discordrat | hxxps://gofile[.]io/d/CjZK3N

Resubmissions

29/06/2024, 08:00 UTC

240629-jv136stejg 10

28/06/2024, 17:24 UTC

240628-vyn4kaxdkg 10

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 17:24 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/CjZK3N

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
https://discord.com/api/webhooks/1250527795591778345/dyJ1rr7AH7-pnMiHKTyiXBSBOctq558BKC1NK9RdB9Fg_AKHhj_Ei_joM20_0jkN5nZq
server_id
1256297764950642850

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Downloads MZ/PE file

Executes dropped EXE 15 IoCs

pid	Process
5532	Client-built.exe
5692	Client-built.exe
5776	Client-built.exe
5964	Client-built.exe
6044	Client-built.exe
2480	Client-built.exe
5204	Client-built.exe
5352	Client-built.exe
5472	Client-built.exe
5632	Client-built.exe
6052	Client-built.exe
4412	Client-built.exe
6024	Client-built.exe
6160	Client-built.exe
6256	Client-built.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 375075.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1372	msedge.exe
1372	msedge.exe
404	msedge.exe
404	msedge.exe
1628	identity_helper.exe
1628	identity_helper.exe
5372	msedge.exe
5372	msedge.exe
6940	msedge.exe
6940	msedge.exe
6940	msedge.exe
6940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeDebugPrivilege	5532	Client-built.exe
Token: SeDebugPrivilege	5692	Client-built.exe
Token: SeDebugPrivilege	5776	Client-built.exe
Token: SeDebugPrivilege	5964	Client-built.exe
Token: SeDebugPrivilege	6044	Client-built.exe
Token: SeDebugPrivilege	2480	Client-built.exe
Token: SeDebugPrivilege	5204	Client-built.exe
Token: SeDebugPrivilege	5352	Client-built.exe
Token: SeDebugPrivilege	5472	Client-built.exe
Token: SeDebugPrivilege	5632	Client-built.exe
Token: SeDebugPrivilege	6052	Client-built.exe
Token: SeDebugPrivilege	4412	Client-built.exe
Token: SeDebugPrivilege	6024	Client-built.exe
Token: SeDebugPrivilege	6160	Client-built.exe
Token: SeDebugPrivilege	6256	Client-built.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 3108	404	msedge.exe	83
PID 404 wrote to memory of 3108	404	msedge.exe	83
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1672	404	msedge.exe	84
PID 404 wrote to memory of 1372	404	msedge.exe	85
PID 404 wrote to memory of 1372	404	msedge.exe	85
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86
PID 404 wrote to memory of 2504	404	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/CjZK3N
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08de46f8,0x7ffd08de4708,0x7ffd08de4718
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5372
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5532
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5692
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5776
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5964
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:6044
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2480
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5204
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5352
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5472
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5632
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:6052
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4412
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:6024
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:6160
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:6256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4321539980645967488,15028408658786704651,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6576 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3812

Network

DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

gofile.io

IN A

Response

gofile.io

IN A

151.80.29.83

gofile.io

IN A

51.178.66.33

gofile.io

IN A

51.38.43.18
GET

https://gofile.io/d/CjZK3N

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /d/CjZK3N HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: text/html; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Thu, 13 Jun 2024 15:11:27 GMT
etag: W/"27a7-190122759a2"
content-encoding: gzip
GET

https://gofile.io/dist/css/bootstrap.min.css

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/css/bootstrap.min.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:00 GMT
etag: W/"2fbaa-1857d3988cb"
content-encoding: gzip
GET

https://gofile.io/dist/css/bootstrap-icons.css

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/css/bootstrap-icons.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:00 GMT
etag: W/"17579-1857d3988cb"
content-encoding: gzip
GET

https://gofile.io/dist/css/bootstrap-nightfall.css

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/css/bootstrap-nightfall.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:00 GMT
etag: W/"c869-1857d3988cb"
content-encoding: gzip
GET

https://gofile.io/dist/css/plyr.css

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/css/plyr.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Sun, 08 Jan 2023 19:47:31 GMT
etag: W/"85ae-18592ec8138"
content-encoding: gzip
GET

https://gofile.io/dist/css/allcss.css

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/css/allcss.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Fri, 26 Jan 2024 00:18:08 GMT
etag: W/"758-18d43218adf"
content-encoding: gzip
GET

https://gofile.io/dist/js/bootstrap.bundle.min.js

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/js/bootstrap.bundle.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:00 GMT
etag: W/"13a49-1857d3988cf"
content-encoding: gzip
GET

https://gofile.io/dist/js/sha256.min.js

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/js/sha256.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:00 GMT
etag: W/"2339-1857d3988d3"
content-encoding: gzip
GET

https://gofile.io/dist/js/qrcode.min.js

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/js/qrcode.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:00 GMT
etag: W/"1a0e-1857d3988cf"
content-encoding: gzip
GET

