mercurialgrabber | hxxps://gofile[.]io/d/jCICOk

Virtualization/Sandbox Evasion

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions	Account Checker 2.0.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions	Account Checker 2.0 (1).exe

Downloads MZ/PE file

Looks for VMWare Tools registry key 2 TTPs 2 IoCs

evasion

Query Registry

Virtualization/Sandbox Evasion

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools	Account Checker 2.0.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools	Account Checker 2.0 (1).exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Account Checker 2.0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Account Checker 2.0 (1).exe

Executes dropped EXE 2 IoCs

pid	Process
4948	Account Checker 2.0.exe
4816	Account Checker 2.0 (1).exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
24	discord.com
25	discord.com
28	discord.com
36	discord.com
37	discord.com

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
34	ip4.seeip.org
20	ip4.seeip.org
21	ip4.seeip.org
22	ip-api.com

Maps connected drives based on registry 3 TTPs 4 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum\0	Account Checker 2.0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	Account Checker 2.0 (1).exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum\0	Account Checker 2.0 (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	Account Checker 2.0.exe

Checks SCSI registry key(s) 3 TTPs 2 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S	Account Checker 2.0 (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S	Account Checker 2.0.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Account Checker 2.0 (1).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Account Checker 2.0 (1).exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Account Checker 2.0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Account Checker 2.0.exe

Enumerates system info in registry 2 TTPs 11 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation	Account Checker 2.0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName	Account Checker 2.0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0	Account Checker 2.0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation	Account Checker 2.0 (1).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0	Account Checker 2.0 (1).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName	Account Checker 2.0 (1).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer	Account Checker 2.0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer	Account Checker 2.0 (1).exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133653055526719055"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
2012	chrome.exe
2012	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeDebugPrivilege	4948	Account Checker 2.0.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeDebugPrivilege	4816	Account Checker 2.0 (1).exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
4948	Account Checker 2.0.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3364 wrote to memory of 4484	3364	chrome.exe	70
PID 3364 wrote to memory of 4484	3364	chrome.exe	70
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 212	3364	chrome.exe	72
PID 3364 wrote to memory of 2252	3364	chrome.exe	73
PID 3364 wrote to memory of 2252	3364	chrome.exe	73
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74
PID 3364 wrote to memory of 432	3364	chrome.exe	74

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/jCICOk
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff536a9758,0x7fff536a9768,0x7fff536a9778
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:2
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1768 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4404 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2928 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5416 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5448 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5128 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5356 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:964
- C:\Users\Admin\Downloads\Account Checker 2.0.exe
  "C:\Users\Admin\Downloads\Account Checker 2.0.exe"
  2⤵
  - Looks for VirtualBox Guest Additions in registry
  - Looks for VMWare Tools registry key
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Maps connected drives based on registry
  - Checks SCSI registry key(s)
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5652 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4756 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5468 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5752 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4412 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Users\Admin\Downloads\Account Checker 2.0 (1).exe
  "C:\Users\Admin\Downloads\Account Checker 2.0 (1).exe"
  2⤵
  - Looks for VirtualBox Guest Additions in registry
  - Looks for VMWare Tools registry key
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Maps connected drives based on registry
  - Checks SCSI registry key(s)
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 --field-trial-handle=1864,i,11028281555568879067,18286196507294014043,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1824

Network

DNS

gofile.io

chrome.exe

Remote address:

8.8.8.8:53

Request

gofile.io

IN A

Response

gofile.io

IN A

51.178.66.33

gofile.io

IN A

51.38.43.18

gofile.io

IN A

151.80.29.83
GET

https://gofile.io/d/jCICOk

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /d/jCICOk HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: text/html; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Thu, 13 Jun 2024 15:11:55 GMT
etag: W/"27a7-1901227c6e9"
content-encoding: gzip
GET

https://gofile.io/dist/css/bootstrap.min.css

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/css/bootstrap.min.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:14 GMT
etag: W/"2fbaa-1857d39bf79"
content-encoding: gzip
GET

https://gofile.io/dist/css/bootstrap-icons.css

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/css/bootstrap-icons.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:14 GMT
etag: W/"17579-1857d39bf79"
content-encoding: gzip
GET

https://gofile.io/dist/css/bootstrap-nightfall.css

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/css/bootstrap-nightfall.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:14 GMT
etag: W/"c869-1857d39bf79"
content-encoding: gzip
GET

https://gofile.io/dist/css/plyr.css

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/css/plyr.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Sun, 08 Jan 2023 19:47:43 GMT
etag: W/"85ae-18592ecb07b"
content-encoding: gzip
GET

https://gofile.io/dist/css/allcss.css

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/css/allcss.css HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: text/css; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Fri, 26 Jan 2024 00:18:18 GMT
etag: W/"758-18d4321b326"
content-encoding: gzip
GET

