Analysis

  • max time kernel
    35s
  • max time network
    36s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2024, 11:55 UTC

General

  • Target

    https://gofile.io/d/oOpyqm

Malware Config

Extracted

Family

xenorat

C2

162.33.179.3

Mutex

Lethal_cheats

Attributes
  • delay

    5000

  • install_path

    temp

  • port

    4444

  • startup_name

    nothingset

Signatures

  • Detect XenoRat Payload 2 IoCs
  • XenorRat

    XenorRat is a remote access trojan written in C#.

  • Xenorat family
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/oOpyqm
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2836
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad86346f8,0x7ffad8634708,0x7ffad8634718
      2⤵
        PID:4476
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        2⤵
          PID:3704
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2468
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2428 /prefetch:8
          2⤵
            PID:4560
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
            2⤵
              PID:4744
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
              2⤵
                PID:4740
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
                2⤵
                  PID:224
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
                  2⤵
                    PID:1876
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2976
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                    2⤵
                      PID:4508
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5124 /prefetch:8
                      2⤵
                        PID:3668
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
                        2⤵
                          PID:4960
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5944 /prefetch:8
                          2⤵
                            PID:3856
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4024
                          • C:\Users\Admin\Downloads\client.exe
                            "C:\Users\Admin\Downloads\client.exe"
                            2⤵
                            • Checks computer location settings
                            • Executes dropped EXE
                            • System Location Discovery: System Language Discovery
                            • NTFS ADS
                            PID:1192
                            • C:\Users\Admin\AppData\Local\Temp\XenoManager\client.exe
                              "C:\Users\Admin\AppData\Local\Temp\XenoManager\client.exe"
                              3⤵
                              • Executes dropped EXE
                              • System Location Discovery: System Language Discovery
                              PID:2960
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
                            2⤵
                              PID:4988
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
                              2⤵
                                PID:4024
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
                                2⤵
                                  PID:3508
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2904002406931279969,15585876318149294220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
                                  2⤵
                                    PID:2388
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4612
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:1720

                                    Network

                                    • flag-us
                                      DNS
                                      136.32.126.40.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      136.32.126.40.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      95.221.229.192.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      95.221.229.192.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      gofile.io
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      gofile.io
                                      IN A
                                      Response
                                      gofile.io
                                      IN A
                                      45.112.123.126
                                    • flag-fr
                                      GET
                                      https://gofile.io/d/oOpyqm
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /d/oOpyqm HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      dnt: 1
                                      upgrade-insecure-requests: 1
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                      sec-fetch-site: none
                                      sec-fetch-mode: navigate
                                      sec-fetch-user: ?1
                                      sec-fetch-dest: document
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: text/html; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"27a7-190c87768fe"
                                      content-encoding: gzip
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/css/bootstrap.min.css
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/css/bootstrap.min.css HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: text/css,*/*;q=0.1
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: style
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: text/css; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"2fbaa-190c87768da"
                                      content-encoding: gzip
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/css/bootstrap-icons.css
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/css/bootstrap-icons.css HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: text/css,*/*;q=0.1
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: style
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: text/css; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"17579-190c87768da"
                                      content-encoding: gzip
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/css/bootstrap-nightfall.css
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/css/bootstrap-nightfall.css HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: text/css,*/*;q=0.1
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: style
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: text/css; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"c869-190c87768da"
                                      content-encoding: gzip
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/css/plyr.css
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/css/plyr.css HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: text/css,*/*;q=0.1
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: style
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: text/css; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"85ae-190c87768e2"
                                      content-encoding: gzip
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/css/allcss.css
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/css/allcss.css HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: text/css,*/*;q=0.1
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: style
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: text/css; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"758-190c87768d6"
                                      content-encoding: gzip
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/js/bootstrap.bundle.min.js
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/js/bootstrap.bundle.min.js HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: application/javascript; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"13a49-190c87768ee"
                                      content-encoding: gzip
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/js/sha256.min.js
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/js/sha256.min.js HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: application/javascript; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"2339-190c87768fe"
                                      content-encoding: gzip
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/js/qrcode.min.js
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/js/qrcode.min.js HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: application/javascript; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"4dda-190c87768fe"
                                      content-encoding: gzip
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/js/dayjs.min.js
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/js/dayjs.min.js HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: application/javascript; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"1a0e-190c87768f6"
                                      content-encoding: gzip
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/js/customParseFormat.js
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/js/customParseFormat.js HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: application/javascript; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"ea2-190c87768f6"
                                      content-encoding: gzip
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/js/marked.min.js
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/js/marked.min.js HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: application/javascript; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"aca2-190c87768fa"
                                      content-encoding: gzip
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/js/plyr.js
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/js/plyr.js HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: application/javascript; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"1b1b2-190c87768fa"
                                      content-encoding: gzip
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/js/chart.umd.min.js
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/js/chart.umd.min.js HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: application/javascript; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"3094c-190c87768f6"
                                      content-encoding: gzip
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/js/alljs.js
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/js/alljs.js HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: application/javascript; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 01 Nov 2024 19:06:55 GMT
                                      etag: W/"386fc-192e91f9c20"
                                      content-encoding: gzip
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/img/logo-small-70.png
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/img/logo-small-70.png HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: image
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: image/png
                                      content-length: 2367
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      accept-ranges: bytes
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"93f-190c87768ea"
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47 HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      origin: https://gofile.io
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      dnt: 1
                                      accept: */*
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: cors
                                      sec-fetch-dest: font
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:19 GMT
                                      content-type: font/woff2
                                      content-length: 121296
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      accept-ranges: bytes
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"1d9d0-190c87768e2"
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/img/favicon96.png
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/img/favicon96.png HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: image
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:20 GMT
                                      content-type: image/png
                                      content-length: 2886
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      accept-ranges: bytes
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"b46-190c87768ea"
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/img/favicon32.png
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/img/favicon32.png HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: image
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:20 GMT
                                      content-type: image/png
                                      content-length: 903
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      accept-ranges: bytes
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"387-190c87768ea"
                                    • flag-fr
                                      GET
                                      https://gofile.io/dist/img/favicon16.png
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /dist/img/favicon16.png HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: image
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:20 GMT
                                      content-type: image/png
                                      content-length: 503
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      accept-ranges: bytes
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"1f7-190c87768ea"
                                    • flag-fr
                                      GET
                                      https://gofile.io/contents/files.html
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /contents/files.html HTTP/2.0
                                      host: gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: same-origin
                                      sec-fetch-mode: cors
                                      sec-fetch-dest: empty
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      cookie: accountToken=BMwcwIGMyPij41KRquJ1Ct03bWEPnheu
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:20 GMT
                                      content-type: text/html; charset=UTF-8
                                      x-dns-prefetch-control: off
                                      expect-ct: max-age=0
                                      x-frame-options: SAMEORIGIN
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-download-options: noopen
                                      x-content-type-options: nosniff
                                      origin-agent-cluster: ?1
                                      x-permitted-cross-domain-policies: none
                                      referrer-policy: origin
                                      x-xss-protection: 0
                                      cache-control: public, max-age=0
                                      last-modified: Fri, 19 Jul 2024 00:49:47 GMT
                                      etag: W/"4a1d-190c87768d6"
                                      content-encoding: gzip
                                    • flag-us
                                      DNS
                                      97.17.167.52.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      97.17.167.52.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      126.123.112.45.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      126.123.112.45.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      172.214.232.199.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      172.214.232.199.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      api.gofile.io
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      api.gofile.io
                                      IN A
                                      Response
                                      api.gofile.io
                                      IN A
                                      45.112.123.126
                                    • flag-fr
                                      POST
                                      https://api.gofile.io/accounts
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      POST /accounts HTTP/2.0
                                      host: api.gofile.io
                                      content-length: 2
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      content-type: text/plain;charset=UTF-8
                                      accept: */*
                                      origin: https://gofile.io
                                      sec-fetch-site: same-site
                                      sec-fetch-mode: cors
                                      sec-fetch-dest: empty
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:20 GMT
                                      content-type: application/json; charset=utf-8
                                      access-control-allow-origin: https://gofile.io
                                      access-control-allow-headers: Content-Type, Authorization
                                      access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                      access-control-allow-credentials: true
                                      content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                      cross-origin-embedder-policy: require-corp
                                      cross-origin-opener-policy: same-origin
                                      cross-origin-resource-policy: cross-origin
                                      origin-agent-cluster: ?1
                                      referrer-policy: no-referrer
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-content-type-options: nosniff
                                      x-dns-prefetch-control: off
                                      x-download-options: noopen
                                      x-frame-options: SAMEORIGIN
                                      x-permitted-cross-domain-policies: none
                                      x-xss-protection: 0
                                      etag: W/"b2-FWMeEEz+vUgc1//fw2cyfqFC7oI"
                                      content-encoding: gzip
                                    • flag-fr
                                      OPTIONS
                                      https://api.gofile.io/accounts/c0954e1b-e93a-4d93-b893-9b58785aa860
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      OPTIONS /accounts/c0954e1b-e93a-4d93-b893-9b58785aa860 HTTP/2.0
                                      host: api.gofile.io
                                      accept: */*
                                      access-control-request-method: GET
                                      access-control-request-headers: authorization
                                      origin: https://gofile.io
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      sec-fetch-mode: cors
                                      sec-fetch-site: same-site
                                      sec-fetch-dest: empty
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:20 GMT
                                      content-type: text/html; charset=utf-8
                                      content-length: 8
                                      access-control-allow-origin: https://gofile.io
                                      access-control-allow-headers: Content-Type, Authorization
                                      access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                      access-control-allow-credentials: true
                                      content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                      cross-origin-embedder-policy: require-corp
                                      cross-origin-opener-policy: same-origin
                                      cross-origin-resource-policy: cross-origin
                                      origin-agent-cluster: ?1
                                      referrer-policy: no-referrer
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-content-type-options: nosniff
                                      x-dns-prefetch-control: off
                                      x-download-options: noopen
                                      x-frame-options: SAMEORIGIN
                                      x-permitted-cross-domain-policies: none
                                      x-xss-protection: 0
                                      allow: GET,HEAD
                                      etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
                                    • flag-fr
                                      GET
                                      https://api.gofile.io/accounts/c0954e1b-e93a-4d93-b893-9b58785aa860
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /accounts/c0954e1b-e93a-4d93-b893-9b58785aa860 HTTP/2.0
                                      host: api.gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      authorization: Bearer BMwcwIGMyPij41KRquJ1Ct03bWEPnheu
                                      accept: */*
                                      origin: https://gofile.io
                                      sec-fetch-site: same-site
                                      sec-fetch-mode: cors
                                      sec-fetch-dest: empty
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:20 GMT
                                      content-type: application/json; charset=utf-8
                                      access-control-allow-origin: https://gofile.io
                                      access-control-allow-headers: Content-Type, Authorization
                                      access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                      access-control-allow-credentials: true
                                      content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                      cross-origin-embedder-policy: require-corp
                                      cross-origin-opener-policy: same-origin
                                      cross-origin-resource-policy: cross-origin
                                      origin-agent-cluster: ?1
                                      referrer-policy: no-referrer
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-content-type-options: nosniff
                                      x-dns-prefetch-control: off
                                      x-download-options: noopen
                                      x-frame-options: SAMEORIGIN
                                      x-permitted-cross-domain-policies: none
                                      x-xss-protection: 0
                                      etag: W/"129-7XwCc8I9rMNO0Rw1C7c88ImNV6I"
                                      content-encoding: gzip
                                    • flag-fr
                                      OPTIONS
                                      https://api.gofile.io/contents/oOpyqm?wt=4fd6sg89d7s6
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      OPTIONS /contents/oOpyqm?wt=4fd6sg89d7s6 HTTP/2.0
                                      host: api.gofile.io
                                      accept: */*
                                      access-control-request-method: GET
                                      access-control-request-headers: authorization
                                      origin: https://gofile.io
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      sec-fetch-mode: cors
                                      sec-fetch-site: same-site
                                      sec-fetch-dest: empty
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:20 GMT
                                      content-type: text/html; charset=utf-8
                                      content-length: 8
                                      access-control-allow-origin: https://gofile.io
                                      access-control-allow-headers: Content-Type, Authorization
                                      access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                      access-control-allow-credentials: true
                                      content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                      cross-origin-embedder-policy: require-corp
                                      cross-origin-opener-policy: same-origin
                                      cross-origin-resource-policy: cross-origin
                                      origin-agent-cluster: ?1
                                      referrer-policy: no-referrer
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-content-type-options: nosniff
                                      x-dns-prefetch-control: off
                                      x-download-options: noopen
                                      x-frame-options: SAMEORIGIN
                                      x-permitted-cross-domain-policies: none
                                      x-xss-protection: 0
                                      allow: GET,HEAD
                                      etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
                                    • flag-fr
                                      GET
                                      https://api.gofile.io/contents/oOpyqm?wt=4fd6sg89d7s6
                                      msedge.exe
                                      Remote address:
                                      45.112.123.126:443
                                      Request
                                      GET /contents/oOpyqm?wt=4fd6sg89d7s6 HTTP/2.0
                                      host: api.gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      authorization: Bearer BMwcwIGMyPij41KRquJ1Ct03bWEPnheu
                                      accept: */*
                                      origin: https://gofile.io
                                      sec-fetch-site: same-site
                                      sec-fetch-mode: cors
                                      sec-fetch-dest: empty
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:21 GMT
                                      content-type: application/json; charset=utf-8
                                      access-control-allow-origin: https://gofile.io
                                      access-control-allow-headers: Content-Type, Authorization
                                      access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                      access-control-allow-credentials: true
                                      content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                      cross-origin-embedder-policy: require-corp
                                      cross-origin-opener-policy: same-origin
                                      cross-origin-resource-policy: cross-origin
                                      origin-agent-cluster: ?1
                                      referrer-policy: no-referrer
                                      strict-transport-security: max-age=15552000; includeSubDomains
                                      x-content-type-options: nosniff
                                      x-dns-prefetch-control: off
                                      x-download-options: noopen
                                      x-frame-options: SAMEORIGIN
                                      x-permitted-cross-domain-policies: none
                                      x-xss-protection: 0
                                      etag: W/"314-YGKP88OQQwq/L1NipSGgHWPsSZI"
                                      content-encoding: gzip
                                    • flag-us
                                      DNS
                                      s.gofile.io
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      s.gofile.io
                                      IN A
                                      Response
                                      s.gofile.io
                                      IN A
                                      51.75.242.210
                                    • flag-fr
                                      GET
                                      https://s.gofile.io/js/script.js
                                      msedge.exe
                                      Remote address:
                                      51.75.242.210:443
                                      Request
                                      GET /js/script.js HTTP/2.0
                                      host: s.gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: */*
                                      sec-fetch-site: same-site
                                      sec-fetch-mode: no-cors
                                      sec-fetch-dest: script
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      cookie: accountToken=BMwcwIGMyPij41KRquJ1Ct03bWEPnheu
                                      Response
                                      HTTP/2.0 200
                                      access-control-allow-origin: *
                                      cache-control: public, max-age=86400, must-revalidate
                                      content-type: application/javascript
                                      cross-origin-resource-policy: cross-origin
                                      date: Wed, 27 Nov 2024 11:55:20 GMT
                                      server: Cowboy
                                      x-content-type-options: nosniff
                                      content-length: 1346
                                    • flag-fr
                                      POST
                                      https://s.gofile.io/api/event
                                      msedge.exe
                                      Remote address:
                                      51.75.242.210:443
                                      Request
                                      POST /api/event HTTP/2.0
                                      host: s.gofile.io
                                      content-length: 74
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      dnt: 1
                                      sec-ch-ua-mobile: ?0
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      content-type: text/plain
                                      accept: */*
                                      origin: https://gofile.io
                                      sec-fetch-site: same-site
                                      sec-fetch-mode: cors
                                      sec-fetch-dest: empty
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      Response
                                      HTTP/2.0 202
                                      access-control-allow-credentials: true
                                      access-control-allow-origin: *
                                      access-control-expose-headers:
                                      cache-control: max-age=0, private, must-revalidate
                                      content-type: text/plain; charset=utf-8
                                      date: Wed, 27 Nov 2024 11:55:20 GMT
                                      server: Cowboy
                                      x-request-id: GAvROFWgpLNe9O70EgGB
                                      content-length: 2
                                    • flag-us
                                      DNS
                                      210.242.75.51.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      210.242.75.51.in-addr.arpa
                                      IN PTR
                                      Response
                                      210.242.75.51.in-addr.arpa
                                      IN PTR
                                      mailgofileio
                                    • flag-us
                                      DNS
                                      store3.gofile.io
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      store3.gofile.io
                                      IN A
                                      Response
                                      store3.gofile.io
                                      IN A
                                      94.139.32.11
                                    • flag-be
                                      GET
                                      https://store3.gofile.io/download/web/35f545c5-9957-4c79-8f33-27b5d11e5078/client.exe
                                      msedge.exe
                                      Remote address:
                                      94.139.32.11:443
                                      Request
                                      GET /download/web/35f545c5-9957-4c79-8f33-27b5d11e5078/client.exe HTTP/2.0
                                      host: store3.gofile.io
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      sec-ch-ua-mobile: ?0
                                      upgrade-insecure-requests: 1
                                      dnt: 1
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                      sec-fetch-site: same-site
                                      sec-fetch-mode: navigate
                                      sec-fetch-user: ?1
                                      sec-fetch-dest: document
                                      referer: https://gofile.io/
                                      accept-encoding: gzip, deflate, br
                                      accept-language: en-US,en;q=0.9
                                      cookie: accountToken=BMwcwIGMyPij41KRquJ1Ct03bWEPnheu
                                      Response
                                      HTTP/2.0 200
                                      server: nginx/1.27.1
                                      date: Wed, 27 Nov 2024 11:55:23 GMT
                                      content-type: application/x-ms-dos-executable
                                      content-length: 479744
                                      accept-ranges: bytes
                                      access-control-allow-headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization
                                      access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
                                      access-control-allow-origin: *
                                      access-control-expose-headers: Cache-Control, Content-Encoding, Content-Range
                                      content-disposition: attachment; filename*=UTF-8''client.exe
                                      last-modified: Mon, 25 Nov 2024 02:06:28 GMT
                                    • flag-us
                                      DNS
                                      11.32.139.94.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      11.32.139.94.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      209.205.72.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      209.205.72.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      212.20.149.52.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      212.20.149.52.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      206.23.85.13.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      206.23.85.13.in-addr.arpa
                                      IN PTR
                                    • 45.112.123.126:443
                                      https://gofile.io/contents/files.html
                                      tls, http2
                                      msedge.exe
                                      12.1kB
                                      478.8kB
                                      207
                                      368

                                      HTTP Request

                                      GET https://gofile.io/d/oOpyqm

                                      HTTP Response

                                      200

                                      HTTP Request

                                      GET https://gofile.io/dist/css/bootstrap.min.css

                                      HTTP Request

                                      GET https://gofile.io/dist/css/bootstrap-icons.css

                                      HTTP Request

                                      GET https://gofile.io/dist/css/bootstrap-nightfall.css

                                      HTTP Request

                                      GET https://gofile.io/dist/css/plyr.css

                                      HTTP Request

                                      GET https://gofile.io/dist/css/allcss.css

                                      HTTP Request

                                      GET https://gofile.io/dist/js/bootstrap.bundle.min.js

                                      HTTP Request

                                      GET https://gofile.io/dist/js/sha256.min.js

                                      HTTP Request

                                      GET https://gofile.io/dist/js/qrcode.min.js

                                      HTTP Request

                                      GET https://gofile.io/dist/js/dayjs.min.js

                                      HTTP Request

                                      GET https://gofile.io/dist/js/customParseFormat.js

                                      HTTP Request

                                      GET https://gofile.io/dist/js/marked.min.js

                                      HTTP Request

                                      GET https://gofile.io/dist/js/plyr.js

                                      HTTP Request

                                      GET https://gofile.io/dist/js/chart.umd.min.js

                                      HTTP Request

                                      GET https://gofile.io/dist/js/alljs.js

                                      HTTP Request

                                      GET https://gofile.io/dist/img/logo-small-70.png

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Request

                                      GET https://gofile.io/dist/css/fonts/bootstrap-icons.woff2?24e3eb84d0bcaf83d77f904c78ac1f47

                                      HTTP Response

                                      200

                                      HTTP Request

                                      GET https://gofile.io/dist/img/favicon96.png

                                      HTTP Response

                                      200

                                      HTTP Request

                                      GET https://gofile.io/dist/img/favicon32.png

                                      HTTP Response

                                      200

                                      HTTP Request

                                      GET https://gofile.io/dist/img/favicon16.png

                                      HTTP Response

                                      200

                                      HTTP Request

                                      GET https://gofile.io/contents/files.html

                                      HTTP Response

                                      200
                                    • 45.112.123.126:443
                                      https://api.gofile.io/contents/oOpyqm?wt=4fd6sg89d7s6
                                      tls, http2
                                      msedge.exe
                                      2.4kB
                                      10.4kB
                                      19
                                      24

                                      HTTP Request

                                      POST https://api.gofile.io/accounts

                                      HTTP Response

                                      200

                                      HTTP Request

                                      OPTIONS https://api.gofile.io/accounts/c0954e1b-e93a-4d93-b893-9b58785aa860

                                      HTTP Response

                                      200

                                      HTTP Request

                                      GET https://api.gofile.io/accounts/c0954e1b-e93a-4d93-b893-9b58785aa860

                                      HTTP Response

                                      200

                                      HTTP Request

                                      OPTIONS https://api.gofile.io/contents/oOpyqm?wt=4fd6sg89d7s6

                                      HTTP Response

                                      200

                                      HTTP Request

                                      GET https://api.gofile.io/contents/oOpyqm?wt=4fd6sg89d7s6

                                      HTTP Response

                                      200
                                    • 51.75.242.210:443
                                      https://s.gofile.io/js/script.js
                                      tls, http2
                                      msedge.exe
                                      2.2kB
                                      6.2kB
                                      14
                                      14

                                      HTTP Request

                                      GET https://s.gofile.io/js/script.js

                                      HTTP Response

                                      200
                                    • 51.75.242.210:443
                                      https://s.gofile.io/api/event
                                      tls, http2
                                      msedge.exe
                                      2.3kB
                                      4.9kB
                                      14
                                      14

                                      HTTP Request

                                      POST https://s.gofile.io/api/event

                                      HTTP Response

                                      202
                                    • 94.139.32.11:443
                                      store3.gofile.io
                                      tls, http2
                                      msedge.exe
                                      897 B
                                      4.6kB
                                      7
                                      8
                                    • 94.139.32.11:443
                                      https://store3.gofile.io/download/web/35f545c5-9957-4c79-8f33-27b5d11e5078/client.exe
                                      tls, http2
                                      msedge.exe
                                      17.7kB
                                      502.7kB
                                      309
                                      366

                                      HTTP Request

                                      GET https://store3.gofile.io/download/web/35f545c5-9957-4c79-8f33-27b5d11e5078/client.exe

                                      HTTP Response

                                      200
                                    • 162.33.179.3:4444
                                      client.exe
                                      208 B
                                      4
                                    • 8.8.8.8:53
                                      136.32.126.40.in-addr.arpa
                                      dns
                                      72 B
                                      158 B
                                      1
                                      1

                                      DNS Request

                                      136.32.126.40.in-addr.arpa

                                    • 8.8.8.8:53
                                      95.221.229.192.in-addr.arpa
                                      dns
                                      73 B
                                      144 B
                                      1
                                      1

                                      DNS Request

                                      95.221.229.192.in-addr.arpa

                                    • 8.8.8.8:53
                                      gofile.io
                                      dns
                                      msedge.exe
                                      55 B
                                      71 B
                                      1
                                      1

                                      DNS Request

                                      gofile.io

                                      DNS Response

                                      45.112.123.126

                                    • 8.8.8.8:53
                                      97.17.167.52.in-addr.arpa
                                      dns
                                      71 B
                                      145 B
                                      1
                                      1

                                      DNS Request

                                      97.17.167.52.in-addr.arpa

                                    • 8.8.8.8:53
                                      126.123.112.45.in-addr.arpa
                                      dns
                                      73 B
                                      127 B
                                      1
                                      1

                                      DNS Request

                                      126.123.112.45.in-addr.arpa

                                    • 8.8.8.8:53
                                      172.214.232.199.in-addr.arpa
                                      dns
                                      74 B
                                      128 B
                                      1
                                      1

                                      DNS Request

                                      172.214.232.199.in-addr.arpa

                                    • 8.8.8.8:53
                                      api.gofile.io
                                      dns
                                      msedge.exe
                                      59 B
                                      75 B
                                      1
                                      1

                                      DNS Request

                                      api.gofile.io

                                      DNS Response

                                      45.112.123.126

                                    • 8.8.8.8:53
                                      s.gofile.io
                                      dns
                                      msedge.exe
                                      57 B
                                      73 B
                                      1
                                      1

                                      DNS Request

                                      s.gofile.io

                                      DNS Response

                                      51.75.242.210

                                    • 8.8.8.8:53
                                      210.242.75.51.in-addr.arpa
                                      dns
                                      72 B
                                      100 B
                                      1
                                      1

                                      DNS Request

                                      210.242.75.51.in-addr.arpa

                                    • 8.8.8.8:53
                                      store3.gofile.io
                                      dns
                                      msedge.exe
                                      62 B
                                      78 B
                                      1
                                      1

                                      DNS Request

                                      store3.gofile.io

                                      DNS Response

                                      94.139.32.11

                                    • 224.0.0.251:5353
                                      516 B
                                      8
                                    • 8.8.8.8:53
                                      11.32.139.94.in-addr.arpa
                                      dns
                                      71 B
                                      131 B
                                      1
                                      1

                                      DNS Request

                                      11.32.139.94.in-addr.arpa

                                    • 8.8.8.8:53
                                      209.205.72.20.in-addr.arpa
                                      dns
                                      72 B
                                      158 B
                                      1
                                      1

                                      DNS Request

                                      209.205.72.20.in-addr.arpa

                                    • 8.8.8.8:53
                                      212.20.149.52.in-addr.arpa
                                      dns
                                      72 B
                                      146 B
                                      1
                                      1

                                      DNS Request

                                      212.20.149.52.in-addr.arpa

                                    • 8.8.8.8:53
                                      206.23.85.13.in-addr.arpa
                                      dns
                                      71 B
                                      1

                                      DNS Request

                                      206.23.85.13.in-addr.arpa

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\client.exe.log

                                      Filesize

                                      226B

                                      MD5

                                      916851e072fbabc4796d8916c5131092

                                      SHA1

                                      d48a602229a690c512d5fdaf4c8d77547a88e7a2

                                      SHA256

                                      7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d

                                      SHA512

                                      07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      8749e21d9d0a17dac32d5aa2027f7a75

                                      SHA1

                                      a5d555f8b035c7938a4a864e89218c0402ab7cde

                                      SHA256

                                      915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

                                      SHA512

                                      c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      34d2c4f40f47672ecdf6f66fea242f4a

                                      SHA1

                                      4bcad62542aeb44cae38a907d8b5a8604115ada2

                                      SHA256

                                      b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

                                      SHA512

                                      50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      288B

                                      MD5

                                      dbdad84658d89adbd50f11466a8aac23

                                      SHA1

                                      5aacfa846f62a7dedc605794629c1dd10be20796

                                      SHA256

                                      bc1153236b4f7f39e1eec954e2a0268936ce7149dc00eb6d47fadc1b501d3ddf

                                      SHA512

                                      8228a60deff9ee86610edb29ab52f86c366d97304e424e675a344f5a7b5af5495d31e447375e49c3df4f44d543890f4cc6ee95836aad86e30c9518b34f8ef35a

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      47d5fb2e10ca0123694d5a01e0ae9834

                                      SHA1

                                      8a419e34ec40c553db9d9cdf8f6cff114bf686bb

                                      SHA256

                                      7ac838bb6845c7ad0fe9794cd66ce5e3f25475937b773577aad2510db09c1f8f

                                      SHA512

                                      e1ff8817a34e72cbcac2210b1500962e9cf92bbdc50326af377e2e76b2be7212f2e9a32c1d0a9a2a319d4d76c1f8b003d4acc570a0e57d4f1f89ff595c9448ac

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      d3ebd1825a6c3279a8c03b9b8e4e84d1

                                      SHA1

                                      89e0c07cfa6223c497f3fd3e88ca376edd8de073

                                      SHA256

                                      3a41bd877e0a314389f80e402f2314134decedf825d28fb59955d401a2fa2409

                                      SHA512

                                      d1ce15c90daebc9b824c33d442ec6cce9e6c96cae09ac226f72871d0d2ee7914939437aa873a3383836e73a8d8654410b132703335e9d8399f9b5456203f3a1a

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      206702161f94c5cd39fadd03f4014d98

                                      SHA1

                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                      SHA256

                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                      SHA512

                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      10KB

                                      MD5

                                      7a0692c56b20adb4970226e904a2bc83

                                      SHA1

                                      9cfe2df1df5c81dd8d2acad905965cfb736d68eb

                                      SHA256

                                      93848c25284755d8f2063fc6b066af01d563a1d4eff277eb851aceee07a94237

                                      SHA512

                                      e909d09b3ea66a2be1d2f7869a7e99b37e8624fcb7970ef8ed426e45c03ef20d832853bb7e29ded878321d00e733baef5bded78bc1cde0b0770bdeb96cdcca53

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      10KB

                                      MD5

                                      abec1882253059752b2c7edc0ea47860

                                      SHA1

                                      477290a723ef6a9fdedaad644cdbd7fc03e0c931

                                      SHA256

                                      1333517e70b7d79027dfaed08473b4600291450a824de05b223ab9773d66408f

                                      SHA512

                                      b785f751a7af9d9b7838d19d17f109e144179d39f5ed5603fe04f0501f15ba3f449f653296f00611972c9d090a2b92c387e794358d2755151896b45b862a678f

                                    • C:\Users\Admin\Downloads\Unconfirmed 326711.crdownload

                                      Filesize

                                      468KB

                                      MD5

                                      a6efab91f87192c47ea1b6f2fdf2ef0b

                                      SHA1

                                      b6a4d6f63a4f1e9cc58cb6b810579b497ad83593

                                      SHA256

                                      f03ec00fce64678b9a57153740172d32e2c126ff06b5af68f111a75d92a2d238

                                      SHA512

                                      f99b6fa8c709cff61d05d61726291eeb655a00873988333ffe1e1db42946bfa3037a0d16f4917b2b9c88f1a32bdaebb366b190dd02f979ef537cc3fd09788b4d

                                    • memory/1192-109-0x00000000005E0000-0x000000000065C000-memory.dmp

                                      Filesize

                                      496KB

                                    We care about your privacy.

                                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.