https://gofile.io/dist/js/dayjs.min.js

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/js/dayjs.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:00 GMT
etag: W/"4dda-1857d3988d3"
content-encoding: gzip
GET

https://gofile.io/dist/js/customParseFormat.js

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/js/customParseFormat.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:00 GMT
etag: W/"ea2-1857d3988cf"
content-encoding: gzip
GET

https://gofile.io/dist/js/marked.min.js

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/js/marked.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:00 GMT
etag: W/"aca2-1857d3988d3"
content-encoding: gzip
GET

https://gofile.io/dist/js/plyr.js

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/js/plyr.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Sun, 08 Jan 2023 19:47:31 GMT
etag: W/"1b1b2-18592ec8138"
content-encoding: gzip
GET

https://gofile.io/dist/js/chart.umd.min.js

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/js/chart.umd.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 08 Mar 2023 18:58:11 GMT
etag: W/"3094c-186c2968d85"
content-encoding: gzip
GET

https://gofile.io/dist/js/alljs.js

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/js/alljs.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: image/png
content-length: 2367
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:00 GMT
etag: W/"93f-1857d3988cf"
GET

https://gofile.io/dist/img/logo-small-70.png

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/img/logo-small-70.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Mon, 24 Jun 2024 14:54:35 GMT
etag: W/"389e8-1904abdddb7"
content-encoding: gzip
GET

https://gofile.io/dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47 HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://gofile.io
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:11 GMT
content-type: font/woff2
content-length: 121296
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:00 GMT
etag: W/"1d9d0-1857d3988cf"
GET

https://gofile.io/dist/img/favicon96.png

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/img/favicon96.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:12 GMT
content-type: image/png
content-length: 2886
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:00 GMT
etag: W/"b46-1857d3988cf"
GET

https://gofile.io/dist/img/favicon32.png

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/img/favicon32.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:12 GMT
content-type: image/png
content-length: 903
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:00 GMT
etag: W/"387-1857d3988cf"
GET

https://gofile.io/dist/img/favicon16.png

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /dist/img/favicon16.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:12 GMT
content-type: image/png
content-length: 503
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:00 GMT
etag: W/"1f7-1857d3988cf"
GET

https://gofile.io/contents/files.html

msedge.exe

Remote address:

151.80.29.83:443

Request

GET /contents/files.html HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=ISKEeQxWhZp58sGrBPcBpMZcspUchsag

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:12 GMT
content-type: text/html; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Sat, 22 Jun 2024 01:24:46 GMT
etag: W/"4a1d-1903d8bbb62"
content-encoding: gzip
DNS

api.gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

api.gofile.io

IN A

Response

api.gofile.io

IN A

51.38.43.18

api.gofile.io

IN A

51.178.66.33

api.gofile.io

IN A

151.80.29.83
POST

https://api.gofile.io/accounts

msedge.exe

Remote address:

51.38.43.18:443

Request

POST /accounts HTTP/2.0
host: api.gofile.io
content-length: 2
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:12 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"6f-jHwnIyjXLikhTl01zpvjGrojiqQ"
content-encoding: gzip
OPTIONS

https://api.gofile.io/accounts/05957a8b-243a-4bca-9be9-e67226971889

msedge.exe

Remote address:

51.38.43.18:443

Request

OPTIONS /accounts/05957a8b-243a-4bca-9be9-e67226971889 HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:12 GMT
content-type: text/html; charset=utf-8
content-length: 8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
allow: GET,HEAD
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
GET

https://api.gofile.io/accounts/05957a8b-243a-4bca-9be9-e67226971889

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /accounts/05957a8b-243a-4bca-9be9-e67226971889 HTTP/2.0
host: api.gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
sec-ch-ua-mobile: ?0
authorization: Bearer ISKEeQxWhZp58sGrBPcBpMZcspUchsag
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:12 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"111-rGg+1ouYW7aSX8ILiFAXmdnj3JU"
content-encoding: gzip
OPTIONS

https://api.gofile.io/contents/CjZK3N?wt=4fd6sg89d7s6

msedge.exe

Remote address:

51.38.43.18:443

Request

OPTIONS /contents/CjZK3N?wt=4fd6sg89d7s6 HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:12 GMT
content-type: text/html; charset=utf-8
content-length: 15
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
allow: GET,HEAD,DELETE
etag: W/"f-vwvPzyVoI/ffOSHTCooZCn+JbCg"
GET

https://api.gofile.io/contents/CjZK3N?wt=4fd6sg89d7s6

msedge.exe

Remote address:

51.38.43.18:443

Request

GET /contents/CjZK3N?wt=4fd6sg89d7s6 HTTP/2.0
host: api.gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
sec-ch-ua-mobile: ?0
authorization: Bearer ISKEeQxWhZp58sGrBPcBpMZcspUchsag
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Fri, 28 Jun 2024 17:24:12 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"2d4-7e3PxcFs+me9ogjeSdNkDh4SRVs"
content-encoding: gzip
DNS

83.29.80.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.29.80.151.in-addr.arpa

IN PTR

Response

83.29.80.151.in-addr.arpa

IN PTR

ns3048708ip-151-80-29eu
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

4.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.159.190.20.in-addr.arpa

IN PTR

Response
DNS

s.gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

s.gofile.io

IN A

Response

s.gofile.io

IN A

51.75.242.210
GET

https://s.gofile.io/js/script.js

msedge.exe

Remote address:

51.75.242.210:443

Request

GET /js/script.js HTTP/2.0
host: s.gofile.io
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=ISKEeQxWhZp58sGrBPcBpMZcspUchsag

Response

HTTP/2.0 200

access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
content-type: application/javascript
cross-origin-resource-policy: cross-origin
date: Fri, 28 Jun 2024 17:24:12 GMT
server: Cowboy
x-content-type-options: nosniff
content-length: 1346
POST

https://s.gofile.io/api/event

msedge.exe

Remote address:

51.75.242.210:443

Request

POST /api/event HTTP/2.0
host: s.gofile.io
content-length: 74
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 202

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
content-type: text/plain; charset=utf-8
date: Fri, 28 Jun 2024 17:24:12 GMT
server: Cowboy
x-request-id: F9069CDYLNnzTnAPu0xD
content-length: 2
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De81vHt1ebL9BUBsW_jplxqujVUCUygqkeBg-9znLA_uReiK9ulA7Iy3kQYf9IjPRpUDQ1L_rpSLL2pLvcVMak0B1DO9Yu-mOQ4wXRbWONSQKFrtonUvCptk0ZUe3XCplqSy30Nb30y-5QfQ3QYeOy4jDux83HOze5rHQzRGa0wRRSSll9t%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D219bebd8b1ac16d585868db01b5a19d0&TIME=20240611T195252Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De81vHt1ebL9BUBsW_jplxqujVUCUygqkeBg-9znLA_uReiK9ulA7Iy3kQYf9IjPRpUDQ1L_rpSLL2pLvcVMak0B1DO9Yu-mOQ4wXRbWONSQKFrtonUvCptk0ZUe3XCplqSy30Nb30y-5QfQ3QYeOy4jDux83HOze5rHQzRGa0wRRSSll9t%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D219bebd8b1ac16d585868db01b5a19d0&TIME=20240611T195252Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=270DF2A448DD6EE712EBE608493D6FE6; domain=.bing.com; expires=Wed, 23-Jul-2025 17:24:13 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C9DA75D0B36340D59BC38B98529EDAA7 Ref B: LON04EDGE1008 Ref C: 2024-06-28T17:24:13Z
date: Fri, 28 Jun 2024 17:24:12 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De81vHt1ebL9BUBsW_jplxqujVUCUygqkeBg-9znLA_uReiK9ulA7Iy3kQYf9IjPRpUDQ1L_rpSLL2pLvcVMak0B1DO9Yu-mOQ4wXRbWONSQKFrtonUvCptk0ZUe3XCplqSy30Nb30y-5QfQ3QYeOy4jDux83HOze5rHQzRGa0wRRSSll9t%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D219bebd8b1ac16d585868db01b5a19d0&TIME=20240611T195252Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De81vHt1ebL9BUBsW_jplxqujVUCUygqkeBg-9znLA_uReiK9ulA7Iy3kQYf9IjPRpUDQ1L_rpSLL2pLvcVMak0B1DO9Yu-mOQ4wXRbWONSQKFrtonUvCptk0ZUe3XCplqSy30Nb30y-5QfQ3QYeOy4jDux83HOze5rHQzRGa0wRRSSll9t%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D219bebd8b1ac16d585868db01b5a19d0&TIME=20240611T195252Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=270DF2A448DD6EE712EBE608493D6FE6; _EDGE_S=SID=286BA7BC456564031393B31044A565BF

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=HI_W-HgfOQLEn7aJKb1qN063-eCammN0N5hj_d4pGIQ; domain=.bing.com; expires=Wed, 23-Jul-2025 17:24:13 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AD13F36725CD49F88CD57DAEC04EDBE5 Ref B: LON04EDGE1008 Ref C: 2024-06-28T17:24:13Z
date: Fri, 28 Jun 2024 17:24:12 GMT
DNS

18.43.38.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.43.38.51.in-addr.arpa

IN PTR

Response

18.43.38.51.in-addr.arpa

IN PTR

ns3120834ip-51-38-43eu
DNS

210.242.75.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.242.75.51.in-addr.arpa

IN PTR

Response

210.242.75.51.in-addr.arpa

IN PTR

mailgofileio
GET

https://www.bing.com/aes/c.gif?RG=2c1b7262a9d34b1b9950f95776f4de79&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195252Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373

Remote address:

23.62.61.97:443

Request

GET /aes/c.gif?RG=2c1b7262a9d34b1b9950f95776f4de79&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195252Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=270DF2A448DD6EE712EBE608493D6FE6

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3DBC8683DDB44E128A4A3B4E4A7A8A1A Ref B: DUS30EDGE0306 Ref C: 2024-06-28T17:24:13Z
content-length: 0
date: Fri, 28 Jun 2024 17:24:13 GMT
set-cookie: _EDGE_S=SID=286BA7BC456564031393B31044A565BF; path=/; httponly; domain=bing.com
set-cookie: MUIDB=270DF2A448DD6EE712EBE608493D6FE6; path=/; httponly; expires=Wed, 23-Jul-2025 17:24:13 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.5d3d3e17.1719595453.9a2bfd0
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

97.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.61.62.23.in-addr.arpa

IN PTR

Response

97.61.62.23.in-addr.arpa

IN PTR

a23-62-61-97deploystaticakamaitechnologiescom
DNS

store4.gofile.io

msedge.exe

Remote address:

8.8.8.8:53

Request

store4.gofile.io

IN A

Response

store4.gofile.io

IN A

31.14.70.245
GET

https://store4.gofile.io/download/web/e98931b5-b38d-46ca-ad12-cf5821a7f3b1/Client-built.exe

msedge.exe

Remote address:

31.14.70.245:443

Request

GET /download/web/e98931b5-b38d-46ca-ad12-cf5821a7f3b1/Client-built.exe HTTP/1.1
Host: store4.gofile.io
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://gofile.io/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: accountToken=ISKEeQxWhZp58sGrBPcBpMZcspUchsag

Response

HTTP/1.1 200 OK

Server: nginx/1.27.0
Date: Fri, 28 Jun 2024 17:24:14 GMT
Content-Type: application/x-ms-dos-executable
Content-Length: 80384
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range
Content-Disposition: attachment; filename="Client-built.exe"
Last-Modified: Fri, 28 Jun 2024 17:22:09 GMT
DNS

245.70.14.31.in-addr.arpa

Remote address:

8.8.8.8:53

Request

245.70.14.31.in-addr.arpa

IN PTR

Response

245.70.14.31.in-addr.arpa

IN PTR

31-14-70-245custmojifr
DNS

gateway.discord.gg

Client-built.exe

Remote address:

8.8.8.8:53

Request

gateway.discord.gg

IN A

Response

gateway.discord.gg

IN A

162.159.130.234

gateway.discord.gg

IN A

162.159.136.234

gateway.discord.gg

IN A

162.159.135.234

gateway.discord.gg

IN A

162.159.133.234

gateway.discord.gg

IN A

162.159.134.234
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.130.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: HinpPeJDGjF+FuxLYETtGw==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Fri, 28 Jun 2024 17:24:22 GMT
Connection: upgrade
sec-websocket-accept: 4xUw7fJX7rVqEwqqZ5hzb3VjKgk=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rMlw51%2BJ9WSz%2F7FrxZEJd1cI2u0y3GJhQ0sVoUIdtpYoslQxZ6p3zZ%2FMwyQ0pUeLWe9wgGoQGULd3%2BsW1NobRledWHOVJZ0qGu9SyNzsaSM5JO10kXIJX%2B9cW7%2F3fkoF5KpICQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 89af5eba6d993866-LHR
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.130.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: Z2NXkOlOD/B2aZWEGey8uQ==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Fri, 28 Jun 2024 17:24:23 GMT
Connection: upgrade
sec-websocket-accept: /NOvAZzueFZpXZLIFcR2PgRP/xY=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E84TWrBKDch7F2QSiaJ7i8FFQZAzlcHvVbCy2fvCW4L21BjySCRxIPHA0tQVMSqNNSo0RW0N%2FZLNt9Q%2FT81lTvmggwj0fKzS%2BhOzGY%2B0OnCrDN62xq3%2FNbSPHSulHuUDENTMyw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 89af5ebd1f11952f-LHR
DNS

234.130.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.130.159.162.in-addr.arpa

IN PTR

Response
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.130.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: Xc4frPIup2IxDntXDoIkPw==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Fri, 28 Jun 2024 17:24:23 GMT
Connection: upgrade
sec-websocket-accept: CTCk12oQjvROsy5ERtrUtRxN/rE=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kcRKAB8XlcUIm4nk4jXntZ0GtNU8m3y3v%2BBUfPeXBCmk64WXV0uSSE4CY9izCfEkMDP5pZuh30Hqd59yxod1SK4yzTwhmVs6iPrBZiQ3nBuVf1ipzaLML7WoEWxKS25j5aQd%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 89af5ebe1baa6389-LHR
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.130.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: 8XHr2+zS3ouEgOPgQ/Tpdw==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Fri, 28 Jun 2024 17:24:31 GMT
Connection: upgrade
sec-websocket-accept: C5r1wMLPVnhwsYROVB1ZDoD72L8=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FqpDMA%2Br0CArlQ3oRw9XhG9YRsVtDLOBotjj9J%2BkxJu4fdEw6mGwH6Z%2BDOrwHrFspz7ERb5NaWsDyiGIP9fBU8GMuC0gH8yerXQnpu%2BPdgG0JG8tSAutMG9kOKXZdmHBm1e5DA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 89af5ef1b868770e-LHR
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.130.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: dE1uF0muburKQ8xPAD80yg==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Fri, 28 Jun 2024 17:24:31 GMT
Connection: upgrade
sec-websocket-accept: M+OymvVtgy5am0JNq+KbX2yiHf0=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rrC7RpkvXuPtMR28vUupkuI3U5rtMplTEjgMUClFOnd2H4p%2FG5ZDSbq1zy%2FcLg%2Bu5hinDhR2%2FsBEmiIhLYiUANa8GV4n03TaY0Cdh8m1dG%2FLbwn4FeDn5q0ezri0f%2FHnid%2FwNw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 89af5ef30b1123f6-LHR
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.130.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: MjtvwzqFhV/ITzk4tAxFOQ==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Fri, 28 Jun 2024 17:24:32 GMT
Connection: upgrade
sec-websocket-accept: 542Zmf1u66PH3QxGFzn6gLSyFxo=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NlCX14FEChKkoTMFZJUzC4j0DzFu1doldQhgoHDqIQOGZSGisuq1hVD6kJsQ6hiACdPk7Cd2anj2elmm10WnC%2B90AhF53Pz9vCmkzhx8G9H70qko%2FZnioGNIMLDnLkB%2Bjp%2FFMw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 89af5ef59d9e657b-LHR
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.130.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: cHE7rAtHJhoSboT+bmoy9Q==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Fri, 28 Jun 2024 17:24:32 GMT
Connection: upgrade
sec-websocket-accept: OnhedUGwJ33SFkZyGvffYuM4Uqc=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7b4iQHy32CCeSzZSXF60PPniOVtnRg9mbM55SvfkHQ%2B5qVxNQiM%2BDvcCimHPivWbJY1f8oS84p2Z99pfzESoliT0Jw5sDOCe3WR5sQC4ZsKsBpcKNo8o7A6iLIDfAahK%2FAUHsw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 89af5ef6bb315321-LHR
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.130.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: eVCPngLIYHsvyxsnqtnuOQ==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Fri, 28 Jun 2024 17:24:32 GMT
Connection: upgrade
sec-websocket-accept: hxNA7j+yPhm+XVLNY4WtKY7eCcI=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tW5NNZRGZac%2BQVqsY1vCj%2FNOWz3smBXJNDFEDqP195cDIYh1XGJ7xhseGRZEVQmURS%2Bd8IvFz0vXMJrQxcQC4jHhxrIeTP%2BUawCMVxPWp41RQt6o3PC9kPYKr6nNYJcRu0nqpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 89af5ef94bc3d168-LHR
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.130.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: ceClM0lwEpB7R8hFYkp7XQ==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Fri, 28 Jun 2024 17:24:33 GMT
Connection: upgrade
sec-websocket-accept: PTYYbOL31abfuWOa1/pYvMZ2LbQ=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HBHb3WJXB7e6wIsJZKBn%2BLsgikNZg6eko3D1VNbIuXs9FRICfNp2Mx5P6H2hQU0xXEKN9pgagdKTdjAH5lcrt4xKrnG3BYX7PTq3Fxdc3Sj2HCO%2FtPg0VpSDw2RJy6rMST35vg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 89af5ef9cd099457-LHR
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.130.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: NRhC0bXXXU2cAMLFnMzZCg==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Fri, 28 Jun 2024 17:24:33 GMT
Connection: upgrade
sec-websocket-accept: sNMzTWqFGXvNK/Nk04Moc0m76hs=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a3z1HCNIc9jgnXGPOd%2BUQvLjXzvyCX1AXdEAou%2B2rra0u7iV9vSJ5VOWC4Vvvd7LSczbw06ldXm1fYUePK1%2B3pAoG5ipbF0AlKo1W0XOVgaa3Rr3zG0DwUR3sePMwkbxh4e7NA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 89af5efc4cf77756-LHR
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.130.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: geZoJDfTWCaPAXWQCy8Yrw==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Fri, 28 Jun 2024 17:24:34 GMT
Connection: upgrade
sec-websocket-accept: mUqhNqrgyfx1J/TrEmUT74ORQ9U=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0zf4OmEoMCznOzwqJtwyLxKlN4seoML9mr0qd5kDAl2W%2BzfTxiuD5jmEEx3On0rCKaJPjwWrae2qP9HNG3qidQtuzyjpCp5qM6EbV08vdkiEQ0qZST3PmYs5E8%2FdtPzaoIeMWA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 89af5f01b9a1776c-LHR
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.130.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: fgs1uPlsEFbWLCxAeVoW2g==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Fri, 28 Jun 2024 17:24:34 GMT
Connection: upgrade
sec-websocket-accept: 8Jiykt5bkk5gJhub3/T80W3eGps=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rs8qVXJoeWK57LxXaAfOnatUfnxVrWh%2BRJIpEpotl%2BUjPlBWrfqFh%2BvCgY7I6h9Gw%2B3xV9dOJAHRWvlJEO5TqFkcuU07kga80gsRyLdwh8kfwHnvtkufUgXd6jOXp0711QBcqg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 89af5f059f067330-LHR
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.130.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: dHb91QJMqMiS0RMTbvB9Xw==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Fri, 28 Jun 2024 17:24:35 GMT
Connection: upgrade
sec-websocket-accept: PpIGj2Zq2Y2fzIv+Qac8ldJAdnQ=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fXWTiuqFMqmwiZmEXnGtGkzmQgnN4yx6YlZpjyBeVNEteeVYvsvuEYVnkPdtoZvhDJYgJXc3huUHqMxvAdx6EapeACZyK%2F7wrxgmc%2F8IFNpD02B8UygpHptzMBBYVeVzFBONrg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 89af5f06ea9288a9-LHR
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.130.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: +XfOip3wUstpa8LN7RXvUQ==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Fri, 28 Jun 2024 17:24:35 GMT
Connection: upgrade
sec-websocket-accept: FMuJa5Rq0RCyJzUPUzmL9VhAvg4=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TwvnQMKreXy5ZMQVcQWCWP%2F2AzYaylZ0VYVsD0m%2FAF9mOkaIrN2ahE7234njPXIOpgaYyd%2Fdq%2BqLAUt19cv1cMV7aHkVsG0Z7rrAImmKk%2BZJlgNS833fBmiNnjrJGZZ5L8iFyw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 89af5f079a4b48af-LHR
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.130.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: f3mfPzeV/M1ABHGGbTpgQg==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Fri, 28 Jun 2024 17:24:35 GMT
Connection: upgrade
sec-websocket-accept: OrtvygQBplR7CZhESATngxNN8pg=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8btcoiCLqdaw0V4AEZamAgeXT4rWoAqx4LhKdtE1%2FDbTr%2BQ4ZML083iVdTrSsOXlZklGDycb6m%2BOl21zLKb0jDW0I%2FuPjj3DTTv%2BfuiTiAu6KwxG2LTfgDZ4mGvbXGmTYMNx5g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 89af5f08a9ad635b-LHR
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

95.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.12.20.2.in-addr.arpa

IN PTR

Response

95.12.20.2.in-addr.arpa

IN PTR

a2-20-12-95deploystaticakamaitechnologiescom
DNS

80.90.14.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.90.14.23.in-addr.arpa

IN PTR

Response

80.90.14.23.in-addr.arpa

IN PTR

a23-14-90-80deploystaticakamaitechnologiescom
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR

Response

151.80.29.83:443

https://gofile.io/contents/files.html

tls, http2

msedge.exe

12.3kB
479.2kB
211
372

HTTP Request

GET https://gofile.io/d/CjZK3N

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/css/bootstrap.min.css

HTTP Request

GET https://gofile.io/dist/css/bootstrap-icons.css

HTTP Request

GET https://gofile.io/dist/css/bootstrap-nightfall.css

HTTP Request

GET https://gofile.io/dist/css/plyr.css

HTTP Request

GET https://gofile.io/dist/css/allcss.css

HTTP Request

GET https://gofile.io/dist/js/bootstrap.bundle.min.js

HTTP Request

GET https://gofile.io/dist/js/sha256.min.js

HTTP Request

GET https://gofile.io/dist/js/qrcode.min.js

HTTP Request

GET https://gofile.io/dist/js/dayjs.min.js

HTTP Request

GET https://gofile.io/dist/js/customParseFormat.js

HTTP Request

GET https://gofile.io/dist/js/marked.min.js

HTTP Request

GET https://gofile.io/dist/js/plyr.js

HTTP Request

GET https://gofile.io/dist/js/chart.umd.min.js

HTTP Request

GET https://gofile.io/dist/js/alljs.js

HTTP Request

GET https://gofile.io/dist/img/logo-small-70.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon96.png

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon32.png

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon16.png

HTTP Response

200

HTTP Request

GET https://gofile.io/contents/files.html

HTTP Response

200
51.38.43.18:443

https://api.gofile.io/contents/CjZK3N?wt=4fd6sg89d7s6

tls, http2

msedge.exe

2.6kB
10.7kB
23
30

HTTP Request

POST https://api.gofile.io/accounts

HTTP Response

200

HTTP Request

OPTIONS https://api.gofile.io/accounts/05957a8b-243a-4bca-9be9-e67226971889

HTTP Response

200

HTTP Request

GET https://api.gofile.io/accounts/05957a8b-243a-4bca-9be9-e67226971889

HTTP Response

200

HTTP Request

OPTIONS https://api.gofile.io/contents/CjZK3N?wt=4fd6sg89d7s6

HTTP Response

200

HTTP Request

GET https://api.gofile.io/contents/CjZK3N?wt=4fd6sg89d7s6

HTTP Response

200
51.75.242.210:443

https://s.gofile.io/js/script.js

tls, http2

msedge.exe

2.4kB
6.3kB
17
17

HTTP Request

GET https://s.gofile.io/js/script.js

HTTP Response

200
51.75.242.210:443

https://s.gofile.io/api/event

tls, http2

msedge.exe

2.4kB
5.0kB
16
17

HTTP Request

POST https://s.gofile.io/api/event

HTTP Response

202
204.79.197.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De81vHt1ebL9BUBsW_jplxqujVUCUygqkeBg-9znLA_uReiK9ulA7Iy3kQYf9IjPRpUDQ1L_rpSLL2pLvcVMak0B1DO9Yu-mOQ4wXRbWONSQKFrtonUvCptk0ZUe3XCplqSy30Nb30y-5QfQ3QYeOy4jDux83HOze5rHQzRGa0wRRSSll9t%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D219bebd8b1ac16d585868db01b5a19d0&TIME=20240611T195252Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

tls, http2

2.5kB
9.1kB
20
17

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De81vHt1ebL9BUBsW_jplxqujVUCUygqkeBg-9znLA_uReiK9ulA7Iy3kQYf9IjPRpUDQ1L_rpSLL2pLvcVMak0B1DO9Yu-mOQ4wXRbWONSQKFrtonUvCptk0ZUe3XCplqSy30Nb30y-5QfQ3QYeOy4jDux83HOze5rHQzRGa0wRRSSll9t%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D219bebd8b1ac16d585868db01b5a19d0&TIME=20240611T195252Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De81vHt1ebL9BUBsW_jplxqujVUCUygqkeBg-9znLA_uReiK9ulA7Iy3kQYf9IjPRpUDQ1L_rpSLL2pLvcVMak0B1DO9Yu-mOQ4wXRbWONSQKFrtonUvCptk0ZUe3XCplqSy30Nb30y-5QfQ3QYeOy4jDux83HOze5rHQzRGa0wRRSSll9t%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D219bebd8b1ac16d585868db01b5a19d0&TIME=20240611T195252Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

HTTP Response

204
23.62.61.97:443

https://www.bing.com/aes/c.gif?RG=2c1b7262a9d34b1b9950f95776f4de79&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195252Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373

tls, http2

1.4kB
5.4kB
15
14

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=2c1b7262a9d34b1b9950f95776f4de79&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195252Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373

HTTP Response

200
31.14.70.245:443

https://store4.gofile.io/download/web/e98931b5-b38d-46ca-ad12-cf5821a7f3b1/Client-built.exe

tls, http

msedge.exe

3.3kB
88.6kB
41
74

HTTP Request

GET https://store4.gofile.io/download/web/e98931b5-b38d-46ca-ad12-cf5821a7f3b1/Client-built.exe

HTTP Response

200
31.14.70.245:443

store4.gofile.io

tls

msedge.exe

989 B
4.7kB
9
11
162.159.130.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.3kB
4.2kB
11
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.130.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.3kB
4.2kB
11
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.130.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.3kB
4.2kB
11
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.130.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.3kB
4.2kB
11
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.130.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.3kB
4.2kB
11
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.130.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.3kB
4.2kB
11
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.130.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.3kB
4.2kB
11
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.130.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.3kB
4.2kB
11
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.130.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.3kB
4.2kB
11
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.130.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.3kB
4.2kB
11
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.130.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.3kB
4.2kB
11
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.130.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.3kB
4.2kB
11
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.130.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.3kB
4.2kB
11
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.130.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.3kB
4.2kB
11
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.130.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.3kB
4.2kB
11
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101

8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

gofile.io

dns

msedge.exe

55 B
103 B
1
1

DNS Request

gofile.io

DNS Response

151.80.29.83

51.178.66.33

51.38.43.18
8.8.8.8:53

api.gofile.io

dns

msedge.exe

59 B
107 B
1
1

DNS Request

api.gofile.io

DNS Response

51.38.43.18

51.178.66.33

151.80.29.83
8.8.8.8:53

83.29.80.151.in-addr.arpa

dns

71 B
110 B
1
1

DNS Request

83.29.80.151.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

4.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

4.159.190.20.in-addr.arpa
8.8.8.8:53

s.gofile.io

dns

msedge.exe

57 B
73 B
1
1

DNS Request

s.gofile.io

DNS Response

51.75.242.210
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

18.43.38.51.in-addr.arpa

dns

70 B
108 B
1
1

DNS Request

18.43.38.51.in-addr.arpa
8.8.8.8:53

210.242.75.51.in-addr.arpa

dns

72 B
100 B
1
1

DNS Request

210.242.75.51.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

97.61.62.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

97.61.62.23.in-addr.arpa
8.8.8.8:53

store4.gofile.io

dns

msedge.exe

62 B
78 B
1
1

DNS Request

store4.gofile.io

DNS Response

31.14.70.245
224.0.0.251:5353

586 B
9
8.8.8.8:53

245.70.14.31.in-addr.arpa

dns

71 B
110 B
1
1

DNS Request

245.70.14.31.in-addr.arpa
8.8.8.8:53

gateway.discord.gg

dns

Client-built.exe

64 B
144 B
1
1

DNS Request

gateway.discord.gg

DNS Response

162.159.130.234

162.159.136.234

162.159.135.234

162.159.133.234

162.159.134.234
8.8.8.8:53

234.130.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

234.130.159.162.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

95.12.20.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

95.12.20.2.in-addr.arpa
8.8.8.8:53

80.90.14.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

80.90.14.23.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

30.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

30.243.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
4fff92a7f6ee512c0e0a0807545caa85

SHA1
a23892a150fb3644dce960ff8446f991b9bea6ef

SHA256
c7682aa99c6ecad0b9bbbd73c43b2da83ac3c46fa08db8628f4a2724fdbd5f7e

SHA512
d7e2600eb60dccf3ddb55e9560813c5c7516f6e05f6b299e5677a1c5224e32ff0ab43b7e2b6fef43cc84708aed323a3b698c1a5c554c9e7e43e406048e4fe64f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
317B

MD5
afc6cddd7e64d81e52b729d09f227107

SHA1
ad0d3740f4b66de83db8862911c07dc91928d2f6

SHA256
b5e81a7c7d80feaaa10ee7bc8aaef9f21a5c1e4b03b3823ed115022311d674a0

SHA512
844edb69585153c378a7c97709983776fc9303a32fb5ef8122ecca32adfc0b265f5ef7118ee07814da5c020ac7ba1bf2a2f66d46312e4d8e6df99aab2e5f9b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93eb4aee436d135c043c46b9551b44c0

SHA1
31d98117c86b76f42d69c7391c62b0550025673a

SHA256
341c6f9eaae2f6a971ce74aa909fd1176804f4536a7ae931b0333848834b1a5b

SHA512
cb58a6019baf32ecb0920f05ad060899153c9b0b22174dafc9b4c58648193daada91674b8a017edb6d4e3ecce90e033d203709ae9ee1ba0630da4cba2f6bb5a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e1302951-dc5d-41f8-84d3-c512ec444a04.tmp

Filesize
5KB

MD5
3b2ae7c91088ddf3e1b3d88451ccacaf

SHA1
36a0b394fa0753832ad998d2268bcdb264fcf291

SHA256
c35923fe44b3039eb6a68169a0a970d59a3c312274a66684072c98595a497478

SHA512
2b5dbc6d21dab742505a27a8aa8d65cc2ca0cc536c5ec77baf01895109e17258c5d35d01f7413d8ca1619a68da383f4901efb5cfd87612a29301ca3062fb1009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dcb8eeea9e24f18516cebd29f81fa95b

SHA1
7297a45afb48df3bf1ae510361647af04d2be738

SHA256
f9fde7c188390b38bdb39c46708a82f4823d3a8239286d2b451c5cbdf1252e3e

SHA512
be4a83fa635c61087f88f03e5c18137a1a9e059ab4bdf9c58753e1c07a1b558e93321baae21ad907d0076e36817985cb7f0153a28b0a42c7099c5326b71ea668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0b449dd3262b5bc514e24c32f3d0914b

SHA1
2b6545b36c7f8488b7a8095ce6a3bb6e87a71ce1

SHA256
dbcb82f2a579a1cd56a40c0b494852089d0c10976dd158e2c20b281fc21b16e8

SHA512
b02461b1705f33a9f410b27e35a9de1fbb8b890c3517db5a42072d3f698c4cf7494f00e58713b623e9758ebe0d6cda3375c5d2886dc6d54cc352a7076e87fc05

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 375075.crdownload

Filesize
78KB

MD5
bc64cffd6ca84e251b4e8f685481cd53

SHA1
7c99cfe5741d7b10a510c46f4c5dd46691c33f51

SHA256
10bd9b964084599dc1c1a0193d8ca5bc0ea8800748e6dc5a6240dce6170adf6f

SHA512
953b3cbbeff0177da28d4d0a6862d08d865b0e906501bad5884e6a987a4a846a7ae0b8c0c07daebd88f12c23108722753436d5f93559c38e860eb1600a3d8015

Download Submit
memory/5532-105-0x00000243995F0000-0x0000024399608000-memory.dmp

Filesize
96KB

Download
memory/5532-106-0x00000243B3D80000-0x00000243B3F42000-memory.dmp

Filesize
1.8MB

Download
memory/5532-108-0x00000243B4580000-0x00000243B4AA8000-memory.dmp

Filesize
5.2MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request