https://gofile.io/dist/js/bootstrap.bundle.min.js

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/js/bootstrap.bundle.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:14 GMT
etag: W/"13a49-1857d39bf7d"
content-encoding: gzip
GET

https://gofile.io/dist/js/sha256.min.js

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/js/sha256.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:14 GMT
etag: W/"2339-1857d39bf81"
content-encoding: gzip
GET

https://gofile.io/dist/js/qrcode.min.js

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/js/qrcode.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:14 GMT
etag: W/"4dda-1857d39bf81"
content-encoding: gzip
GET

https://gofile.io/dist/js/dayjs.min.js

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/js/dayjs.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:14 GMT
etag: W/"1a0e-1857d39bf7d"
content-encoding: gzip
GET

https://gofile.io/dist/js/customParseFormat.js

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/js/customParseFormat.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:14 GMT
etag: W/"ea2-1857d39bf7d"
content-encoding: gzip
GET

https://gofile.io/dist/js/marked.min.js

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/js/marked.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:14 GMT
etag: W/"aca2-1857d39bf7d"
content-encoding: gzip
GET

https://gofile.io/dist/js/plyr.js

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/js/plyr.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Sun, 08 Jan 2023 19:47:43 GMT
etag: W/"1b1b2-18592ecb07f"
content-encoding: gzip
GET

https://gofile.io/dist/js/chart.umd.min.js

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/js/chart.umd.min.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Wed, 08 Mar 2023 18:58:23 GMT
etag: W/"3094c-186c296b964"
content-encoding: gzip
GET

https://gofile.io/dist/js/alljs.js

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/js/alljs.js HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Sun, 07 Jul 2024 00:22:29 GMT
etag: W/"38cd1-1908a921b82"
content-encoding: gzip
GET

https://gofile.io/dist/img/logo-small-70.png

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/img/logo-small-70.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:29 GMT
content-type: image/png
content-length: 2367
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:14 GMT
etag: W/"93f-1857d39bf7d"
GET

https://gofile.io/dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47 HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://gofile.io
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:30 GMT
content-type: font/woff2
content-length: 121296
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:14 GMT
etag: W/"1d9d0-1857d39bf7d"
GET

https://gofile.io/dist/img/favicon96.png

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/img/favicon96.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:30 GMT
content-type: image/png
content-length: 2886
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:14 GMT
etag: W/"b46-1857d39bf7d"
GET

https://gofile.io/dist/img/favicon32.png

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/img/favicon32.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:30 GMT
content-type: image/png
content-length: 903
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:14 GMT
etag: W/"387-1857d39bf7d"
GET

https://gofile.io/dist/img/favicon16.png

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /dist/img/favicon16.png HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:30 GMT
content-type: image/png
content-length: 503
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 04 Jan 2023 14:40:14 GMT
etag: W/"1f7-1857d39bf7d"
GET

https://gofile.io/contents/files.html

chrome.exe

Remote address:

51.178.66.33:443

Request

GET /contents/files.html HTTP/2.0
host: gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=LMfAQrlWIl12ZprPuz3trg25ANPqBhSK

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:31 GMT
content-type: text/html; charset=UTF-8
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: origin
x-xss-protection: 0
cache-control: public, max-age=0
last-modified: Sat, 22 Jun 2024 01:25:13 GMT
etag: W/"4a1d-1903d8c2877"
content-encoding: gzip
DNS

33.66.178.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.66.178.51.in-addr.arpa

IN PTR

Response

33.66.178.51.in-addr.arpa

IN PTR

ns31226493ip-51-178-66eu
DNS

api.gofile.io

chrome.exe

Remote address:

8.8.8.8:53

Request

api.gofile.io

IN A

Response

api.gofile.io

IN A

151.80.29.83

api.gofile.io

IN A

51.38.43.18

api.gofile.io

IN A

51.178.66.33
POST

https://api.gofile.io/accounts

chrome.exe

Remote address:

151.80.29.83:443

Request

POST /accounts HTTP/2.0
host: api.gofile.io
content-length: 2
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:30 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"6f-5Hiz/0rI6Nvd9JjSsfn8+zgwDBQ"
content-encoding: gzip
OPTIONS

https://api.gofile.io/accounts/ac518555-5a26-4fa5-8165-c5bab53f8e58

chrome.exe

Remote address:

151.80.29.83:443

Request

OPTIONS /accounts/ac518555-5a26-4fa5-8165-c5bab53f8e58 HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:30 GMT
content-type: text/html; charset=utf-8
content-length: 8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
allow: GET,HEAD
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
GET

https://api.gofile.io/accounts/ac518555-5a26-4fa5-8165-c5bab53f8e58

chrome.exe

Remote address:

151.80.29.83:443

Request

GET /accounts/ac518555-5a26-4fa5-8165-c5bab53f8e58 HTTP/2.0
host: api.gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
authorization: Bearer LMfAQrlWIl12ZprPuz3trg25ANPqBhSK
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:31 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"111-Cvr6nGYry8TA8cXGyYvMcWab61c"
content-encoding: gzip
OPTIONS

https://api.gofile.io/contents/jCICOk?wt=4fd6sg89d7s6

chrome.exe

Remote address:

151.80.29.83:443

Request

OPTIONS /contents/jCICOk?wt=4fd6sg89d7s6 HTTP/2.0
host: api.gofile.io
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization
origin: https://gofile.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:31 GMT
content-type: text/html; charset=utf-8
content-length: 15
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
allow: GET,HEAD,DELETE
etag: W/"f-vwvPzyVoI/ffOSHTCooZCn+JbCg"
GET

https://api.gofile.io/contents/jCICOk?wt=4fd6sg89d7s6

chrome.exe

Remote address:

151.80.29.83:443

Request

GET /contents/jCICOk?wt=4fd6sg89d7s6 HTTP/2.0
host: api.gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
authorization: Bearer LMfAQrlWIl12ZprPuz3trg25ANPqBhSK
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.25.5
date: Sat, 13 Jul 2024 00:52:31 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofile.io
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
access-control-allow-credentials: true
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"2e6-SYj0IdnyXxfF4EOwrfsMu6iqO/w"
content-encoding: gzip
DNS

s.gofile.io

chrome.exe

Remote address:

8.8.8.8:53

Request

s.gofile.io

IN A

Response

s.gofile.io

IN A

51.75.242.210
GET

https://s.gofile.io/js/script.js

chrome.exe

Remote address:

51.75.242.210:443

Request

GET /js/script.js HTTP/2.0
host: s.gofile.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: accountToken=LMfAQrlWIl12ZprPuz3trg25ANPqBhSK

Response

HTTP/2.0 200

access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
content-type: application/javascript
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jul 2024 00:52:31 GMT
server: Cowboy
x-content-type-options: nosniff
content-length: 1346
DNS

83.29.80.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.29.80.151.in-addr.arpa

IN PTR

Response

83.29.80.151.in-addr.arpa

IN PTR

ns3048708ip-151-80-29eu
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

216.58.212.234

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

172.217.169.42

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

216.58.213.10
POST

https://s.gofile.io/api/event

chrome.exe

Remote address:

51.75.242.210:443

Request

POST /api/event HTTP/2.0
host: s.gofile.io
content-length: 74
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://gofile.io
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gofile.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 202

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
content-type: text/plain; charset=utf-8
date: Sat, 13 Jul 2024 00:52:31 GMT
server: Cowboy
x-request-id: F-Gfiv2KyCMK9UOkPQmC
content-length: 2
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAmYyA9JLGj4_xIFDRVSgeI=?alt=proto

chrome.exe

Remote address:

142.250.187.234:443

Request

GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAmYyA9JLGj4_xIFDRVSgeI=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CKzdygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

210.242.75.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.242.75.51.in-addr.arpa

IN PTR

Response

210.242.75.51.in-addr.arpa

IN PTR

mailgofileio
DNS

234.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.187.250.142.in-addr.arpa

IN PTR

Response

234.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f101e100net
DNS

store1.gofile.io

chrome.exe

Remote address:

8.8.8.8:53

Request

store1.gofile.io

IN A

Response

store1.gofile.io

IN A

45.112.123.227
GET

https://store1.gofile.io/download/web/a19cf3dd-4459-45e0-ae02-8d44fd8346a3/Account%20Checker%202.0.exe

chrome.exe

Remote address:

45.112.123.227:443

Request

GET /download/web/a19cf3dd-4459-45e0-ae02-8d44fd8346a3/Account%20Checker%202.0.exe HTTP/1.1
Host: store1.gofile.io
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://gofile.io/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: accountToken=LMfAQrlWIl12ZprPuz3trg25ANPqBhSK

Response

HTTP/1.1 200 OK

Server: nginx/1.27.0
Date: Sat, 13 Jul 2024 00:52:34 GMT
Content-Type: application/x-ms-dos-executable
Content-Length: 43008
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range
Content-Disposition: attachment; filename="Account Checker 2.0.exe"
Last-Modified: Fri, 12 Jul 2024 23:04:37 GMT
DNS

227.123.112.45.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.123.112.45.in-addr.arpa

IN PTR

Response
DNS

ip4.seeip.org

Account Checker 2.0 (1).exe

Remote address:

8.8.8.8:53

Request

ip4.seeip.org

IN A

Response

ip4.seeip.org

IN A

23.128.64.141
GET

https://ip4.seeip.org/

Account Checker 2.0.exe

Remote address:

23.128.64.141:443

Request

GET / HTTP/1.1
Host: ip4.seeip.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 13 Jul 2024 00:52:38 GMT
Content-Type: text/plain
Content-Length: 13
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubDomains
DNS

ip-api.com

Account Checker 2.0 (1).exe

Remote address:

8.8.8.8:53

Request

ip-api.com

IN A

Response

ip-api.com

IN A

208.95.112.1
GET

http://ip-api.com//json/194.110.13.70

Account Checker 2.0.exe

Remote address:

208.95.112.1:80

Request

GET //json/194.110.13.70 HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 13 Jul 2024 00:52:38 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 311
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
DNS

discord.com

Account Checker 2.0 (1).exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.138.232

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.136.232

discord.com

IN A

162.159.135.232
POST

https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

Account Checker 2.0.exe

Remote address:

162.159.137.232:443

Request

POST /api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF HTTP/1.1
Content-Type: application/json
Host: discord.com
Content-Length: 459
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sat, 13 Jul 2024 00:52:39 GMT
Content-Type: application/json
Content-Length: 45
Connection: keep-alive
set-cookie: __dcfduid=343f225440b211efb062528ced6fc169; Expires=Thu, 12-Jul-2029 00:52:39 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1720831961
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1twrIItKC72lQJVi90UEiE66JgKG1U8i9ualCDIFRSzwqN8Gv5k6VANNQHGGktprmbp7tIDEdKnwt%2B%2Fa3EJoNVTOO7QJVY4vj7bl3D7yINSZpSu8iatDJO4PzXEu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=343f225440b211efb062528ced6fc1690a4b35057ede39168daed20a59587d04f7274f2d68f22fe2e16c1023fff41f22; Expires=Thu, 12-Jul-2029 00:52:39 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=dd5e5c7bd1dcbaa449ee9c63f1f7327c8b687f12-1720831959; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=6U4cPFaZ8xPk7PeiAfsNPXvRKMRTYfgafGPIaSFl8xA-1720831959712-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8a254aa33d0c60f9-LHR
POST

https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

Account Checker 2.0.exe

Remote address:

162.159.137.232:443

Request

POST /api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF HTTP/1.1
Content-Type: application/json
Host: discord.com
Content-Length: 315
Expect: 100-continue

Response

HTTP/1.1 404 Not Found

Date: Sat, 13 Jul 2024 00:52:39 GMT
Content-Type: application/json
Content-Length: 45
Connection: keep-alive
set-cookie: __dcfduid=345d34ba40b211efb36b6e0b624c0237; Expires=Thu, 12-Jul-2029 00:52:39 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1720831961
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L%2BkqIbdcY49%2FB4yYmyMKQar5ICJA2wD8L5%2FOLVzoq70MjVbKLJEWoEZmF9Mv3ZHAM%2FkNDDfxUonzMu8r%2FoZtmiHBTdAjTXBo3571bAHpSa%2FDWYnp%2FPQOmcnDXQWL"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=345d34ba40b211efb36b6e0b624c0237493becd4cd03cb9eb2d38bdf3e5a3a6c8251518584382835a7b3617023fae947; Expires=Thu, 12-Jul-2029 00:52:39 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=dd5e5c7bd1dcbaa449ee9c63f1f7327c8b687f12-1720831959; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=2lpCzr7WyDiBVfKl5g74q19uIXGK17C27ALmDAabxUI-1720831959912-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8a254aa47dcb60f9-LHR
POST

https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

Account Checker 2.0.exe

Remote address:

162.159.137.232:443

Request

POST /api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF HTTP/1.1
Content-Type: application/json
Host: discord.com
Content-Length: 746
Expect: 100-continue

Response

HTTP/1.1 404 Not Found

Date: Sat, 13 Jul 2024 00:52:40 GMT
Content-Type: application/json
Content-Length: 45
Connection: keep-alive
set-cookie: __dcfduid=349d6db440b211efa2f94e064a625b5b; Expires=Thu, 12-Jul-2029 00:52:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1720831961
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bX5HwutbaGlAyd8t0g0XdhXIYsZfPWFlMeMa5VaYuP6hHI8ESsMvQvIUYFuPM3lDR4jznpOpr7v7kgvwdLaFpcL%2Fu3K1IdLvfMqSnpOFhHX4NLQG91MrmLPZQmiS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=349d6db440b211efa2f94e064a625b5b5c30d898bebe26d667db9df98bc980eeec15880439c8e08e1e21cc138d57b852; Expires=Thu, 12-Jul-2029 00:52:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=a7f636419adf93238744f9b5d9879bbac2fd8dd4-1720831960; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=Avlv5LIjE.qgGt3UuuBtBtAHBdBUlnrNmYjiDcSent4-1720831960330-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8a254aa71f4f60f9-LHR
POST

https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

Account Checker 2.0.exe

Remote address:

162.159.137.232:443

Request

POST /api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF HTTP/1.1
Content-Type: multipart/form-data; boundary=----------f024426b50384910b18b2ea1d40cf1fb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X x.y; rv:42.0) Gecko/20100101 Firefox/42.0
Host: discord.com
Content-Length: 662
Expect: 100-continue

Response

HTTP/1.1 404 Not Found

Date: Sat, 13 Jul 2024 00:52:40 GMT
Content-Type: application/json
Content-Length: 45
Connection: keep-alive
set-cookie: __dcfduid=34ec520840b211ef98dd5a35df1313dc; Expires=Thu, 12-Jul-2029 00:52:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 2
x-ratelimit-reset: 1720831962
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VpuQZ0z2JQ5rlLZB846ko32D62hWwQomGGtGpS8x2T30YKRb9W9OzZxFBLr%2BTIKhf0nkA1yZ53hYdpJYBopTUZHzTC1YlfRS6RQ1vMBJheg1XoUdUsii6H36VYHG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=34ec520840b211ef98dd5a35df1313dc701a2aab0aec937b621c25fa7a6af88870b8786a9522886ff13143707b20067c; Expires=Thu, 12-Jul-2029 00:52:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=1fc32494aa31827f785de4cd259a4fbb17b19bd3-1720831960; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=HjyNJddcJTuCV.bT6_PZXAU9x9BjdnEjoSFgFDs4Vts-1720831960849-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8a254aaa695460f9-LHR
DNS

141.64.128.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

141.64.128.23.in-addr.arpa

IN PTR

Response
DNS

141.64.128.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

141.64.128.23.in-addr.arpa

IN PTR

Response
DNS

1.112.95.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.112.95.208.in-addr.arpa

IN PTR

Response

1.112.95.208.in-addr.arpa

IN PTR

ip-apicom
POST

https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

Account Checker 2.0.exe

Remote address:

162.159.137.232:443

Request

POST /api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: discord.com
Content-Length: 196
Expect: 100-continue

Response

HTTP/1.1 404 Not Found

Date: Sat, 13 Jul 2024 00:52:40 GMT
Content-Type: application/json
Content-Length: 45
Connection: keep-alive
set-cookie: __dcfduid=34c767a440b211ef877d521141747de5; Expires=Thu, 12-Jul-2029 00:52:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1720831962
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d1fONa70CJt7tVDZNe3lTbtp17zYG5lLRHWanPY41TkS5%2FPBOmX4dmt94uRpjHzYFmekrudiTvK%2FmHQi%2B5uRN0NGNUzb9ye0Zp3QGU7EMR%2FP%2FcFmSdkTHrQo7N0K"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=34c767a440b211ef877d521141747de51e7047d69e5b6ad6268daf304f47a445688d5129f24f681854986ea3b99af3cd; Expires=Thu, 12-Jul-2029 00:52:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=a7f636419adf93238744f9b5d9879bbac2fd8dd4-1720831960; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=C6MJP9qa5fW9Y7Tympj7bCdfcpdgXKKKR7JvYblKnXM-1720831960605-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8a254aa8dff15315-LHR
DNS

232.137.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.137.159.162.in-addr.arpa

IN PTR

Response
DNS

26.211.222.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.211.222.173.in-addr.arpa

IN PTR

Response

26.211.222.173.in-addr.arpa

IN PTR

a173-222-211-26deploystaticakamaitechnologiescom
GET

https://ip4.seeip.org/

Account Checker 2.0 (1).exe

Remote address:

23.128.64.141:443

Request

GET / HTTP/1.1
Host: ip4.seeip.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 13 Jul 2024 00:52:53 GMT
Content-Type: text/plain
Content-Length: 13
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubDomains
GET

http://ip-api.com//json/194.110.13.70

Account Checker 2.0 (1).exe

Remote address:

208.95.112.1:80

Request

GET //json/194.110.13.70 HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 13 Jul 2024 00:52:53 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 311
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
POST

https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

Account Checker 2.0 (1).exe

Remote address:

162.159.137.232:443

Request

POST /api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF HTTP/1.1
Content-Type: application/json
Host: discord.com
Content-Length: 459
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Sat, 13 Jul 2024 00:52:54 GMT
Content-Type: application/json
Content-Length: 45
Connection: keep-alive
set-cookie: __dcfduid=3d246adc40b211ef822bcada02ae9785; Expires=Thu, 12-Jul-2029 00:52:54 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1720831975
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jc7GZxRDRF0fQKzkSoAqvXM8v6WoA5CiOZzNF5X05Z1ToWmLqEXjV7m4ZgoGQxfJ6dKsTn7kq4%2B%2BdlAWOV9UBQtI9y8eHJ0G%2BP02KLJhOqQ6APvM1QBJFgTSWme8"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=3d246adc40b211ef822bcada02ae9785039f6530edb82846c3b5522e9dd716e5b4aa95ec7ec414c92104386098f7f527; Expires=Thu, 12-Jul-2029 00:52:54 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=bffe5032f4e44848464c4862d4d26a7990e2acb5-1720831974; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=8ea7nMTl7ncMtxeKha6BSvR4zS47eL6e9S0PIcJLzbQ-1720831974636-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8a254b007eb076d7-LHR
POST

https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

Account Checker 2.0 (1).exe

Remote address:

162.159.137.232:443

Request

POST /api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF HTTP/1.1
Content-Type: application/json
Host: discord.com
Content-Length: 315
Expect: 100-continue

Response

HTTP/1.1 404 Not Found

Date: Sat, 13 Jul 2024 00:52:54 GMT
Content-Type: application/json
Content-Length: 45
Connection: keep-alive
set-cookie: __dcfduid=3d4480d840b211efa56e4e064a625b5b; Expires=Thu, 12-Jul-2029 00:52:54 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1720831976
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fu6K%2FoyORsFx1VBJ19IbSxCWjInNNMU7ApK3KI88nlblJ0aRbxR6OWGE4f%2F2Nc3pVUKlyZNM07EQPEzzE8D0xLhtS6hdTuMNotoXWUr0i6aMGvEUu8Sd%2BURLz%2FtU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=3d4480d840b211efa56e4e064a625b5b997f4097b854dd6ec7ff5f17023321af036927ee00fdc862daf640099ec93295; Expires=Thu, 12-Jul-2029 00:52:54 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=bffe5032f4e44848464c4862d4d26a7990e2acb5-1720831974; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=OrU6hUvcYP8mZ0tpOtOhREVZ3IPPjQqAKHhmPLZezIQ-1720831974848-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8a254b01cf5676d7-LHR
POST

https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

Account Checker 2.0 (1).exe

Remote address:

162.159.137.232:443

Request

POST /api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF HTTP/1.1
Content-Type: application/json
Host: discord.com
Content-Length: 746
Expect: 100-continue

Response

HTTP/1.1 404 Not Found

Date: Sat, 13 Jul 2024 00:52:55 GMT
Content-Type: application/json
Content-Length: 45
Connection: keep-alive
set-cookie: __dcfduid=3d8ac58e40b211ef8efe7a10fa5d1204; Expires=Thu, 12-Jul-2029 00:52:55 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1720831976
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UnzA5apJPy5FOegTufpgtO01hfrNkC80wO92HELUSTQFObiOsNWeGzV4mjYuVMx9QI%2FooQp7M5pVr5jZkS3wdvcGaeNxcYk4hJ6sKCAfcv14TdIhjEeAh3tISd9e"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=3d8ac58e40b211ef8efe7a10fa5d12048c8a5b770c0d0584025127bb640ddfa8df17ad9af1fcbfaba1eb6d6aa0985cbc; Expires=Thu, 12-Jul-2029 00:52:55 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=b8ed703b40c8493de547685069e04cf752c6637b-1720831975; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=Dmb5a5PFh9sa0T2BvavbVAzrJNKHxfUvixW15C0kzGU-1720831975307-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8a254b04c92776d7-LHR
POST

https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

Account Checker 2.0 (1).exe

Remote address:

162.159.137.232:443

Request

POST /api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF HTTP/1.1
Content-Type: multipart/form-data; boundary=----------812c6bfef6da48fe9eca2fe241124b25
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X x.y; rv:42.0) Gecko/20100101 Firefox/42.0
Host: discord.com
Content-Length: 662
Expect: 100-continue

Response

HTTP/1.1 404 Not Found

Date: Sat, 13 Jul 2024 00:52:55 GMT
Content-Type: application/json
Content-Length: 45
Connection: keep-alive
set-cookie: __dcfduid=3ddf2f2040b211ef8c0e3a1768bfa047; Expires=Thu, 12-Jul-2029 00:52:55 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1720831977
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yKSN%2BnmaLUCnPDgpGyNq5vw19Yk480hRTG7nTvqGP4WfC04uzhuX64uSpuzJayvBbX3MV22XreojvewoZcZcquxhXhjaUBY59mrXeUln0obi1YiofMNO0i7l0RSD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=3ddf2f2040b211ef8c0e3a1768bfa047ecf2d55bbb432739a7e210b767225971129eb25abd7fecc9e3e55fc09f744f19; Expires=Thu, 12-Jul-2029 00:52:55 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=a627265a748cc7552ff2c10744eef2a725f7c3a3-1720831975; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=W410jJ7RTtZluKixYIoPN4Ibq4gXQWW3H8_rc0aHaNU-1720831975863-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8a254b07eac876d7-LHR
POST

https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

Account Checker 2.0 (1).exe

Remote address:

162.159.137.232:443

Request

POST /api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: discord.com
Content-Length: 196
Expect: 100-continue

Response

HTTP/1.1 404 Not Found

Date: Sat, 13 Jul 2024 00:52:55 GMT
Content-Type: application/json
Content-Length: 45
Connection: keep-alive
set-cookie: __dcfduid=3db6336840b211ef818d7a10fa5d1204; Expires=Thu, 12-Jul-2029 00:52:55 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1720831977
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PB5oQzgubnzR8VBiypUIQZiX%2Fo5GjzYEN%2BdG9lu38HCSB5Ii%2FF31Ct%2Bpw5%2BhYrixNl3qjaMAL4KrXuK8To%2F7YmhDdkdx8lpR%2BQen7OYIYrgzDhDrMp%2BQDV6jVtMj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=3db6336840b211ef818d7a10fa5d1204c2d6add797672720528795e8e58a35161b757531b75f355f23d514ea98497f85; Expires=Thu, 12-Jul-2029 00:52:55 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=b8ed703b40c8493de547685069e04cf752c6637b-1720831975; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=LT5.apsh9X6VX35rCCW8GizCqcikXtVDwyV6JquG7ig-1720831975593-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8a254b067d53bf02-LHR
DNS

99.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.201.58.216.in-addr.arpa

IN PTR

Response

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f991e100net

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f3�H

99.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f3�H
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR

Response

51.178.66.33:443

https://gofile.io/contents/files.html

tls, http2

chrome.exe

13.4kB
483.4kB
234
377

HTTP Request

GET https://gofile.io/d/jCICOk

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/css/bootstrap.min.css

HTTP Request

GET https://gofile.io/dist/css/bootstrap-icons.css

HTTP Request

GET https://gofile.io/dist/css/bootstrap-nightfall.css

HTTP Request

GET https://gofile.io/dist/css/plyr.css

HTTP Request

GET https://gofile.io/dist/css/allcss.css

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/js/bootstrap.bundle.min.js

HTTP Request

GET https://gofile.io/dist/js/sha256.min.js

HTTP Request

GET https://gofile.io/dist/js/qrcode.min.js

HTTP Request

GET https://gofile.io/dist/js/dayjs.min.js

HTTP Request

GET https://gofile.io/dist/js/customParseFormat.js

HTTP Request

GET https://gofile.io/dist/js/marked.min.js

HTTP Request

GET https://gofile.io/dist/js/plyr.js

HTTP Request

GET https://gofile.io/dist/js/chart.umd.min.js

HTTP Request

GET https://gofile.io/dist/js/alljs.js

HTTP Request

GET https://gofile.io/dist/img/logo-small-70.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon96.png

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon32.png

HTTP Response

200

HTTP Request

GET https://gofile.io/dist/img/favicon16.png

HTTP Response

200

HTTP Request

GET https://gofile.io/contents/files.html

HTTP Response

200
151.80.29.83:443

https://api.gofile.io/contents/jCICOk?wt=4fd6sg89d7s6

tls, http2

chrome.exe

2.6kB
10.7kB
24
30

HTTP Request

POST https://api.gofile.io/accounts

HTTP Response

200

HTTP Request

OPTIONS https://api.gofile.io/accounts/ac518555-5a26-4fa5-8165-c5bab53f8e58

HTTP Response

200

HTTP Request

GET https://api.gofile.io/accounts/ac518555-5a26-4fa5-8165-c5bab53f8e58

HTTP Response

200

HTTP Request

OPTIONS https://api.gofile.io/contents/jCICOk?wt=4fd6sg89d7s6

HTTP Response

200

HTTP Request

GET https://api.gofile.io/contents/jCICOk?wt=4fd6sg89d7s6

HTTP Response

200
51.75.242.210:443

https://s.gofile.io/js/script.js

tls, http2

chrome.exe

2.1kB
6.3kB
15
17

HTTP Request

GET https://s.gofile.io/js/script.js

HTTP Response

200
51.75.242.210:443

https://s.gofile.io/api/event

tls, http2

chrome.exe

2.3kB
5.0kB
17
16

HTTP Request

POST https://s.gofile.io/api/event

HTTP Response

202
142.250.187.234:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAmYyA9JLGj4_xIFDRVSgeI=?alt=proto

tls, http2

chrome.exe

1.8kB
6.8kB
15
17

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAmYyA9JLGj4_xIFDRVSgeI=?alt=proto
45.112.123.227:443

store1.gofile.io

tls

chrome.exe

989 B
4.7kB
9
11
45.112.123.227:443

https://store1.gofile.io/download/web/a19cf3dd-4459-45e0-ae02-8d44fd8346a3/Account%20Checker%202.0.exe

tls, http

chrome.exe

2.8kB
50.0kB
29
46

HTTP Request

GET https://store1.gofile.io/download/web/a19cf3dd-4459-45e0-ae02-8d44fd8346a3/Account%20Checker%202.0.exe

HTTP Response

200
23.128.64.141:443

https://ip4.seeip.org/

tls, http

Account Checker 2.0.exe

710 B
3.8kB
8
8

HTTP Request

GET https://ip4.seeip.org/

HTTP Response

200
208.95.112.1:80

http://ip-api.com//json/194.110.13.70

http

Account Checker 2.0.exe

309 B
620 B
5
3

HTTP Request

GET http://ip-api.com//json/194.110.13.70

HTTP Response

200
162.159.137.232:443

https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

tls, http

Account Checker 2.0.exe

4.6kB
10.8kB
21
28

HTTP Request

POST https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

HTTP Response

404

HTTP Request

POST https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

HTTP Response

404

HTTP Request

POST https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

HTTP Response

404

HTTP Request

POST https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

HTTP Response

404
162.159.137.232:443

https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

tls, http

Account Checker 2.0.exe

1.3kB
2.2kB
8
9

HTTP Request

POST https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

HTTP Response

404
23.128.64.141:443

https://ip4.seeip.org/

tls, http

Account Checker 2.0 (1).exe

802 B
4.1kB
10
9

HTTP Request

GET https://ip4.seeip.org/

HTTP Response

200
208.95.112.1:80

http://ip-api.com//json/194.110.13.70

http

Account Checker 2.0 (1).exe

309 B
620 B
5
3

HTTP Request

GET http://ip-api.com//json/194.110.13.70

HTTP Response

200
162.159.137.232:443

https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

tls, http

Account Checker 2.0 (1).exe

4.7kB
10.8kB
22
27

HTTP Request

POST https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

HTTP Response

404

HTTP Request

POST https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

HTTP Response

404

HTTP Request

POST https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

HTTP Response

404

HTTP Request

POST https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

HTTP Response

404
162.159.137.232:443

https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

tls, http

Account Checker 2.0 (1).exe

1.3kB
2.2kB
8
9

HTTP Request

POST https://discord.com/api/webhooks/1261457837645758516/cbFMY0vyoej9Fy1h9oLW6SKJKZGKJxVDKXx0A2CgiyfMXacUiQZNZ6_SbFXvwFMeEGKF

HTTP Response

404

8.8.8.8:53

gofile.io

dns

chrome.exe

55 B
103 B
1
1

DNS Request

gofile.io

DNS Response

51.178.66.33

51.38.43.18

151.80.29.83
8.8.8.8:53

33.66.178.51.in-addr.arpa

dns

71 B
111 B
1
1

DNS Request

33.66.178.51.in-addr.arpa
8.8.8.8:53

api.gofile.io

dns

chrome.exe

59 B
107 B
1
1

DNS Request

api.gofile.io

DNS Response

151.80.29.83

51.38.43.18

51.178.66.33
8.8.8.8:53

s.gofile.io

dns

chrome.exe

57 B
73 B
1
1

DNS Request

s.gofile.io

DNS Response

51.75.242.210
8.8.8.8:53

83.29.80.151.in-addr.arpa

dns

71 B
110 B
1
1

DNS Request

83.29.80.151.in-addr.arpa
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
301 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.187.234

216.58.212.234

172.217.16.234

142.250.178.10

142.250.200.42

142.250.187.202

172.217.169.10

216.58.201.106

172.217.169.42

142.250.200.10

142.250.180.10

216.58.204.74

142.250.179.234

216.58.213.10
8.8.8.8:53

210.242.75.51.in-addr.arpa

dns

72 B
100 B
1
1

DNS Request

210.242.75.51.in-addr.arpa
8.8.8.8:53

234.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.187.250.142.in-addr.arpa
8.8.8.8:53

store1.gofile.io

dns

chrome.exe

62 B
78 B
1
1

DNS Request

store1.gofile.io

DNS Response

45.112.123.227
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

227.123.112.45.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

227.123.112.45.in-addr.arpa
8.8.8.8:53

ip4.seeip.org

dns

Account Checker 2.0 (1).exe

59 B
75 B
1
1

DNS Request

ip4.seeip.org

DNS Response

23.128.64.141
8.8.8.8:53

ip-api.com

dns

Account Checker 2.0 (1).exe

56 B
72 B
1
1

DNS Request

ip-api.com

DNS Response

208.95.112.1
8.8.8.8:53

discord.com

dns

Account Checker 2.0 (1).exe

57 B
137 B
1
1

DNS Request

discord.com

DNS Response

162.159.137.232

162.159.138.232

162.159.128.233

162.159.136.232

162.159.135.232
8.8.8.8:53

141.64.128.23.in-addr.arpa

dns

144 B
280 B
2
2

DNS Request

141.64.128.23.in-addr.arpa

DNS Request

141.64.128.23.in-addr.arpa
8.8.8.8:53

1.112.95.208.in-addr.arpa

dns

71 B
95 B
1
1

DNS Request

1.112.95.208.in-addr.arpa
8.8.8.8:53

232.137.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

232.137.159.162.in-addr.arpa
8.8.8.8:53

26.211.222.173.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

26.211.222.173.in-addr.arpa
8.8.8.8:53

99.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

99.201.58.216.in-addr.arpa
8.8.8.8:53

30.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

30.243.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion