Report - filecrypt.co/Container/7F56F4263B.htmlhttps:/rexagames.com/files/file/188-barotrauma-online-fix/?do=download&r=849&confirm=1&t=1&csrfKey=6d251eb754572c07ecc5e08fc9c50f76/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html

Report Overview

Visited public
2025-03-22 00:34:02
Tags
URL
filecrypt.co/Container/7F56F4263B.htmlhttps:/rexagames.com/files/file/188-barotrauma-online-fix/?do=download&r=849&confirm=1&t=1&csrfKey=6d251eb754572c07ecc5e08fc9c50f76/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html
Finishing URL
filecrypt.co/Create.html
IP / ASN
104.21.2.130
#13335 CLOUDFLARENET
Title
Filecrypt

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
filecrypt.co	287279	2019-10-21	2019-11-15	2025-03-22	10 kB	890 kB	104.21.2.130

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed
2025-03-22	medium	filecrypt.co	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	From	Size	First Seen	Last Seen
	filecrypt.co/js/scriptaculous/scriptaculous.js?load=effects,builder,dragdrop,controls&v=2	ScriptElement	3.0 kB	2023-03-09	2025-06-18
Pretty URL filecrypt.co/js/scriptaculous/scriptaculous.js?load=effects,builder,dragdrop,controls&v=2 IP 104.21.2.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 23:31 Last Seen2025-06-18 14:04 Times Seen410 Hash 945aadb4d8b5f2f7a58a4c7ac244925b 3e177b34daccb0e40b841fb9331474d687917ac2 78cbc6b573f99b4c9c92077e62e0550abde74981f021023425e5f957b95f0f9f Loading...

	filecrypt.co/js/scriptaculous/effects.js	ScriptElement	38 kB	2023-03-07	2025-06-20
Pretty URL filecrypt.co/js/scriptaculous/effects.js IP 104.21.2.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-20 03:59 Times Seen580 Hash 0dea24894889a4c537e1a451a35f03ca f72e2ee2019cbaceff0b7fda89ebac9faa7c5b6d 055be203cf7225e94dec4a5f72ba1f469a499ac78c24d9366705c1099de812d0 Loading...

	filecrypt.co/js/fcwindow.js?v=2	ScriptElement	22 kB	2023-03-12	2025-06-18
Pretty URL filecrypt.co/js/fcwindow.js?v=2 IP 104.21.2.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 10:01 Last Seen2025-06-18 14:04 Times Seen46 Hash 824320d10b90ac1b72a360d9d044c07b 4ff70318523a848973eaa208ee31997b7fbe9eca dae506389289441f2b6fad976534da4b1e22c377432e577cace0f0f907bcbc95 Loading...

	filecrypt.co/Create.html	ScriptElement	38 B	2023-03-12	2025-06-18
Pretty URL filecrypt.co/Create.html IP 104.21.2.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 20:12 Last Seen2025-06-18 14:04 Times Seen68 Hash c60a25e461073723a1bae096150044b7 7595c9cdae262af3d4a72ab5d41634a065611f1c e68b2e363f32a2dac7fb14e13b612acdb6d372dceb725ac09ef6da64883af20e Loading...

	filecrypt.co/js/scriptaculous/builder.js	ScriptElement	4.7 kB	2023-03-07	2025-06-20
Pretty URL filecrypt.co/js/scriptaculous/builder.js IP 104.21.2.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-20 03:59 Times Seen548 Hash c6321f204481f259724bd6455c0fdded af9964a44d31fe9773b46d6cd62612ec2137ea79 828884af31cfdef92040ee522a81d8f82c7998b72c3e7d35e1c442946b5d2b0a Loading...

	filecrypt.co/js/indexV2_Plugin.js?v=3	ScriptElement	7.3 kB	2023-03-12	2025-06-18
Pretty URL filecrypt.co/js/indexV2_Plugin.js?v=3 IP 104.21.2.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 10:01 Last Seen2025-06-18 14:04 Times Seen45 Hash d18db30305bdfd646e1bbdef77cf48a7 ac59ddaefb65b4b06b62c88c4fa01f91c58b033a e7d870c6acd34926f40715b25c59e71516fce48c90eb54d9836ec576dafdd096 Loading...

	filecrypt.co/Create.html	ScriptElement	575 B	2025-03-22	2025-03-22
Pretty URL filecrypt.co/Create.html IP 104.21.2.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-22 00:34 Last Seen2025-03-22 00:34 Times Seen1 Hash fbef1cd8b8290627aa19b0607449d479 d4c50162fa44a0aac74a4658cac00feb8177ef06 6ae41f418e5c97eaab60888c3e09be1fd662351b2b84d935b15fecd963c7a491 Loading...

	filecrypt.co/Create.html	ScriptElement	1.8 kB	2023-03-12	2025-06-18
Pretty URL filecrypt.co/Create.html IP 104.21.2.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 10:01 Last Seen2025-06-18 14:04 Times Seen45 Hash f7ce0361457dd43bf96d21cf1b76b46b ff16c6c002b6dd705c3fc9114330ba11179e5534 ca9acda9e5f5cd75b01386294baa03217e5ade6875fe4563f85e4e1ede6c78ed Loading...

	filecrypt.co/js/prototype.js?13	ScriptElement	197 kB	2023-03-09	2025-06-18
Pretty URL filecrypt.co/js/prototype.js?13 IP 104.21.2.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 23:31 Last Seen2025-06-18 14:04 Times Seen412 Hash 543d229c2bcdef172115436fad5f90fc ba049ed40a1de289ebeff02ecdd06d672698529d 03c8a691599b64d9271b7bd04de14b473745b9e115fa78bce6d5965577a6cded Loading...

	filecrypt.co/js/indexV2.js?v=3	ScriptElement	8.0 kB	2023-03-12	2025-06-18
Pretty URL filecrypt.co/js/indexV2.js?v=3 IP 104.21.2.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 10:01 Last Seen2025-06-18 14:04 Times Seen45 Hash d9523a5399ef3f18555aa6581b687ec3 8aa961b87b0b3a181af57fa72db1787ec8efcf9f b98a1dc23ff3369909064f06312f08fe8c46030f425fcf9e172db3e150e39361 Loading...

	filecrypt.co/Create.html	ScriptElement	1.0 kB	2025-03-22	2025-03-22
Pretty URL filecrypt.co/Create.html IP 104.21.2.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-22 00:34 Last Seen2025-03-22 00:34 Times Seen1 Hash a081556fb778e31b7fdc52edc638731a 8ab146a8207806484506cffe048028831f18f86b 6a5632e859be7773fed5be30d2296e205581c33bb50d4f7258c1b7c457c0cd2b Loading...

	filecrypt.co/js/scriptaculous/dragdrop.js	ScriptElement	31 kB	2023-03-09	2025-06-18
Pretty URL filecrypt.co/js/scriptaculous/dragdrop.js IP 104.21.2.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 23:31 Last Seen2025-06-18 14:04 Times Seen410 Hash 2f96dcb27ba6d7f4b95230edcb7fcb56 157cf4f6566d41518f35656db74c8711b300e5ad 7a73cad846dc23360722dcbee514af620c6fa628780bd7db889196e2e284f655 Loading...

	filecrypt.co/js/scriptaculous/controls.js	ScriptElement	35 kB	2023-03-07	2025-06-20
Pretty URL filecrypt.co/js/scriptaculous/controls.js IP 104.21.2.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-20 03:59 Times Seen508 Hash 03b502fd8ae202eb164b348749392720 8a7d159d60afcfa936eb28f6dd84d8ab874133cf e202a06e4447b310dc039ed968aab2f0595ca77eb52ec246d24b0a80a536ac67 Loading...

	filecrypt.co/Create.html	ScriptElement	207 B	2023-03-12	2025-06-18
Pretty URL filecrypt.co/Create.html IP 104.21.2.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 10:01 Last Seen2025-06-18 14:04 Times Seen45 Hash 4f5c1fd95dbcce81e423dfcde3c632fd 7df2c4ac1157378c8a19a79deb19725d0116053f 387be091939aa7a90c01ead45bc2571bb8a0d888bbf14f90b74ee97d744b3ebc Loading...

		Size	First Seen	Last Seen
	#1 Write - 1a67498c25b98c25cbd5350a3c075ade	96 B	2023-03-12 20:12	2025-06-18 14:04
Pretty Observations First Seen2023-03-12 20:12 Last Seen2025-06-18 14:04 Times Seen166 Hash 1a67498c25b98c25cbd5350a3c075ade 51498b60f8e7fc8b2dfe8d6c852f5e38d6a28a90 27f2688f2097af15547701cf41278900800fd0cc9cf8b0d7b687d52834895f68 Loading...

	#2 Write - ce4b14171fbf5a466a114355db8b3cd6	95 B	2023-03-12 20:12	2025-06-18 14:04
Pretty Observations First Seen2023-03-12 20:12 Last Seen2025-06-18 14:04 Times Seen165 Hash ce4b14171fbf5a466a114355db8b3cd6 1fd60506db86e2b305534e797197b7b1853a3ec0 636e3e8ae8e37e04f90c4df1de11947d8361b342edbdc27caaed9adf00a34c6b Loading...

	#3 Write - c2687f26352261881800f48cd308e57a	95 B	2023-03-12 20:12	2025-06-18 14:04
Pretty Observations First Seen2023-03-12 20:12 Last Seen2025-06-18 14:04 Times Seen166 Hash c2687f26352261881800f48cd308e57a 9104a8594e3902fbe476134d057b6d035fd60bd8 0195d66417c1a6a9b8e337948297c30f4969cd01c9e79a6c3fa190e8e707601a Loading...

	#4 Write - 97b36d4fc3ed45d463f6d733fa40f071	96 B	2023-03-12 20:12	2025-06-18 14:04
Pretty Observations First Seen2023-03-12 20:12 Last Seen2025-06-18 14:04 Times Seen166 Hash 97b36d4fc3ed45d463f6d733fa40f071 af6447542c39681be2306eaca3986c48733e14f7 ae9189688150b77cedb012ee98186115374fb476eeac870cecdd1c726824889e Loading...

HTTP Transactions (20)

URL IP Response Size

GET filecrypt.co/css/font.css

104.21.2.130

200 OK

1.5 kB

URL GET
filecrypt.co/css/font.css
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
ASCII text, with very long lines (1526), with no line terminators
Size
1.5 kB (1495 bytes)
Hash
4dfb815b54f3399ea9a8895a463e1ee8
d3e7c989598dcef6d07b97eb6cdfd93f1891062b
4b5c6a106603b54b95f85aedc556c39ea1fbb84a2e67e2b7cb651a09688e7ea4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/font.css HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/Create.html
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: text/css
etag: W/"5b407ade-5d7"
last-modified: Sat, 07 Jul 2018 08:33:34 GMT
cf-cache-status: DYNAMIC
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gbmcm8uHkmg%2Fb78kz5WKlzLC00iUXu3YZoDkiPhJDLcVXaDkmfLEWJHprWE4Ae38tBG0kEHpxR9zznuqs6%2FzdBDi3bHXXcmzKWzWKvfPrgLeQfmwzig%2F4jVSPD3zfD4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199544ad7569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2983&min_rtt=1221&rtt_var=1716&sent=31&recv=16&lost=0&retrans=0&sent_bytes=16308&recv_bytes=3508&delivery_rate=486486&cwnd=12000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=716&x=1", cfExtPri, cfHdrFlush;dur=2

GET filecrypt.co/js/prototype.js?13

104.21.2.130

200 OK

197 kB

URL GET
filecrypt.co/js/prototype.js?13
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
JavaScript source, ASCII text
Size
197 kB (196930 bytes)
Hash
543d229c2bcdef172115436fad5f90fc
ba049ed40a1de289ebeff02ecdd06d672698529d
03c8a691599b64d9271b7bd04de14b473745b9e115fa78bce6d5965577a6cded

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/prototype.js?13 HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/Create.html
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: application/javascript; charset=utf-8
etag: W/"625558ec-30142"
last-modified: Tue, 12 Apr 2022 10:48:12 GMT
cf-cache-status: DYNAMIC
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DkSioONlvI4m5H1wYnamtmJEkuq8NRtq6MD8M8Ygkxa6urSN%2B1oz4GaWIio7ePIKGG3aHboaabOPx8BSgQjSK5EuJTEm50IIMaKfUYBiXfjZwHxujG8QebB5GR85amU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199544ad9569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2983&min_rtt=1221&rtt_var=1716&sent=29&recv=16&lost=0&retrans=0&sent_bytes=14615&recv_bytes=3508&delivery_rate=486486&cwnd=12000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=714&x=1", cfExtPri, cfHdrFlush;dur=0

GET filecrypt.co/js/indexV2.js?v=3

104.21.2.130

200 OK

8.0 kB

URL GET
filecrypt.co/js/indexV2.js?v=3
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
ASCII text, with very long lines (8348), with no line terminators
Size
8.0 kB (8038 bytes)
Hash
9f80a3bd0e0c8002da98f613f0a83d56
9528d20458cc9dc13630c8ca69bd3962d556e22a
806e798036d9d5832dea5539fa58e0ff6515253a5875430245c3900515ecf38b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/indexV2.js?v=3 HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/Create.html
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: application/javascript; charset=utf-8
etag: W/"595f649b-1f66"
last-modified: Fri, 07 Jul 2017 10:38:19 GMT
cf-cache-status: DYNAMIC
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dcA1bLS4PJgdSoKPHvYfNN0ewVW7RxnQVZl4QVoQofYspJ24nMgWZNCs%2BexJPeyxqpbJeJHZXXz0JQJlaPsp%2B5Ysux%2BSxQkw7HMdGvp8ryvVzq50P0pbGuCjHdtHcCc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199544ade569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3144&min_rtt=1221&rtt_var=1611&sent=37&recv=17&lost=0&retrans=0&sent_bytes=22639&recv_bytes=3552&delivery_rate=17113&cwnd=24000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=718&x=1", cfExtPri, cfHdrFlush;dur=0

GET filecrypt.co/js/indexV2_Plugin.js?v=3

104.21.2.130

200 OK

7.3 kB

URL GET
filecrypt.co/js/indexV2_Plugin.js?v=3
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
JavaScript source, ASCII text, with very long lines (7747), with no line terminators
Size
7.3 kB (7298 bytes)
Hash
68f8cdaaba9b2e485e4acaf08ae9cda3
e3f494d845711d9b0d726a46f9b72b1cd3b3483b
3b1ea0fa3852336bab137efea93cc8e7a67bd00bb5a235b30733a12c31e5b15e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/indexV2_Plugin.js?v=3 HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/Create.html
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: application/javascript; charset=utf-8
etag: W/"59631591-1c82"
last-modified: Mon, 10 Jul 2017 05:50:09 GMT
cf-cache-status: DYNAMIC
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iES2rug7WgCwz4BA%2BB5vbN%2BPuqulP%2FrDbXREovj4w%2FAqL5TMKaFvHL2hMN4VmMp9xAvEKIRsDVXgdPiISdcV6MJYhpPJ7L50%2FNmH20G%2F8a9WOY6vRd95VV3S8dmf2D4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199544ae0569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3144&min_rtt=1221&rtt_var=1611&sent=37&recv=17&lost=0&retrans=0&sent_bytes=22639&recv_bytes=3552&delivery_rate=17113&cwnd=24000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=718&x=1", cfExtPri, cfHdrFlush;dur=0

GET filecrypt.co/fonts/os_300.woff2

104.21.2.130

200 OK

15 kB

URL GET
filecrypt.co/fonts/os_300.woff2
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14564, version 1.0
Size
15 kB (14564 bytes)
Hash
60c866748ff15f5b347fdba64596b1b1
34f486906decb7c8cf7a02d4758add9a2408c7a5
5278c0f6063ca9ad85653b18a2ddf1aa57e3ab40b7973a69b09acf859db8264d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/os_300.woff2 HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/css/font.css
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: application/octet-stream
content-length: 14564
accept-ranges: bytes
etag: "5b2d00d7-38e4"
last-modified: Fri, 22 Jun 2018 13:59:51 GMT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=apVUT448zBy1dTn6eN%2BKPSGU4OsCNywYeyOwQQ%2FbjfMIOewv7xQ%2Bqhtfc2wBFahL8fo0P5sr%2F0wu49I1MFGZznYWRZvwa6OvNeyffOEoTXQoGOxws7M4hRm4%2FW1wZl8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199567c6a569f-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1202&min_rtt=828&rtt_var=245&sent=182&recv=48&lost=0&retrans=0&sent_bytes=169600&recv_bytes=7555&delivery_rate=10678736&cwnd=24000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=1067&x=1", cfExtPri, cfHdrFlush;dur=0

GET filecrypt.co/fonts/os_700.woff2

104.21.2.130

200 OK

15 kB

URL GET
filecrypt.co/fonts/os_700.woff2
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14720, version 1.0
Size
15 kB (14720 bytes)
Hash
d08c09f2f169f4a6edbcf8b8d1636cb4
5a6a45d6f98752b11ccb7c4f0f6fd7faf18ad1a7
482994b911cc3e869aa8ace6d9932d67b68de83ea2885207ce165ff04c38d7bc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/os_700.woff2 HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/css/font.css
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: application/octet-stream
content-length: 14720
accept-ranges: bytes
etag: "5b2d00d8-3980"
last-modified: Fri, 22 Jun 2018 13:59:52 GMT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2FT%2FLnAppjPR0V5YThRf3s7NkODk3wKQqsBcwneP8v%2Br1aqetBvdYQJmcdoE%2BPU0C%2BdGbf5pGAffNQBDtiUCkHLeUCITJ14Wq89PUbnU1jsDEtsiad%2BtWhicKDn2SGE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199568c6d569f-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1217&min_rtt=828&rtt_var=214&sent=198&recv=49&lost=0&retrans=0&sent_bytes=187264&recv_bytes=7601&delivery_rate=12513471&cwnd=48000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=1069&x=1", cfExtPri, cfHdrFlush;dur=0

GET filecrypt.co/Create.html

104.21.2.130

200 OK

169 kB

URL User Request GET
filecrypt.co/Create.html
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type

Size
169 kB (168942 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Create.html HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
set-cookie: lang=en; expires=Mon, 30-Jun-2025 00:33:39 GMT; Max-Age=8640000; path=/
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KDLbiXQYX8k0yiLbkMfWof5GQm7%2F3ZESWBARH6wyx57D6E3T%2BIjlMAIMZfOLhuZ2PbqeOxdyjXkRLWCqNkV6%2BpgLwv90o6Ar06enC9t79Yo5jWBMXGYo4ls74sfCsNM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199501a261c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4982&min_rtt=450&rtt_var=8983&sent=11&recv=14&lost=0&retrans=0&sent_bytes=4130&recv_bytes=1568&delivery_rate=7729537&cwnd=256&unsent_bytes=0&cid=404826679140d958&ts=531&x=0"
X-Firefox-Spdy: h2

GET filecrypt.co/css/create.css?v=256gfxs

104.21.2.130

200 OK

13 kB

URL GET
filecrypt.co/css/create.css?v=256gfxs
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
ASCII text, with very long lines (1422)
Size
13 kB (12716 bytes)
Hash
447cad1e730746fa3d32d12968761bb3
3dcb1bf906523c6cc7adf6d9a0e5ab8aa5650223
0a6baf17bfc3b4334d91984f5f0f91581d9d9fb0251be8a0da09ea48d6c7d04e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/create.css?v=256gfxs HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/Create.html
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: text/css
etag: W/"6278e78e-31ac"
last-modified: Mon, 09 May 2022 10:06:06 GMT
cf-cache-status: DYNAMIC
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a7bpY8BTz0QkHH8XMtT4KE8biagF58a5kLsW5IGLvZWTyoiyFnGkAIfTUfvOlB3oZvVwvAasG%2FQtWhKppX9bYdW%2Fq8ScLgDcK3Yn%2B4Ag2OIznNURfPCI6lxCMtyWb7k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199544ad4569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2983&min_rtt=1221&rtt_var=1716&sent=19&recv=16&lost=0&retrans=0&sent_bytes=4308&recv_bytes=3508&delivery_rate=486486&cwnd=12000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=712&x=1", cfExtPri, cfHdrFlush;dur=0

GET filecrypt.co/css/managerv2.css?v=256b

104.21.2.130

200 OK

113 kB

URL GET
filecrypt.co/css/managerv2.css?v=256b
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type

Size
113 kB (112801 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/managerv2.css?v=256b HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/Create.html
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: text/css
etag: W/"6734f30a-1b8a1"
last-modified: Wed, 13 Nov 2024 18:42:18 GMT
cf-cache-status: DYNAMIC
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XbaWpcR3Ph%2B7g6Ceo%2Bwry7LvIQSlOQB9QNQ4FsfUfm9tm8l6IuLaceHYl4V6HEZ0zKq78OWXx7tRBUwjuJaD%2BucUJCS2mUfsOmyCihVcp6DZLeWBWycRInYklNqG7ik%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199544acf569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2983&min_rtt=1221&rtt_var=1716&sent=24&recv=16&lost=0&retrans=0&sent_bytes=9413&recv_bytes=3508&delivery_rate=486486&cwnd=12000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=713&x=1", cfExtPri, cfHdrFlush;dur=0

GET filecrypt.co/js/scriptaculous/builder.js

104.21.2.130

200 OK

4.7 kB

URL GET
filecrypt.co/js/scriptaculous/builder.js
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
ASCII text, with very long lines (4915), with no line terminators
Size
4.7 kB (4744 bytes)
Hash
a7d8644b27b5bb62040f2b2d399512ef
a5b6a6b857170f6991467fcb6eb44774f11a68a7
e200f807f8dc888113dd1a7cd675cc688f507dfcb0ed6b1a7055f40fb599ad18

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/scriptaculous/builder.js HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/Create.html
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: application/javascript; charset=utf-8
etag: W/"53db3977-1288"
last-modified: Fri, 01 Aug 2014 06:53:43 GMT
cf-cache-status: DYNAMIC
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q2ZysE6OiVoeoO9FGHcKAUGQAq0y8I%2FsEM0BabJSYE6RgdCrTp%2BqS7jFBGcbnscWelb8B5mQJZ73oaccWmO22jHX3uZFlwHsLFnC6OughE3CzGh%2BFcBJ0wqf35feGcs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199557bb3569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1607&min_rtt=848&rtt_var=776&sent=120&recv=33&lost=0&retrans=0&sent_bytes=108870&recv_bytes=5323&delivery_rate=12564233&cwnd=24000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=899&x=1", cfExtPri, cfHdrFlush;dur=0

GET filecrypt.co/js/scriptaculous/effects.js

104.21.2.130

200 OK

38 kB

URL GET
filecrypt.co/js/scriptaculous/effects.js
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
JavaScript source, ASCII text
Size
38 kB (38471 bytes)
Hash
0dea24894889a4c537e1a451a35f03ca
f72e2ee2019cbaceff0b7fda89ebac9faa7c5b6d
055be203cf7225e94dec4a5f72ba1f469a499ac78c24d9366705c1099de812d0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/scriptaculous/effects.js HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/Create.html
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: application/javascript; charset=utf-8
etag: W/"53db3979-9647"
last-modified: Fri, 01 Aug 2014 06:53:45 GMT
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ubsYZeDFpH67J2V8YHOOd67KIWj3oQV6rtCCir9NHSMvD%2FqYtUkPLS2kpRwb0YL%2BQD5ovRQPsAhAl5Bazlcqi2RXLZ6hUZYOVxvAT6wa006fwsE0OGMLemkwVrssigE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199557bb2569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1486&min_rtt=848&rtt_var=500&sent=132&recv=36&lost=0&retrans=0&sent_bytes=121037&recv_bytes=5458&delivery_rate=287112&cwnd=24000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=905&x=1", cfExtPri, cfHdrFlush;dur=0

GET filecrypt.co/js/scriptaculous/dragdrop.js

104.21.2.130

200 OK

31 kB

URL GET
filecrypt.co/js/scriptaculous/dragdrop.js
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
JavaScript source, ASCII text
Size
31 kB (31241 bytes)
Hash
2f96dcb27ba6d7f4b95230edcb7fcb56
157cf4f6566d41518f35656db74c8711b300e5ad
7a73cad846dc23360722dcbee514af620c6fa628780bd7db889196e2e284f655

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/scriptaculous/dragdrop.js HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/Create.html
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: application/javascript; charset=utf-8
etag: W/"53db3978-7a09"
last-modified: Fri, 01 Aug 2014 06:53:44 GMT
cf-cache-status: DYNAMIC
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BAZ%2B95AMRaWcuq8Gs%2BeBtCwp8DhSR%2F1OMQhlJGo5hsWxYwGnXmWze8oM2ZyJhjLKFT5O4%2BcHjQxVvjPaw93sK7r5rRqKqG4KhMd43YEC%2BCz7MXByVIqauO3xECusy%2BM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199557bb6569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1607&min_rtt=848&rtt_var=776&sent=128&recv=33&lost=0&retrans=0&sent_bytes=116483&recv_bytes=5323&delivery_rate=12564233&cwnd=24000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=901&x=1", cfExtPri, cfHdrFlush;dur=0

GET filecrypt.co/images/lock.png

104.21.2.130

200 OK

1.0 kB

URL GET
filecrypt.co/images/lock.png
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
PNG image data, 452 x 32, 8-bit colormap, non-interlaced
Size
1.0 kB (1037 bytes)
Hash
86bb21c93f90c24d147ef2f87c1b82f2
29e6fdf140c8ee5e8367d6b67cee9d7e5de500f1
9c26a43ee9fc0e4ab56a0e1043c77040e84965f24f2a31fbb5138991ad66e239

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/lock.png HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/css/managerv2.css?v=256b
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: image/png
content-length: 1037
accept-ranges: bytes
etag: "5d1b265d-40d"
last-modified: Tue, 02 Jul 2019 09:39:41 GMT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bU4XJeC9pvaC3Chm9tYDPO%2BkqbR0F09j%2BbnuymErkt1PZl16fzm%2BS%2BRqqUBlZhhnWiJq7P9QouiMiyE%2FrRLrtErFOWtAkN%2BohxBLSFz5vpSrOrnkmQwDT5xm%2Bpdono4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199566c52569f-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1241&min_rtt=828&rtt_var=318&sent=157&recv=46&lost=0&retrans=0&sent_bytes=141260&recv_bytes=7464&delivery_rate=3868022&cwnd=24000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=1052&x=1", cfExtPri, cfHdrFlush;dur=0

GET filecrypt.co/fonts/os_400.woff2

104.21.2.130

200 OK

14 kB

URL GET
filecrypt.co/fonts/os_400.woff2
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14048, version 1.0
Size
14 kB (14048 bytes)
Hash
cffb686d7d2f4682df8342bd4d276e09
2c07a9656f1e38da408f20f1cf11581a15cbd7a2
3b98b0dc3bed9d40f43e64adba5de47c76895338a96f0a5a314676cd6287eca9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/os_400.woff2 HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/css/font.css
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: application/octet-stream
content-length: 14048
accept-ranges: bytes
etag: "5b2d00d8-36e0"
last-modified: Fri, 22 Jun 2018 13:59:52 GMT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R%2FlX6bUiGBl7yXxirWwcx0NWSIP%2BbYLuwX1ZXawu6qIteJLYdb0msXv7kqql4%2BViGXSg5zgQN%2BoNku6GmRrmbtNPZtPH5ZJPfZtHkn3yDwdEAvSVHIprpzXvNX34nos%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199567c62569f-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1217&min_rtt=828&rtt_var=286&sent=159&recv=47&lost=0&retrans=0&sent_bytes=143000&recv_bytes=7510&delivery_rate=40056&cwnd=24000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=1061&x=1", cfExtPri, cfHdrFlush;dur=0

GET filecrypt.co/favicon.ico

104.21.2.130

200 OK

1.2 kB

URL GET
filecrypt.co/favicon.ico
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
58f2b1136696cfffdb7995c4c9ad82ad
455bcfe3c50dfbb02e65258228df5f6413b04a10
459e4e89c57133ab4adc9657c18d10dcf8f7a97e3f7479c46c86bd46f09745f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/Create.html
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: image/x-icon
etag: W/"539c1743-47e"
last-modified: Sat, 14 Jun 2014 09:34:59 GMT
cf-cache-status: DYNAMIC
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZJjWJ043epziZJAvHB3BA2LUfmzp2UMirtNuf9%2FvjUQomAGIFpLshHi%2Bb%2FsRGwr43qjL%2Bcm8USowDikQeZ9v7txN7Uv5wJlEAmtsFKgCugOivViiU7bIUv0hF7HFbOg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92419956ecb4569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1345&min_rtt=828&rtt_var=286&sent=216&recv=53&lost=0&retrans=0&sent_bytes=205099&recv_bytes=8060&delivery_rate=91341&cwnd=48000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=1136&x=1", cfExtPri, cfHdrFlush;dur=0

GET filecrypt.co/Container/7F56F4263B.htmlhttps:/rexagames.com/files/file/188-barotrauma-online-fix/?do=download&r=849&confirm=1&t=1&csrfKey=6d251eb754572c07ecc5e08fc9c50f76/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html

104.21.2.130

302 Found

169 kB

URL User Request GET
filecrypt.co/Container/7F56F4263B.htmlhttps:/rexagames.com/files/file/188-barotrauma-online-fix/?do=download&r=849&confirm=1&t=1&csrfKey=6d251eb754572c07ecc5e08fc9c50f76/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type

Size
169 kB (168942 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Container/7F56F4263B.htmlhttps:/rexagames.com/files/file/188-barotrauma-online-fix/?do=download&r=849&confirm=1&t=1&csrfKey=6d251eb754572c07ecc5e08fc9c50f76/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html/Create.html HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 22 Mar 2025 00:33:39 GMT
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: /Create.html
pragma: no-cache
set-cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; expires=Sat, 22-Mar-2025 06:33:39 GMT; Max-Age=21600; path=/
lang=en; expires=Mon, 30-Jun-2025 00:33:39 GMT; Max-Age=8640000; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mWA3GHZiAgsFNLU%2FpwoY4c029ffI%2BB1BEBZUZaZDrU4M0Q5gj%2BcUMboV%2B%2Fj7sQaEdAZvTnkuum4kNIdfc1uyHU1gbsxYUJJfpaxtyZc1ZPhm1GzE6Do2I%2FtcAxX0SqI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9241994f49661c0e-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6337&min_rtt=450&rtt_var=11792&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3279&recv_bytes=1455&delivery_rate=7729537&cwnd=254&unsent_bytes=0&cid=404826679140d958&ts=133&x=0"
X-Firefox-Spdy: h2

GET filecrypt.co/js/fcwindow.js?v=2

104.21.2.130

200 OK

22 kB

URL GET
filecrypt.co/js/fcwindow.js?v=2
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
JavaScript source, ASCII text, with very long lines (2451)
Size
22 kB (22201 bytes)
Hash
824320d10b90ac1b72a360d9d044c07b
4ff70318523a848973eaa208ee31997b7fbe9eca
dae506389289441f2b6fad976534da4b1e22c377432e577cace0f0f907bcbc95

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/fcwindow.js?v=2 HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/Create.html
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: application/javascript; charset=utf-8
etag: W/"5ce3d2af-56b9"
last-modified: Tue, 21 May 2019 10:27:59 GMT
cf-cache-status: DYNAMIC
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BX9xIE2Bh6b%2B1txjQeD5j3UxGup71f9IcyXojhSg42RaOewjHpAlJd4xnvgcKiMNuZJrsJWrd2Ab1pRCK9WPy1Gg0q56q39ubKrieGG8UvSMoFPZ49ave69q8l%2B2rlc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199544ae1569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3144&min_rtt=1221&rtt_var=1611&sent=41&recv=17&lost=0&retrans=0&sent_bytes=26787&recv_bytes=3552&delivery_rate=17113&cwnd=24000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=719&x=1", cfExtPri, cfHdrFlush;dur=0

GET filecrypt.co/fonts/os_600.woff2

104.21.2.130

200 OK

14 kB

URL GET
filecrypt.co/fonts/os_600.woff2
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14544, version 1.0
Size
14 kB (14544 bytes)
Hash
223a277bd88d8a90c8cdf24cda0ad5f5
24234c1c81b3948758c1a0be8e5a65386ca94c52
d61b45b8b3cded238a65ee0aac4043b989f11cee56acfe5c889777f961f241a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/os_600.woff2 HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/css/font.css
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: application/octet-stream
content-length: 14544
accept-ranges: bytes
etag: "5b2d00d8-38d0"
last-modified: Fri, 22 Jun 2018 13:59:52 GMT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BW2cUTBO4DefYYHH%2Fhtm%2BpyXHajK1aKtHe%2BMHskM8QkaQ2xuNxoAxu5aiqtNxBsktJ3LIovMhKxnUvHxQMb2wKYildGJbGcCD4scIRYCD%2BKyRmMfyu1veyS11Bdc0IA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199567c6b569f-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1202&min_rtt=828&rtt_var=245&sent=172&recv=48&lost=0&retrans=0&sent_bytes=157600&recv_bytes=7555&delivery_rate=10678736&cwnd=24000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=1067&x=1", cfExtPri, cfHdrFlush;dur=0

GET filecrypt.co/js/scriptaculous/scriptaculous.js?load=effects,builder,dragdrop,controls&v=2

104.21.2.130

200 OK

3.0 kB

URL GET
filecrypt.co/js/scriptaculous/scriptaculous.js?load=effects,builder,dragdrop,controls&v=2
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
JavaScript source, ASCII text, with very long lines (3059), with no line terminators
Size
3.0 kB (2975 bytes)
Hash
46b56cdd9baa0f666cae1e1232b86c24
d355cc81c959e252aa8a4b953717b984186828c4
36eebe0b1b8b4c43606b95453b8ee6c929f6c985c6eceb1d190998d150221124

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/scriptaculous/scriptaculous.js?load=effects,builder,dragdrop,controls&v=2 HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/Create.html
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: application/javascript; charset=utf-8
etag: W/"5c251010-b9f"
last-modified: Thu, 27 Dec 2018 17:46:56 GMT
cf-cache-status: DYNAMIC
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ec%2F9aakQ6NN2WRbs7bPpP%2BzX6JdXSHWGQa%2BgdM670QZX0hCOdXZyJMlEBHKVI3Vhkt3%2Bfgwl%2FiU%2Bz5pWk71QC6ZyOi8YzdxBxd%2FWKDgipMsI6KQxfwz9mCvNOmhcNA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199544adc569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2983&min_rtt=1221&rtt_var=1716&sent=31&recv=16&lost=0&retrans=0&sent_bytes=16308&recv_bytes=3508&delivery_rate=486486&cwnd=12000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=716&x=1", cfExtPri, cfHdrFlush;dur=2

GET filecrypt.co/js/scriptaculous/controls.js

104.21.2.130

200 OK

35 kB

URL GET
filecrypt.co/js/scriptaculous/controls.js
IP
104.21.2.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://filecrypt.co/Create.html
Certificate
IssuerGoogle Trust Services
Subjectfilecrypt.co
Fingerprint78:F9:F5:0F:86:DF:40:A5:7D:2D:3C:53:01:3F:33:38:00:F9:05:BE
ValiditySun, 09 Mar 2025 13:28:41 GMT - Sat, 07 Jun 2025 14:27:10 GMT

File type
ASCII text
Size
35 kB (34787 bytes)
Hash
03b502fd8ae202eb164b348749392720
8a7d159d60afcfa936eb28f6dd84d8ab874133cf
e202a06e4447b310dc039ed968aab2f0595ca77eb52ec246d24b0a80a536ac67

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/scriptaculous/controls.js HTTP/1.1
Host: filecrypt.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://filecrypt.co/Create.html
Cookie: PHPSESSID=6sj1c3mg12h4ejg136u8mf4184; lang=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 00:33:40 GMT
content-type: application/javascript; charset=utf-8
etag: W/"53db3978-87e3"
last-modified: Fri, 01 Aug 2014 06:53:44 GMT
cf-cache-status: DYNAMIC
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OJiSF%2BdXM5fASR3DH2QhIgYDDtrElMufMotmy4soJCyUTy6R7xDlPRdtApZVYK2WNvqxZAVK3Punc%2Blup57Mry3Bb2Pi4H1TZR2yE6fOWLZ1OCIqgvtdHO%2BvBag6i7s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 924199557bb7569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1607&min_rtt=848&rtt_var=776&sent=123&recv=33&lost=0&retrans=0&sent_bytes=111457&recv_bytes=5323&delivery_rate=12564233&cwnd=24000&unsent_bytes=0&cid=3aff2f5f1852e297&ts=901&x=1", cfExtPri, cfHdrFlush;dur=0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML