.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

27.178.89.13.in-addr.arpa

IN PTR

Response
DNS

249.197.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

249.197.17.2.in-addr.arpa

IN PTR

Response

249.197.17.2.in-addr.arpa

IN PTR

a2-17-197-249deploystaticakamaitechnologiescom
DNS

25.251.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.251.17.2.in-addr.arpa

IN PTR

Response

25.251.17.2.in-addr.arpa

IN PTR

a2-17-251-25deploystaticakamaitechnologiescom
GET

https://gofile.io/d/K06grj

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /d/K06grj HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
content-type: text/html; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Thu, 25 Jan 2024 10:59:02 GMT
etag: W/"278f-18d4045f1d9"
content-encoding: gzip
GET

https://gofile.io/dist/css/bootstrap.min.css

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/bootstrap.min.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l
if-none-match: W/"2fbaa-1857d39aa87"
if-modified-since: Wed, 04 Jan 2023 14:40:09 GMT

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"2fbaa-1857d39aa87"
GET

https://gofile.io/dist/css/bootstrap-icons.css

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/bootstrap-icons.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l
if-none-match: W/"17579-1857d39aa87"
if-modified-since: Wed, 04 Jan 2023 14:40:09 GMT

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"17579-1857d39aa87"
GET

https://gofile.io/dist/css/bootstrap-nightfall.css

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/bootstrap-nightfall.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l
if-none-match: W/"c869-1857d39aa87"
if-modified-since: Wed, 04 Jan 2023 14:40:09 GMT

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"c869-1857d39aa87"
GET

https://gofile.io/dist/css/plyr.css

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/plyr.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l
if-none-match: W/"85ae-18592ec961b"
if-modified-since: Sun, 08 Jan 2023 19:47:36 GMT

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Sun, 08 Jan 2023 19:47:36 GMT
etag: W/"85ae-18592ec961b"
GET

https://gofile.io/dist/css/allcss.css

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/allcss.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l
if-none-match: W/"758-18d43219e7e"
if-modified-since: Fri, 26 Jan 2024 00:18:13 GMT

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Fri, 26 Jan 2024 00:18:13 GMT
etag: W/"758-18d43219e7e"
GET

https://gofile.io/dist/js/bootstrap.bundle.min.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/bootstrap.bundle.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
if-none-match: W/"13a49-1857d39aa87"
if-modified-since: Wed, 04 Jan 2023 14:40:09 GMT
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"13a49-1857d39aa87"
GET

https://gofile.io/dist/js/sha256.min.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/sha256.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
if-none-match: W/"2339-1857d39aa8b"
if-modified-since: Wed, 04 Jan 2023 14:40:09 GMT
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"2339-1857d39aa8b"
GET

https://gofile.io/dist/js/qrcode.min.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/qrcode.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
if-none-match: W/"4dda-1857d39aa8b"
if-modified-since: Wed, 04 Jan 2023 14:40:09 GMT
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"4dda-1857d39aa8b"
GET

https://gofile.io/dist/js/dayjs.min.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/dayjs.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
if-none-match: W/"1a0e-1857d39aa8b"
if-modified-since: Wed, 04 Jan 2023 14:40:09 GMT
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"1a0e-1857d39aa8b"
GET

https://gofile.io/dist/js/customParseFormat.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/customParseFormat.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
if-none-match: W/"ea2-1857d39aa8b"
if-modified-since: Wed, 04 Jan 2023 14:40:09 GMT
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"ea2-1857d39aa8b"
GET

https://gofile.io/dist/js/marked.min.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/marked.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
if-none-match: W/"aca2-1857d39aa8b"
if-modified-since: Wed, 04 Jan 2023 14:40:09 GMT
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"aca2-1857d39aa8b"
GET

https://gofile.io/dist/js/plyr.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/plyr.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
if-none-match: W/"1b1b2-18592ec961b"
if-modified-since: Sun, 08 Jan 2023 19:47:36 GMT
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Sun, 08 Jan 2023 19:47:36 GMT
etag: W/"1b1b2-18592ec961b"
GET

https://gofile.io/dist/js/chart.umd.min.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/chart.umd.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
if-none-match: W/"3094c-186c296a29e"
if-modified-since: Wed, 08 Mar 2023 18:58:17 GMT
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 08 Mar 2023 18:58:17 GMT
etag: W/"3094c-186c296a29e"
GET

https://gofile.io/dist/js/alljs.js

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/js/alljs.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
if-none-match: W/"37635-18fd8f7f2f4"
if-modified-since: Sun, 02 Jun 2024 12:41:19 GMT
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Sun, 02 Jun 2024 12:41:19 GMT
etag: W/"37635-18fd8f7f2f4"
GET

https://gofile.io/dist/img/logo-small-70.png

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/img/logo-small-70.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
if-none-match: W/"93f-1857d39aa87"
if-modified-since: Wed, 04 Jan 2023 14:40:09 GMT
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"93f-1857d39aa87"
GET

https://gofile.io/dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47 HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://gofile.io
if-none-match: W/"1d9d0-1857d39aa87"
if-modified-since: Wed, 04 Jan 2023 14:40:09 GMT
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:01 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"1d9d0-1857d39aa87"
GET

https://gofile.io/dist/img/favicon96.png

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /dist/img/favicon96.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l
if-none-match: W/"b46-1857d39aa87"
if-modified-since: Wed, 04 Jan 2023 14:40:09 GMT

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:02 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:09 GMT
etag: W/"b46-1857d39aa87"
GET

https://gofile.io/contents/files.html

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /contents/files.html HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l
if-none-match: W/"4c46-18e35b27e9a"
if-modified-since: Wed, 13 Mar 2024 02:44:34 GMT

Response

HTTP/2.0 304

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:02 GMT
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 13 Mar 2024 02:44:34 GMT
etag: W/"4c46-18e35b27e9a"
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

192.178.49.195
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

192.178.49.195
OPTIONS

https://api.gofile.io/accounts/43429efa-cb9b-4ec4-a78c-06586b0e3b3b

chrome.exe

Remote address:

51.38.43.18:443

Request

OPTIONS /accounts/43429efa-cb9b-4ec4-a78c-06586b0e3b3b HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:02 GMT
content-type: text/html; charset=utf-8
content-length: 8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
allow: GET,HEAD
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
GET

https://api.gofile.io/accounts/43429efa-cb9b-4ec4-a78c-06586b0e3b3b

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /accounts/43429efa-cb9b-4ec4-a78c-06586b0e3b3b HTTP/2.0
host: api.gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
authorization: Bearer 59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
if-none-match: W/"111-pQ4nRa+stti9GNcSSQnAckDIPtQ"

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:02 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"12f-EOnzFELxlBnt2YQyf0df+itVgtc"
content-encoding: gzip
OPTIONS

https://api.gofile.io/contents/K06grj?wt=4fd6sg89d7s6

chrome.exe

Remote address:

51.38.43.18:443

Request

OPTIONS /contents/K06grj?wt=4fd6sg89d7s6 HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:02 GMT
content-type: text/html; charset=utf-8
content-length: 15
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
allow: GET,HEAD,DELETE
etag: W/"f-vwvPzyVoI/ffOSHTCooZCn+JbCg"
GET

https://api.gofile.io/contents/K06grj?wt=4fd6sg89d7s6

chrome.exe

Remote address:

51.38.43.18:443

Request

GET /contents/K06grj?wt=4fd6sg89d7s6 HTTP/2.0
host: api.gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
authorization: Bearer 59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sun, 02 Jun 2024 19:27:02 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"285-y1XUACnsl6pBDr5iYn5sQS0KP8M"
content-encoding: gzip
DNS

store9.gofile.io

chrome.exe

Remote address:

8.8.8.8:53

Request

store9.gofile.io

IN A

Response

store9.gofile.io

IN A

206.168.190.239
DNS

store9.gofile.io

chrome.exe

Remote address:

8.8.8.8:53

Request

store9.gofile.io

IN A

Response

store9.gofile.io

IN A

206.168.190.239
GET

https://store9.gofile.io/download/web/c1dc57d8-a323-4539-ba84-3b889f7d77ea/orthodox.exe

chrome.exe

Remote address:

206.168.190.239:443

Request

GET /download/web/c1dc57d8-a323-4539-ba84-3b889f7d77ea/orthodox.exe HTTP/1.1
Host: store9.gofile.io
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://gofile.io/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: accountToken=59AWSdKjS43aTkDeeobq0wdSnMa3Qv5l

Response

HTTP/1.1 200 OK

Server: nginx/1.25.3
Date: Sun, 02 Jun 2024 19:27:05 GMT
Content-Type: application/x-msdos-program
Content-Length: 1844736
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range
Content-Disposition: attachment; filename="orthodox.exe"
Last-Modified: Sun, 02 Jun 2024 19:26:35 GMT
DNS

239.190.168.206.in-addr.arpa

Remote address:

8.8.8.8:53

Request

239.190.168.206.in-addr.arpa

IN PTR

Response
DNS

239.190.168.206.in-addr.arpa

Remote address:

8.8.8.8:53

Request

239.190.168.206.in-addr.arpa

IN PTR

Response
DNS

beacons4.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons4.gvt2.com

IN A

Response

beacons4.gvt2.com

IN A

216.239.32.116
DNS

beacons4.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons4.gvt2.com

IN A

Response

beacons4.gvt2.com

IN A

216.239.32.116
OPTIONS

https://beacons4.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.32.116:443

Request

OPTIONS /domainreliability/upload-nel HTTP/2.0
host: beacons4.gvt2.com
origin: https://beacons.gcp.gvt2.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

116.32.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

116.32.239.216.in-addr.arpa

IN PTR

Response

116.32.239.216.in-addr.arpa

IN PTR

e2agooglecom
DNS

116.32.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

116.32.239.216.in-addr.arpa

IN PTR

Response

116.32.239.216.in-addr.arpa

IN PTR

e2agooglecom

142.250.187.196:443

https://www.google.com/async/newtab_promos

tls, http2

chrome.exe

3.4kB
45.1kB
49
53

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos
142.250.200.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.JHoMBbBABZg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_6Zf8M75AJqSyaaLg_vD7Vr9kevQ/cb=gapi.loaded_0

tls, http2

chrome.exe

3.2kB
50.8kB
43
50

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.JHoMBbBABZg.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_6Zf8M75AJqSyaaLg_vD7Vr9kevQ/cb=gapi.loaded_0
142.250.179.238:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

chrome.exe

3.1kB
9.8kB
22
24

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true
142.250.187.238:443

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D59%2526e%253D1

tls, http2

chrome.exe

2.2kB
10.3kB
20
24

HTTP Request

GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=106.0.5249.119&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D59%2526e%253D1
51.38.43.18:443

gofile.io

tls, http2

chrome.exe

1.2kB
1.1kB
12
11
51.38.43.18:443

gofile.io

tls, http2

chrome.exe

1.2kB
1.1kB
12
11
51.38.43.18:443

https://gofile.io/contents/files.html

tls, http2

chrome.exe

13.7kB
479.0kB
240
380

HTTP Request

GET https://gofile.io/d/D2SDUS

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/css/bootstrap.min.css

HTTP Request

GET https://gofile.io/dist/css/bootstrap-icons.css

HTTP Request

GET https://gofile.io/dist/css/bootstrap-nightfall.css

HTTP Request

GET https://gofile.io/dist/css/plyr.css

HTTP Request

GET https://gofile.io/dist/css/allcss.css

HTTP Request

GET https://gofile.io/dist/js/bootstrap.bundle.min.js

HTTP Request

GET https://gofile.io/dist/js/sha256.min.js

HTTP Request

GET https://gofile.io/dist/js/qrcode.min.js

HTTP Request

GET https://gofile.io/dist/js/dayjs.min.js

HTTP Request

GET https://gofile.io/dist/js/customParseFormat.js

HTTP Request

GET https://gofile.io/dist/js/marked.min.js

HTTP Request

GET https://gofile.io/dist/js/plyr.js

HTTP Request

GET https://gofile.io/dist/js/chart.umd.min.js

HTTP Request

GET https://gofile.io/dist/js/alljs.js

HTTP Request

GET https://gofile.io/dist/img/logo-small-70.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon96.png

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon32.png

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon16.png

HTTP Response

200

HTTP Request

GET https://gofile.io/contents/files.html

HTTP Response

200
51.38.43.18:443

https://api.gofile.io/contents/D2SDUS?wt=4fd6sg89d7s6

tls, http2

chrome.exe

2.5kB
10.6kB
22
30

HTTP Request

POST https://api.gofile.io/accounts

HTTP Response

200

HTTP Request

OPTIONS https://api.gofile.io/accounts/43429efa-cb9b-4ec4-a78c-06586b0e3b3b

HTTP Response

200

HTTP Request

GET https://api.gofile.io/accounts/43429efa-cb9b-4ec4-a78c-06586b0e3b3b

HTTP Response

200

HTTP Request

OPTIONS https://api.gofile.io/contents/D2SDUS?wt=4fd6sg89d7s6

HTTP Response

200

HTTP Request

GET https://api.gofile.io/contents/D2SDUS?wt=4fd6sg89d7s6

HTTP Response

200
51.75.242.210:443

https://s.gofile.io/js/script.js

tls, http2

chrome.exe

2.4kB
6.5kB
20
19

HTTP Request

GET https://s.gofile.io/js/script.js

HTTP Response

200
51.75.242.210:443

https://s.gofile.io/api/event

tls, http2

chrome.exe

2.8kB
5.4kB
22
23

HTTP Request

POST https://s.gofile.io/api/event

HTTP Response

202

HTTP Request

POST https://s.gofile.io/api/event

HTTP Response

202
148.251.152.47:443

https://ad.a-ads.com/2059298?size=300x250

tls, http2

chrome.exe

2.2kB
12.4kB
22
27

HTTP Request

GET https://ad.a-ads.com/2059298?size=300x250

HTTP Response

200
142.250.200.10:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAmYyA9JLGj4_xIFDRVSgeI=?alt=proto

tls, http2

chrome.exe

1.9kB
7.1kB
17
18

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAmYyA9JLGj4_xIFDRVSgeI=?alt=proto
148.251.194.214:443

https://static.a-ads.com/a-ads-banners/511866/300x250?region=eu-central-1

tls, http2

chrome.exe

4.8kB
166.2kB
80
135

HTTP Request

GET https://static.a-ads.com/a-ads-banners/511866/300x250?region=eu-central-1

HTTP Response

200
45.112.123.227:443

store1.gofile.io

tls

chrome.exe

989 B
4.7kB
9
11
45.112.123.227:443

https://store1.gofile.io/download/web/16e5a3e2-43be-41f2-82dd-44c2161ad442/orthodox.rar

tls, http

chrome.exe

15.6kB
826.7kB
309
606

HTTP Request

GET https://store1.gofile.io/download/web/16e5a3e2-43be-41f2-82dd-44c2161ad442/orthodox.rar

HTTP Response

200
192.178.49.195:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

4.2kB
7.8kB
29
30

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
216.58.213.3:443

https://id.google.com/verify/ABDN9YfrWzn3vuoE9y5Dk_R7xY3qpkYR_OEcfPGHkbnpEXx67d9GPOcmQCT_82n_hq5f4LvFkRKGb-eWIE7UF-MaQ3741lAI4QiwZ8HxnXoVwx4auA

tls, http2

chrome.exe

2.2kB
9.4kB
16
19

HTTP Request

GET https://id.google.com/verify/ABDN9YfrWzn3vuoE9y5Dk_R7xY3qpkYR_OEcfPGHkbnpEXx67d9GPOcmQCT_82n_hq5f4LvFkRKGb-eWIE7UF-MaQ3741lAI4QiwZ8HxnXoVwx4auA
51.195.68.163:443

https://www.win-rar.com/fileadmin/images/common/favicon.ico

tls, http2

chrome.exe

6.3kB
94.1kB
78
111

HTTP Request

GET https://www.win-rar.com/download.html?&L=0

HTTP Response

200

HTTP Request

GET https://www.win-rar.com/download.html?&L=0

HTTP Response

200

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/style.css?1704275748

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/images.css?1627980766

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/footer.css?1675426476

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/stile_db.css?1645707048

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/formhandler/jquery-3.5.1.min.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/logo-winrar.png

HTTP Request

GET https://www.win-rar.com/fileadmin/images/awards/stars-45.png

HTTP Request

GET https://www.win-rar.com/fileadmin/images/icons/fb.svg

HTTP Request

GET https://www.win-rar.com/fileadmin/images/icons/tw.svg

HTTP Request

GET https://www.win-rar.com/fileadmin/images/icons/yt.svg

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/formhandler/ckrule.js

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/formhandler/apphelp-min.js

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/style-mx.css?1704277066

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/footer-mx.css?1661158051

HTTP Request

GET https://www.win-rar.com/fileadmin/images/buttons/button_download_blank.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.win-rar.com/fileadmin/images/common/favicon.ico

HTTP Response

200
51.195.68.163:443

https://www.win-rar.com/fileadmin/images/help/winrar-installation-step-3.png

tls, http2

chrome.exe

76.4kB
4.3MB
1616
3081

HTTP Request

GET https://www.win-rar.com/fileadmin/winrar-versions/winrar/winrar-x64-701.exe

HTTP Response

200

HTTP Request

GET https://www.win-rar.com/fileadmin/images/helper/winrar-download-chrome.png

HTTP Request

GET https://www.win-rar.com/fileadmin/images/helper/user_account_control.png

HTTP Request

GET https://www.win-rar.com/fileadmin/images/help/winrar-installation-step-1.png

HTTP Request

GET https://www.win-rar.com/fileadmin/images/help/winrar-installation-step-2.png

HTTP Request

GET https://www.win-rar.com/fileadmin/images/help/winrar-installation-step-3.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
216.58.212.234:443

https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create

tls, http2

chrome.exe

1.9kB
12.3kB
17
21

HTTP Request

OPTIONS https://waa-pa.clients6.google.com/$rpc/google.internal.waa.v1.Waa/Create
51.38.43.18:443

https://gofile.io/contents/files.html

tls, http2

chrome.exe

5.0kB
12.7kB
41
46

HTTP Request

GET https://gofile.io/d/K06grj

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/css/bootstrap.min.css

HTTP Request

GET https://gofile.io/dist/css/bootstrap-icons.css

HTTP Request

GET https://gofile.io/dist/css/bootstrap-nightfall.css

HTTP Request

GET https://gofile.io/dist/css/plyr.css

HTTP Request

GET https://gofile.io/dist/css/allcss.css

HTTP Request

GET https://gofile.io/dist/js/bootstrap.bundle.min.js

HTTP Request

GET https://gofile.io/dist/js/sha256.min.js

HTTP Request

GET https://gofile.io/dist/js/qrcode.min.js

HTTP Request

GET https://gofile.io/dist/js/dayjs.min.js

HTTP Request

GET https://gofile.io/dist/js/customParseFormat.js

HTTP Request

GET https://gofile.io/dist/js/marked.min.js

HTTP Request

GET https://gofile.io/dist/js/plyr.js

HTTP Request

GET https://gofile.io/dist/js/chart.umd.min.js

HTTP Request

GET https://gofile.io/dist/js/alljs.js

HTTP Request

GET https://gofile.io/dist/img/logo-small-70.png

HTTP Response

304

HTTP Response

304

HTTP Response

304

HTTP Response

304

HTTP Response

304

HTTP Response

304

HTTP Response

304

HTTP Response

304

HTTP Response

304

HTTP Response

304

HTTP Response

304

HTTP Response

304

HTTP Response

304

HTTP Response

304

HTTP Response

304

HTTP Request

GET https://gofile.io/dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47

HTTP Response

304

HTTP Request

GET https://gofile.io/dist/img/favicon96.png

HTTP Response

304

HTTP Request

GET https://gofile.io/contents/files.html

HTTP Response

304
51.38.43.18:443

https://api.gofile.io/contents/K06grj?wt=4fd6sg89d7s6

tls, http2

chrome.exe

2.3kB
5.8kB
18
24

HTTP Request

OPTIONS https://api.gofile.io/accounts/43429efa-cb9b-4ec4-a78c-06586b0e3b3b

HTTP Response

200

HTTP Request

GET https://api.gofile.io/accounts/43429efa-cb9b-4ec4-a78c-06586b0e3b3b

HTTP Response

200

HTTP Request

OPTIONS https://api.gofile.io/contents/K06grj?wt=4fd6sg89d7s6

HTTP Response

200

HTTP Request

GET https://api.gofile.io/contents/K06grj?wt=4fd6sg89d7s6

HTTP Response

200
206.168.190.239:443

https://store9.gofile.io/download/web/c1dc57d8-a323-4539-ba84-3b889f7d77ea/orthodox.exe

tls, http

chrome.exe

47.2kB
1.9MB
873
1381

HTTP Request

GET https://store9.gofile.io/download/web/c1dc57d8-a323-4539-ba84-3b889f7d77ea/orthodox.exe

HTTP Response

200
206.168.190.239:443

store9.gofile.io

tls

chrome.exe

943 B
4.7kB
8
10
216.239.32.116:443

https://beacons4.gvt2.com/domainreliability/upload-nel

tls, http2

chrome.exe

1.7kB
6.8kB
14
15

HTTP Request

OPTIONS https://beacons4.gvt2.com/domainreliability/upload-nel

8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

apis.google.com

dns

chrome.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.200.14
8.8.8.8:53

3.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.200.250.142.in-addr.arpa
8.8.8.8:53

195.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

195.212.58.216.in-addr.arpa
8.8.8.8:53

196.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.187.250.142.in-addr.arpa
8.8.8.8:53

play.google.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.179.238
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

142.250.187.238
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

238.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.187.250.142.in-addr.arpa
8.8.8.8:53

gofile.io

dns

chrome.exe

55 B
103 B
1
1

DNS Request

gofile.io

DNS Response

51.38.43.18

151.80.29.83

51.178.66.33
8.8.8.8:53

api.gofile.io

dns

chrome.exe

59 B
107 B
1
1

DNS Request

api.gofile.io

DNS Response

51.38.43.18

51.178.66.33

151.80.29.83
8.8.8.8:53

18.43.38.51.in-addr.arpa

dns

70 B
108 B
1
1

DNS Request

18.43.38.51.in-addr.arpa
8.8.8.8:53

s.gofile.io

dns

chrome.exe

57 B
73 B
1
1

DNS Request

s.gofile.io

DNS Response

51.75.242.210
8.8.8.8:53

ad.a-ads.com

dns

chrome.exe

58 B
74 B
1
1

DNS Request

ad.a-ads.com

DNS Response

148.251.152.47
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
301 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

172.217.169.10

216.58.212.202

172.217.169.74

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

31.243.111.52.in-addr.arpa
8.8.8.8:53

210.242.75.51.in-addr.arpa

dns

72 B
100 B
1
1

DNS Request

210.242.75.51.in-addr.arpa
8.8.8.8:53

47.152.251.148.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

47.152.251.148.in-addr.arpa
8.8.8.8:53

10.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.200.250.142.in-addr.arpa
8.8.8.8:53

101.58.20.217.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

101.58.20.217.in-addr.arpa
8.8.8.8:53

static.a-ads.com

dns

chrome.exe

62 B
95 B
1
1

DNS Request

static.a-ads.com

DNS Response

148.251.194.214
8.8.8.8:53

202.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

202.187.250.142.in-addr.arpa
8.8.8.8:53

99.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

99.201.58.216.in-addr.arpa
8.8.8.8:53

214.194.251.148.in-addr.arpa

dns

74 B
133 B
1
1

DNS Request

214.194.251.148.in-addr.arpa
8.8.8.8:53

store1.gofile.io

dns

chrome.exe

62 B
78 B
1
1

DNS Request

store1.gofile.io

DNS Response

45.112.123.227
8.8.8.8:53

227.123.112.45.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

227.123.112.45.in-addr.arpa
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

192.178.49.195
8.8.8.8:53

195.49.178.192.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

195.49.178.192.in-addr.arpa
142.250.187.196:443

www.google.com

https

chrome.exe

44.6kB
1.2MB
276
1055
142.250.179.238:443

play.google.com

https

chrome.exe

6.1kB
8.1kB
14
16
8.8.8.8:53

id.google.com

dns

chrome.exe

59 B
75 B
1
1

DNS Request

id.google.com

DNS Response

216.58.213.3
142.250.200.10:443

content-autofill.googleapis.com

https

chrome.exe

3.4kB
7.2kB
8
11
8.8.8.8:53

3.213.58.216.in-addr.arpa

dns

71 B
138 B
1
1

DNS Request

3.213.58.216.in-addr.arpa
8.8.8.8:53

www.win-rar.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

www.win-rar.com

DNS Response

51.195.68.163
8.8.8.8:53

waa-pa.clients6.google.com

dns

chrome.exe

72 B
88 B
1
1

DNS Request

waa-pa.clients6.google.com

DNS Response

216.58.212.234
8.8.8.8:53

2.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

2.180.250.142.in-addr.arpa
216.58.212.234:443

waa-pa.clients6.google.com

https

chrome.exe

3.7kB
15.2kB
10
16
8.8.8.8:53

163.68.195.51.in-addr.arpa

dns

72 B
101 B
1
1

DNS Request

163.68.195.51.in-addr.arpa
8.8.8.8:53

234.212.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

234.212.58.216.in-addr.arpa
8.8.8.8:53

249.197.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

249.197.17.2.in-addr.arpa
8.8.8.8:53

27.178.89.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

27.178.89.13.in-addr.arpa
8.8.8.8:53

25.251.17.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

25.251.17.2.in-addr.arpa
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

132 B
224 B
2
2

DNS Request

beacons.gcp.gvt2.com

DNS Request

beacons.gcp.gvt2.com

DNS Response

192.178.49.195

DNS Response

192.178.49.195
192.178.49.195:443

beacons.gcp.gvt2.com

https

chrome.exe

3.2kB
7.6kB
8
9
8.8.8.8:53

store9.gofile.io

dns

chrome.exe

124 B
156 B
2
2

DNS Request

store9.gofile.io

DNS Request

store9.gofile.io

DNS Response

206.168.190.239

DNS Response

206.168.190.239
8.8.8.8:53

239.190.168.206.in-addr.arpa

dns

148 B
286 B
2
2

DNS Request

239.190.168.206.in-addr.arpa

DNS Request

239.190.168.206.in-addr.arpa
8.8.8.8:53

beacons4.gvt2.com

dns

chrome.exe

126 B
158 B
2
2

DNS Request

beacons4.gvt2.com

DNS Request

beacons4.gvt2.com

DNS Response

216.239.32.116

DNS Response

216.239.32.116
216.239.32.116:443

beacons4.gvt2.com

https

chrome.exe

4.1kB
7.8kB
8
11
8.8.8.8:53

116.32.239.216.in-addr.arpa

dns

146 B
202 B
2
2

DNS Request

116.32.239.216.in-addr.arpa

DNS Request

116.32.239.216.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
a144a86395cac2adda5859e9e6242892

SHA1
e177ed1a0421a5bedd09a342a6db4cddca84ea89

SHA256
9fd522b6ae47edb1daa9257a319a067ed1ca1e8dc06584a2f6b438b46224cc4c

SHA512
edcb3b37458d4879e39f11acc575073ed9fc29ae5fb157c65dffee286866aa02b982b62169cd3af0a5c4b25bb9387c6f7cc79ed5d3ae4b487b9334b163e88367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
1fa9d708351a67bcb67fd2f19db98f95

SHA1
5e8448bf03b0d4caa78830c17db7dd3174e304b6

SHA256
272acf860323cfb0acc2cc44dacb1b34085d7a2105396c799b13f8f923293069

SHA512
e854d9c57d58285b799bbd010dc01c94b9d8595e2e0dc12c149107e94ab628d7230bfad333fa05f131628de77e69e51c7e97b06d8d19ad98fbd7b061be938f09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
920e49939af189a38610a7279b95e266

SHA1
1173d794c5007410661be2a43e681e9b14dd8523

SHA256
53d27302b96703ad5016da40d6bf1aa97824d9eeb9029b7c267b71730522fb85

SHA512
08559caebd2246e5a6af2e593ae93d82f02eee3f5978ea53a03505bc439758cc0f77dbb7c42b89a968c4f3d1a35bc7d711286bd3f76b2270d3eb0b51df1cb39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fdc7b711046f39b66be62119ef8cfcf6

SHA1
fa0a8707db6fba8f76f0f7f0692efffae044030b

SHA256
d30c587ef8a473dc06024a3a5a99440561dc0f5a7a3958211e5a671a3680a962

SHA512
8e86d137daba651816ceed6c0457e6f809b76c0d601cccb556ce814fc6fd64995518fea6cf65b4133ab945f79e09fef460f5a9dc9e4356ec230b1670ebc33402

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
56c5f9f02abf44f76cfd2c7c18eaa4f5

SHA1
4ef5b2e9094ddb12c2435e812c3e59d340ed6aed

SHA256
ca9c87e11cbd2b3bd0d4ab7ff119cedac40807fc6dfab174052532a3e519f4bf

SHA512
8ba6b5201390f805e7051afaadd32794169ebbb2fb9140421bb31f81b4650bb836aa8a18325cc1fc7b40e7fca880f8bd0fd3d599c41bde6384c64ebca0a8bdd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a6f82b79bff5bd5e6a026a37c64fe5bc

SHA1
df3b7533929aca5de18904644b3ae9550a96b1fa

SHA256
7aa1a32f59ceaacfd4ffb2701c82daa9ec96931cc6686c06c5f43c6ecf57bc55

SHA512
c2b5afd9230a95b08793ee1f1c5e9d3e03574441d74a7c081d0f7ff14a999bfc437f8b2076b1ea1ba64c1b432be26dd064f74c1c8c72ee0c2249a74b2fe520c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
b2c2ffb9cae4b8045519f5200cc16909

SHA1
ffdb4ed315482ac0fabc8138a6891eaee1c7d384

SHA256
bb9acb05549f05aa38b93d2d635a0707ffd2a9b68a69131df1ca3e9372348898

SHA512
286809216ae9825431b9e8ef2e2831bbf379e6f60129a770b867c7fa8a75f9d5e657052e36eb89d8ba83b4d49644579db269df9b7e1772e0c865a6c09675b149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d00e01baae5ce845ea1b741cd030de83

SHA1
fb405260497b1d08a7c32da6bc223005c3390dec

SHA256
d7a4ef911c99863d01ec876f72b651cd6b7846a78252179e4eae8ac36596cca2

SHA512
ef7ce8782d61ce9e53279641f3c943c64922fb330fcd57194bacfde662c312b4e28bd744d24c3878be4ad2dc4b36b6e2efad3730476ec00902d244d72ceec9a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
40be152224fc1eac06002e8a78c4fac6

SHA1
85a14be41e73a49ad8fa15c335b506bc0acfd0c6

SHA256
0c663ec47625ef30fe6917b92fa38afcef5703ac8aa57797dd070a32a38e2efe

SHA512
9eedab1bf48155867140388cacc20180634c2702f530027a4c3fa4f970099ad5179cc2b253c943533d1a2fd93d214f541a7f46e278cd3891aabdb0e0e3ce94e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
db46ed7a3858cb94fbb7d46e793d3573

SHA1
703740d39590ffe9c9606317879f63241dd18186

SHA256
c3a3c1908b23ec3b06a559ce37099741005bb526d2067b3e28a315bf51dea34f

SHA512
f97f07a6f0434b708fc2e2c347e897f55e7a4a2380d4d0979033fc8b0eb65be5138260e1842b6858b7960fabf55e429535e2dfdf342742f04f844533316eac4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f9606de57e58c99dfb16c70520803f91

SHA1
d8701374c38468476e3d292e1d750c84c848c0e9

SHA256
e8c1d86d535a2f2b79701d8e0c72b7006c6eb1eee737e6b166872169004d77a4

SHA512
92f0912a95a065e9cde454dcae90ada271c4c731d148cfdc2f7faeb8fd6fcb74bf830c2a88e28da7064f9f78b44ec0835cf94d37aff049936f2398385fbbf374

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ff5ad2210de768210fa572534e3eda14

SHA1
02e7042c7a1f86fa1158068991bd88de2db31b5b

SHA256
bfc71feb2821e6804a279f93c9619a8b807694a69f99b3dccc9cad150f98c843

SHA512
45b82f82ac24119157d6bc9577db87744e3e1dda13677812cfd61f422150f2df06bbbe859e587482ac6f22073edb0caa693fd086c35dc496627aa5d74c40495d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e4ba37af3a5e85c56970641a07a3afe8

SHA1
6aa88944a24e26ccf7db0848105cca65038b583d

SHA256
ed27278bad0c5b5ae72e02659fd62cd7e6e32702a0f33360190cb41a2a8983bf

SHA512
8e38190d9c4a154b300cfa812f1b0907a7c9f54929efe2069ba31b56417cbe90ff5ab1c6f5a4d70ac5b70fffc4f2a5be185110b12ed99e0584a63b389e7923e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
20cb66a558145f824102b0581e7cc1b4

SHA1
e177527ce00394d72f588c4a19ef884de83a3608

SHA256
a3565bf0bc2435279b4037fe7602d7b9cc688f88a5b7a8093833afb7410eb96f

SHA512
e6249e05d673e4e3096b835feddca8fd7d2b612d643bca376c5abd9bb22a8c0e51de61ad66bfe6a7413a871b60bc95439c1fd6eabef4336e88d26c6966afe076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
76c55f82004b60836dbc465b5fcc3055

SHA1
983f4b7d45ea28ce387e399a396567a2f5587a92

SHA256
8c516dcd0eb33acf1125cea45678caf06cb60abf7bc4181726aee96b353dfe00

SHA512
28e1bbe45f80c328508a75d1faac78ac47246d2f5e0de40c494aec1dc160025e8d30ec756f456fdeeba42ae34df809ea88fc8406db5150758eb6835a99695e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c2b5b579c8317dae52beb91485056848

SHA1
59e5111ad5310638cb88aa989c9f2a47368a53ee

SHA256
918f513b93c0230588af780731a3e0ea3d2349a84a48aa585f6681b2a967a242

SHA512
b5619277e93b3b26e91151a322af22ab0d713cabac292a16f256c34e29e26709dd927e24b3edd433a8740c842478d9e861541a936944b9d04e21912893869f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e13bc36133a73263681f5c8fc6233338

SHA1
52e23fe1e15691d280e00b1e100be12b94f79a48

SHA256
7b0578f7ceebca3d5a9daff17946de9ca423d2f4025abbd010eeabbc92d17d0b

SHA512
5bd7812c56d9139ecc4a56a8ce307e377c834d7f0c25b8c025e64f66331267d18ce4fb81c818c750315bec337e6e65d8ab9d2aa7adf699a955dcbf1cfb8a8bbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
17dfcd0d9195f376c8211000ceef870c

SHA1
22d07e8ffc72b0db594c223b1bd9d17aa648402e

SHA256
2b7291d4b1a46d6cbbcd028634ea7e0abc89e21238c5b196e88abcaf7df81e6a

SHA512
be2a53428704da3dab00789a0462bbcea168882d2d0b71c01f50f454445ee91f8abc037cf2819d401ceb250e37591df05bfe84df881996d1cce83ecb0d70085a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
cb2b402cc150750137bcdfcaed6e2f11

SHA1
72ed8196f96618f990c21702fdc54f241286e030

SHA256
b9a896f149a13648bbb83788e4248c93738974570711bb716b8cf4aad48f1c2a

SHA512
84bda67685e9c5ea8d61870d269ee982e2ed0ac6d80a86042cfbce1814dc231b15f0d9fa00c440b13a8d9a35bc2ef64a517973be64b6b01baaf7e7a17a371e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
a43f159f77e5de5aec60bfc74fbfcb72

SHA1
a4dfbe8dcafca74b7d12f87a84036e12e225d662

SHA256
4dbc307b82e7a89bd0d3513d724b6e74a58c4abd7f78326f896c5def99fd6d0d

SHA512
8db581e8b9bf2396d9cecff1be65bf61329ef16920189cb748016f7be4bfbfc9e8bd9a80e5f7b489a3519e5c28baae4f29a2e54fa71bcee8761cb0fe897e5678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
5ccdafba9a3339719f1e63292709c8bd

SHA1
ffa295e7d72b822b951cf518ddb438f6ce4aba2e

SHA256
f07881d6690fd978b62b9806d883e3b1c97cd10c68d45dc0a19053d442722726

SHA512
289f171e03a33edbd28c5f00696b22964bc55d161ba6854577c173768cdaa6f4eeb7999b3ba47a441fac734325a2ccb265447eca3238e0d2212c3d9ab09ddac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
8888efb381ca5b8a2981b71da9bdfc24

SHA1
f2c3ecf6a28f4c84681fc082b7bba5d8323866b5

SHA256
f26802ddfb747bebfd2c8a43cd9a91466f6edb92e4684ce981ea7e8654d7ad05

SHA512
73692377e98afd05c67406d826bf02fa3c36d451ef547ce9899c6452dd7b2b8e32fc99938fcbc6fe2069c57f3f5e21da1c1c7bfb5739d620e05a613e8c583c6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
13f73871794886f3d3d28eba0bfb09f8

SHA1
d2bccda2cbaf1fc477f89b7974730ab59adf746f

SHA256
deb9190adbd7b25265270a8fe3a4726917e37e053a0d55cd836edfe49336f7ea

SHA512
da432ee73bc04de7985165199aebcb321cba098c6f0f3b7dd85bcf2c9bc0a4091ae1aba86916dac8fb507633660a69f97b6cfb786b938e5eb065d9912fe10fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58cf13.TMP

Filesize
92KB

MD5
5bbfba6c30f8a1720d821dc6a193e010

SHA1
bb547e9c14487239fe2314ab4f8a96518af5a65f

SHA256
5946202b5bf61004843483761848f9eedf53bb813cb56bfbc89b3cd1f26961c4

SHA512
6028c10041464719aa0b80ae7b5214f66a08e07b77a2dff40d06f72664ddfb94bc80ce74265800283ff1b413d1ecedb3a9a699ffd177748c51aa31ce8337b476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\orthodox.exe

Filesize
1.8MB

MD5
15c7b84efb6e1185cbb8f68898b3d2cf

SHA1
153b7ec96bf2997205c28de525de658dddc49232

SHA256
88019645c39dbd895dbdf510bf553b841859537a173df4c1bd8dc5e154cc267a

SHA512
3429192e7bbf5e0ce657eef59551652081c64485a3eadaf9d9ac810184334b8ea0a128f150778c1e4f9605c4df8e14763c7a26233f83d90f4dfae816f590655a

Download Submit
C:\Users\Admin\Downloads\orthodox.rar.crdownload

Filesize
774KB

MD5
509113a1193b13cb166112d88d719cc8

SHA1
68f6a0b81f486c306870177d934c09fcf23a5085

SHA256
c2aaf9dc572aa82c7210847c8172f5843dbde86b4c1f57237361ddb19ebc570c

SHA512
d3747daba370d62d2332b3aab2954734672a379a2f2b7fc3c77f25ea5f7b7a8c92280c8d7b85f687645fb98745f27e06e998356579fe399c65af0c7f65ed6940

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request