dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
91.226.124.80200 OK 6.4 kB URL User Request GET HTTP/1.1 dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
IP 91.226.124.80:443
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (734), with CRLF, CR, LF line terminators
Hash 219533c88ed781176f700fe9c9dc7bff
49e4653b726846d73e014305216b51a1ab0593ae
5f760e4471595bae4d6f6acaeb2b3510f3655e4f3c1ec06e32d85ed671c9691e
GET /files/521a65ryj/PayDay2_v-1431.exe HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: uprand=3f60a911b69403479d7c46920311f871; path=/; domain=.dfiles.eu
last_file=521a65ryj; path=/; domain=.dfiles.eu
lang_current=en; expires=Wed, 22-May-2024 18:18:24 GMT; Max-Age=31536000; path=/; domain=.dfiles.eu; secure
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
www.googletagmanager.com/gtag/js?id=G-BL9163LYG1
142.250.74.168200 OK 85 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-BL9163LYG1
IP 142.250.74.168:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint55:51:32:58:36:72:A1:C8:50:5E:5A:8D:CE:A5:2F:DC:D7:1E:62:03
ValidityMon, 24 Apr 2023 11:56:06 GMT - Mon, 17 Jul 2023 11:56:05 GMT
File type ASCII text, with very long lines (4509)
Hash cb7f572ff78c03894c5d633ab4b04e10
47803d8b0eee6329d11acf978d2f059431aa539a
5130add1538afd2a04b367af117c62240b5d3558367cf899f894dcc42d964631
GET /gtag/js?id=G-BL9163LYG1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 23 May 2023 18:18:24 GMT
expires: Tue, 23 May 2023 18:18:24 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85374
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js
216.58.211.4200 OK 557 B URL GET HTTP/2 www.google.com/recaptcha/api.js
IP 216.58.211.4:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint85:AD:43:66:C0:73:07:1B:B5:5D:4A:83:4B:76:3F:DA:4B:2B:E1:F8
ValidityMon, 24 Apr 2023 12:01:16 GMT - Mon, 17 Jul 2023 12:01:15 GMT
File type ASCII text, with very long lines (850), with no line terminators
Hash b7b728964630ecd7e800d650f14695c5
473f7633fea7e2f828c3df9ab19356286f10a692
f4de494b6cfd42ce31b244cd84410cd4259d82773485f6c7b4ffd2a7ca2d6217
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
expires: Tue, 23 May 2023 18:18:25 GMT
date: Tue, 23 May 2023 18:18:25 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 557
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.depositfiles.com/js/download_utils.js
91.226.124.79200 OK 13 kB URL GET HTTP/1.1 static.depositfiles.com/js/download_utils.js
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type ASCII text, with very long lines (2250)
Hash 90a706006bc709cdc974ff3e0e01b34f
89585d2c7cac44c9c03c118bbb38aefba1d8a1e4
16f1515b9938fc7de086c504fe214484d97e237647a5d7fa2cb742a93f00c1ea
GET /js/download_utils.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: application/javascript
Content-Length: 13383
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-3447"
Expires: Tue, 23 May 2023 18:23:25 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/js/gold_offer.js
91.226.124.79200 OK 9.9 kB URL GET HTTP/1.1 static.depositfiles.com/js/gold_offer.js
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type HTML document text\012- HTML document, ASCII text
Hash 041bdbbe3ac15bc57b14933e164b55f8
790f921426d0b602424fb3077ca900af94b5ad9e
a86d8d81e5c254822628c578c40d2d62956ab3060632d1884b5080093365b97b
GET /js/gold_offer.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: application/javascript
Content-Length: 9887
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-269f"
Expires: Tue, 23 May 2023 18:23:25 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/js/jquery.validate.js
91.226.124.79200 OK 38 kB URL GET HTTP/1.1 static.depositfiles.com/js/jquery.validate.js
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type Unicode text, UTF-8 text, with very long lines (1238)
Hash d5231b6378847ebdb55f64c77d5a234f
eed97aa0b2aa9486b6f6831ed8a85dc729ad6b9c
95434a8a2568a6481a1fbcf5808a75dd58e77348ed6d70b4f7aeda8842e8f0c7
GET /js/jquery.validate.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: application/javascript
Content-Length: 38269
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-957d"
Expires: Tue, 23 May 2023 18:23:25 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/css/main.css
91.226.124.79200 OK 47 kB URL GET HTTP/1.1 static.depositfiles.com/css/main.css
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type ASCII text, with very long lines (332)
Hash af57443dfa4bc2d3299321923ae1c57f
d922badb0ed1d665302cf93268e9960d0a04c065
50d446eade67c33dc4dba74f2f2b7480b5021de5a98bfedc1f10ce5c35d966f3
GET /css/main.css HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: text/css
Last-Modified: Thu, 28 Apr 2022 09:39:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"626a60be-2f719"
Expires: Tue, 23 May 2023 18:23:25 GMT
Cache-Control: max-age=300
Content-Encoding: gzip
static.depositfiles.com/js/function.js
91.226.124.79200 OK 35 kB URL GET HTTP/1.1 static.depositfiles.com/js/function.js
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type ASCII text, with very long lines (4240)
Hash a5779d2f560cd50376dbba372b0fd15b
07b08e35b9254288c1372e37577db8b9e4da01b4
51d26403861d61a7842bc73f518d4a4351a7027c40c9f0347f61421226950b84
GET /js/function.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: application/javascript
Content-Length: 34915
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-8863"
Expires: Tue, 23 May 2023 18:23:25 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
static.depositfiles.com/js/base2.js
91.226.124.79200 OK 399 kB URL GET HTTP/1.1 static.depositfiles.com/js/base2.js
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type Unicode text, UTF-8 text, with very long lines (65481)
Size 399 kB (398927 bytes)
Hash 2fcae8126c3fd9a626370a701f0bd887
f3496fb7bbe122a9774d7dcfcd68da03a24dc285
d29ab86f64b4fcfbc45b9ef806c147f1e42e37e37d44a559147232288063badc
GET /js/base2.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: application/javascript
Content-Length: 398927
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-6164f"
Expires: Tue, 23 May 2023 18:23:25 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes
pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
192.243.59.13200 OK 13 kB URL GET HTTP/1.1 pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
IP 192.243.59.13:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjecthighrevenuegate.com
FingerprintE3:83:9C:63:64:A5:46:F7:CE:7B:E1:4D:12:0F:29:C3:22:23:C0:14
ValidityTue, 02 May 2023 09:41:55 GMT - Mon, 31 Jul 2023 09:41:54 GMT
File type ASCII text, with very long lines (37143), with no line terminators
Hash b457c223a924a19fd2e5513094302b8e
dfb3faa7d775d655538705edab6f07ca697d4b02
4336c3733cc3662f87ae1d70f99ad101d486dd1a0c4923c7c36648ae65ce8389
Analyzer Verdict Alert fortinet Malware
GET /22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js HTTP/1.1
Host: pl16105218.highrevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2cbab43a1c29cd19934f3001ae7ca49b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.depositfiles.com/images/no.png
91.226.124.79200 OK 3.1 kB URL GET HTTP/1.1 static.depositfiles.com/images/no.png
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 1724ae7b4437c460dafe40dfe9f96d41
8dc80d5b802f180254a8ee1bf1edf0b843205f1e
9b95b8f24b2b0808d611f4fd9bf5f3c548b352ae6100ab7b298b99a86905db79
GET /images/no.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/png
Content-Length: 3146
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-c4a"
Accept-Ranges: bytes
static.depositfiles.com/images/speed_small.gif
91.226.124.79200 OK 24 kB URL GET HTTP/1.1 static.depositfiles.com/images/speed_small.gif
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type GIF image data, version 89a, 200 x 200\012- data
Hash 5cbc96bbb7230dd17ed38b5dd6e3271c
6ee1f0b9e29ac3e824cccd6e5135d51c8d3aaea1
01edcbb65e514def555b1e999d3a72f118f67e572f628293b91893b3758c6991
GET /images/speed_small.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/gif
Content-Length: 23980
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-5dac"
Expires: Sun, 28 May 2023 18:18:25 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/yes.png
91.226.124.79200 OK 3.3 kB URL GET HTTP/1.1 static.depositfiles.com/images/yes.png
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 3055b8489aeb385fb40b27f0bf0a5ae7
4cfbe45a0ba393ab8ad535cc04af30debef0a1ab
b325d6cb153b02050e59230e2abfb01e05f4bda708ad54bd8f6d9693fa9c2dac
GET /images/yes.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/png
Content-Length: 3275
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-ccb"
Accept-Ranges: bytes
static.depositfiles.com/images/speed_small_gold.gif
91.226.124.79200 OK 14 kB URL GET HTTP/1.1 static.depositfiles.com/images/speed_small_gold.gif
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type GIF image data, version 89a, 200 x 200\012- data
Hash c5f8f0e9ecd16637e267912376c24bed
324567a641d318ecfafe6374dfba86ccb2f90dd7
13678b229b6c4224bcb9578a2f29bc3686958f4bea73af7645eb39af4246e6a9
GET /images/speed_small_gold.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/gif
Content-Length: 14492
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-389c"
Expires: Sun, 28 May 2023 18:18:25 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/flags/lang24.png
91.226.124.79200 OK 9.2 kB URL GET HTTP/1.1 static.depositfiles.com/images/flags/lang24.png
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 24 x 552, 8-bit/color RGBA, non-interlaced\012- data
Hash efdcd1ca23d564ddd811f41152a2b83c
0b5aa064e7f8f241363c55fa17eb448f42a5f8df
ce23be242e34c5b420f8ba0390aef20fa50ffc69f700091029616eff524e8f9b
GET /images/flags/lang24.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/png
Content-Length: 9172
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-23d4"
Accept-Ranges: bytes
static.depositfiles.com/images/upload_btn_bg.gif
91.226.124.79200 OK 9.0 kB URL GET HTTP/1.1 static.depositfiles.com/images/upload_btn_bg.gif
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type GIF image data, version 89a, 209 x 75\012- data
Hash 6f312f0f4ff138758bae76420f6efd78
b40a28f162140fedff9ee5ce0d687868b1f73d17
c667d75c7f916bf8b140b0e1f7ab0c996f76d4642faed85bd9fef3c738f0912b
GET /images/upload_btn_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/gif
Content-Length: 9010
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-2332"
Expires: Sun, 28 May 2023 18:18:25 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/logo.png
91.226.124.79200 OK 3.6 kB URL GET HTTP/1.1 static.depositfiles.com/images/logo.png
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 176 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash c41fdd84b04e45a91cb17cfdeccb1b38
fec7fffe104c7e169aeb159032078c4b71ff2cdc
7f89eb8ab03684f4db282ca30eb231b1e254bca10c7b511950df5e0eab0a68a0
GET /images/logo.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/png
Content-Length: 3623
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-e27"
Accept-Ranges: bytes
static.depositfiles.com/images/member_menu_bg.gif
91.226.124.79200 OK 78 B URL GET HTTP/1.1 static.depositfiles.com/images/member_menu_bg.gif
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type GIF image data, version 89a, 1 x 48\012- data
Hash 20a24b56dcedf6a71a71ebec771e1f7d
d7bed493d5d4eeaed5dbbf7d30d45107840790a0
6f57f29224d8e9e51ed0839e329055426fba7dcd97ef31e93ed495f93a6063df
GET /images/member_menu_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/gif
Content-Length: 78
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-4e"
Expires: Sun, 28 May 2023 18:18:25 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
static.depositfiles.com/images/sprite.png
91.226.124.79200 OK 37 kB URL GET HTTP/1.1 static.depositfiles.com/images/sprite.png
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 102 x 630, 8-bit/color RGBA, non-interlaced\012- data
Hash 2333675d7e431d5313c6dbb5230a14cd
93c4032e5b8b85793a9cda7167804445d950dd96
b287134a60667ce8e2c3fa1603e3a8f2ffa59c64e746d026d1a13ef19f3f38a0
GET /images/sprite.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/png
Content-Length: 36802
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-8fc2"
Accept-Ranges: bytes
static.depositfiles.com/images/sprite64.png
91.226.124.79200 OK 29 kB URL GET HTTP/1.1 static.depositfiles.com/images/sprite64.png
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 64 x 1088, 8-bit/color RGBA, non-interlaced\012- data
Hash e50649ecf6a2094c25da755ea0ea7bd1
e1c3e229a62f049442fa16cf43ec07f384b27362
a9ed59ab3bbcfdf66224664aeb14fa0f0e8f034d8472a58dadcf65cfff17685d
GET /images/sprite64.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/png
Content-Length: 28747
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-704b"
Accept-Ranges: bytes
simplewebanalysis.com/stats
18.192.155.180200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP 18.192.155.180:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 2d8e6e0564e1e59d98eaa290f7219a4b
312671f6cfc0ade361aef5bff21ef3f0fb581354
0e1136aaf47b8f7f23ba94831b725b23af6e82cbf5121419fd20de19d3975fcb
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:25 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=4f295984-fea6-49fe-a2aa-ccedfecc3a81:2:1; expires=Fri, 20 May 2033 18:18:25 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
static.depositfiles.com/images/sprite16.png
91.226.124.79200 OK 28 kB URL GET HTTP/1.1 static.depositfiles.com/images/sprite16.png
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type PNG image data, 32 x 1072, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e86fe2d2c2650c5f4663f0fc135ebc1
ba86e14a9abcff0581eda84a307594ef1288b982
604187f8828381a47ae70249f55f21c78c53ab1401d20a5f2230a0d6c9ae50d1
GET /images/sprite16.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: image/png
Content-Length: 28501
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-6f55"
Accept-Ranges: bytes
adsbb.dfiles.eu//ad.php?z=56&c=NO
91.226.124.80303 See Other 0 B URL GET HTTP/1.1 adsbb.dfiles.eu//ad.php?z=56&c=NO
IP 91.226.124.80:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=56&c=NO HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=3f60a911b69403479d7c46920311f871; last_file=521a65ryj; lang_current=en; _ga_BL9163LYG1=GS1.1.1684865905.1.0.1684865905.0.0.0; _ga=GA1.1.1771423245.1684865905
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 303 See Other
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf56=1; expires=Wed, 24-May-2023 18:18:26 GMT; Max-Age=86400
Location: /upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
91.226.124.80303 See Other 0 B URL GET HTTP/1.1 adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
IP 91.226.124.80:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET //ad.php?z=58&c=NO&g=gateway HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=3f60a911b69403479d7c46920311f871; last_file=521a65ryj; lang_current=en; _ga_BL9163LYG1=GS1.1.1684865905.1.0.1684865905.0.0.0; _ga=GA1.1.1771423245.1684865905
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 303 See Other
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf58=1; expires=Wed, 24-May-2023 18:18:26 GMT; Max-Age=86400
Location: /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
loader.unblockia.com/c/dfiles.eu/config.json
108.157.214.40200 OK 47 kB URL GET HTTP/2 loader.unblockia.com/c/dfiles.eu/config.json
IP 108.157.214.40:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (46747), with no line terminators
Hash f365c1e4619a90bbadadacf55598fe90
1623c939b72aecd3831e1da35e4c0a5229383e91
23e2e4d868bb2652b97e9e13d36df1dfeeba338d4e9c4d1d737fba6b2b2b2d52
GET /c/dfiles.eu/config.json HTTP/1.1
Host: loader.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 46747
last-modified: Fri, 12 May 2023 12:21:43 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 9pI8Ts97IpPXbRP2Kcl6CF4_Ph.rjMBr
accept-ranges: bytes
server: AmazonS3
date: Tue, 23 May 2023 01:40:41 GMT
etag: "f365c1e4619a90bbadadacf55598fe90"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ea75fde43c768e7e1d041f8b7a07bd6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: taHPAppVTVHAlNePXwu7u2cQHEXVocxltYPGKAd8p5W5pFn_tvao7Q==
age: 61532
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/wp-banners.js
45.133.44.53200 OK 0 B URL GET HTTP/2 js.wpshsdk.com/npc/sdk/wp-banners.js
IP 45.133.44.53:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectjs.wpshsdk.com
Fingerprint78:77:A4:19:CC:0D:15:24:69:96:1B:44:C9:A0:4D:0B:B7:C0:F2:D8
ValidityMon, 27 Mar 2023 02:06:36 GMT - Sun, 25 Jun 2023 02:06:35 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Tue, 23 May 2023 18:23:26 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
js.wpadmngr.com/static/adManager.js
45.133.44.53200 OK 1.2 kB URL GET HTTP/2 js.wpadmngr.com/static/adManager.js
IP 45.133.44.53:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectjs.wpadmngr.com
FingerprintA9:7C:F8:A4:B8:B3:E3:98:76:72:9E:0B:4A:FB:FB:39:D4:F4:54:3D
ValidityTue, 16 May 2023 02:02:19 GMT - Mon, 14 Aug 2023 02:02:18 GMT
File type gzip compressed data, from Unix\012- data
Hash 1a3f3ff421a17233ddaeaa3188b4f658
7fa58fd4f2db9fae34aa7d5659c9448a53f9decd
a41c00923d35a8fab0010e01409118aa4c61094fc925b4856f4da32419828cf6
GET /static/adManager.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:25 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 05 Dec 2022 13:37:26 GMT
etag: W/"638df416-4dd"
content-encoding: gzip
expires: Tue, 23 May 2023 18:23:25 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.76200 OK 677 B URL GET HTTP/1.1 adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.76:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash f7814638a4453f3f2c13545bf6845c7a
e786aead9ed89096cf115d847dba1048a70b8efa
93a3a6566b084b7fbe86a96ac06b949fcf2a01f68c7da51f21141c724937c8ae
GET /upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=3f60a911b69403479d7c46920311f871; last_file=521a65ryj; lang_current=en; _ga_BL9163LYG1=GS1.1.1684865905.1.0.1684865905.0.0.0; _ga=GA1.1.1771423245.1684865905; _nf56=1; _nf58=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Tue, 23 May 2023 18:15:01 GMT
Content-Encoding: gzip
adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
91.226.124.76200 OK 678 B URL GET HTTP/1.1 adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP 91.226.124.76:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 9b785ec39dcd55fe17d0758f36c64781
74cef24fe8406aed1f419f820f35e81adaecf6b5
bcf7431ee9307f4b44d719dde71b250eeb40181aacc87a1ca4825e2bccce46b8
GET /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=3f60a911b69403479d7c46920311f871; last_file=521a65ryj; lang_current=en; _ga_BL9163LYG1=GS1.1.1684865905.1.0.1684865905.0.0.0; _ga=GA1.1.1771423245.1684865905; _nf56=1; _nf58=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Tue, 23 May 2023 18:15:01 GMT
Content-Encoding: gzip
varycares.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
192.243.61.225200 OK 29 kB URL GET HTTP/1.1 varycares.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
IP 192.243.61.225:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 23ac2034d20c9d7673861862e99254ed
4c9c82ee93ed395064b52383dbb9317154558950
6bd422d89eb0fb751ff7599284d3c565e700637ae2d7a4f5a9579e762592879a
Analyzer Verdict Alert quad9 Sinkholed
GET /c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 641cdbffc2c6e9cf986f8c10374ad6af
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
18.192.155.180200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP 18.192.155.180:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 2d8e6e0564e1e59d98eaa290f7219a4b
312671f6cfc0ade361aef5bff21ef3f0fb581354
0e1136aaf47b8f7f23ba94831b725b23af6e82cbf5121419fd20de19d3975fcb
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=4f295984-fea6-49fe-a2aa-ccedfecc3a81:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ip2geo.pubfuture-ad.com/detail
104.26.0.97200 OK 33 B URL GET HTTP/2 ip2geo.pubfuture-ad.com/detail
IP 104.26.0.97:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 007af5ffed017e37943df31888ef8666
2877ed4c460ba9164b3625e32502a9d83a2a1d4a
bfb9d45766b6f87ee2c5f55862cdffe168aa7df0ff6ed0917b0fbcb035fdcdd2
GET /detail HTTP/1.1
Host: ip2geo.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:26 GMT
content-type: application/json; charset=utf-8
content-length: 33
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"21-KHftTEYLqRZLNiXjJQKp2DoqHUo"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XhcsLLlz17I11aAXw1CwlD3tsSBRNF3DRm0H%2BC%2FxzRu%2BQfqVw2GzwcREbjVdH4ChHI2KFZkvWkssMhTjFpWHT1l8V0Q7rd2BYEKeVOngNOfsthQMUrfUEFWZWdm64XkifsfH8bq2Pkge"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cbf4d294cac0b51-OSL
X-Firefox-Spdy: h2
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.76 85 kB URL adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.76:0
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=3f60a911b69403479d7c46920311f871; last_file=521a65ryj; lang_current=en; _ga_BL9163LYG1=GS1.1.1684865905.1.0.1684865905.0.0.0; _ga=GA1.1.1771423245.1684865905; _nf56=1; _nf58=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
91.226.124.76 85 kB URL adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP 91.226.124.76:0
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=3f60a911b69403479d7c46920311f871; last_file=521a65ryj; lang_current=en; _ga_BL9163LYG1=GS1.1.1684865905.1.0.1684865905.0.0.0; _ga=GA1.1.1771423245.1684865905; _nf56=1; _nf58=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
varycares.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
192.243.61.225200 OK 3.0 kB URL GET HTTP/1.1 varycares.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
IP 192.243.61.225:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT
File type JSON data\012- , ASCII text, with very long lines (5431), with no line terminators
Hash 49350e4db1369df2795eae2f97c87f46
a3c82f7fef3974b66f03b396ceaf8746a6e9a6af
5cc7226257ce575120323ac5c74fa5015f949596e8af96d26035faa8aece7b37
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6 HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dfiles.eu
Access-Control-Allow-Origin: https://dfiles.eu
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16004719; expires=Wed, 24 May 2023 18:18:26 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 24 May 2023 18:18:26 GMT; secure; SameSite=None
uncs=1; expires=Wed, 24 May 2023 18:18:26 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 24 May 2023 18:18:26 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 24 May 2023 18:18:26 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 56c1a0b22b0756f6dee6a39b638b7054
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.depositfiles.com/images/favicon.ico
91.226.124.79200 OK 318 B URL GET HTTP/1.1 static.depositfiles.com/images/favicon.ico
IP 91.226.124.79:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT
File type MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Hash 0f0b975ee529197ec75780ebc2de5907
59688c6aafca5606e388ba9a44fc9dc25fc32cd3
28a0b52229f05b66354ca38b6b813d2281af3efb7e8b0a424ef8b4c68b9e583c
GET /images/favicon.ico HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: image/x-icon
Content-Length: 318
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-13e"
Accept-Ranges: bytes
www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js
142.250.74.35200 OK 167 kB URL GET HTTP/2 www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js
IP 142.250.74.35:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT
File type ASCII text, with very long lines (554)
Size 167 kB (166637 bytes)
Hash 213e1a6e418f3df36f2ec077314ef525
7a553e545a48271f3afec47b3ed5f3518cfdd7b4
ad5008998005064af73229fb144d5f8e789641f8a846e2064ec18788a37e9e2d
GET /recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166637
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 20 May 2023 19:09:56 GMT
expires: Sun, 19 May 2024 19:09:56 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 May 2023 04:00:52 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 256110
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
eyebrowsneardual.com/pixel/purst?dl=0&th=0&sc=0&rs=2356&rd=2356&fd=681&bv=22.10.v.10&tmpl=136
173.233.137.52200 OK 0 B URL GET HTTP/1.1 eyebrowsneardual.com/pixel/purst?dl=0&th=0&sc=0&rs=2356&rd=2356&fd=681&bv=22.10.v.10&tmpl=136
IP 173.233.137.52:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjecteyebrowsneardual.com
Fingerprint2C:8B:17:85:35:44:9E:22:29:58:89:0A:71:07:83:E7:9C:70:F3:3B
ValidityFri, 28 Apr 2023 01:15:11 GMT - Thu, 27 Jul 2023 01:15:10 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2356&rd=2356&fd=681&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: eyebrowsneardual.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=646d02a57bd3523046261092724396
91.226.124.76 43 B URL adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=646d02a57bd3523046261092724396
IP 91.226.124.76:0
Certificate IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /view.gif?c=2973&z=58&b=2775&u=646d02a57bd3523046261092724396 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=3f60a911b69403479d7c46920311f871; last_file=521a65ryj; lang_current=en; _ga_BL9163LYG1=GS1.1.1684865905.1.0.1684865905.0.0.0; _ga=GA1.1.1771423245.1684865905; _nf56=1; _nf58=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes
simplewebanalysis.com/stats
18.192.155.180200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP 18.192.155.180:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 2d8e6e0564e1e59d98eaa290f7219a4b
312671f6cfc0ade361aef5bff21ef3f0fb581354
0e1136aaf47b8f7f23ba94831b725b23af6e82cbf5121419fd20de19d3975fcb
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=4f295984-fea6-49fe-a2aa-ccedfecc3a81:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true
108.157.214.50200 OK 37 kB URL GET HTTP/2 cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true
IP 108.157.214.50:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 728x90, components 3\012- data
Hash 58fbb6ffe72ac0c1aa468de39ee18e13
d25230f1ef89aecc6048b0ceb09dd0af609ee7b6
e8ff7f3a8926e5b5497d2ab7a1bf47c5655e287a51045f11846f426ac6c7d180
GET /autopromos/unicef2.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 36773
last-modified: Tue, 12 Apr 2022 08:41:28 GMT
x-amz-version-id: xUurxjfnscsyJn430NFsrgfbabIFowSl
accept-ranges: bytes
server: AmazonS3
date: Tue, 23 May 2023 17:01:06 GMT
etag: "58fbb6ffe72ac0c1aa468de39ee18e13"
x-cache: Hit from cloudfront
via: 1.1 8ea75fde43c768e7e1d041f8b7a07bd6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: k5G8ZyBjK1JHQfVKZjBSEskMZdzCDrriq_M3nInNdrGG46sCuNWB1A==
age: 4651
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true
108.157.214.50200 OK 54 kB URL GET HTTP/2 cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true
IP 108.157.214.50:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 160x600, components 3\012- data
Hash 5dcf47442fc7fbb8d0263bbf4869537e
2c8232ac93448bbc06b5464f1839a5cdb2ed3e07
81804a1b2b20350ec009ba6429a4f58124c16ca30683af0af255544cd98c8fa6
GET /autopromos/unicef3.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 54292
last-modified: Tue, 12 Apr 2022 08:41:27 GMT
x-amz-version-id: iA22.ytP0i4dmuIhnc0eyNVgJlt2K4fl
accept-ranges: bytes
server: AmazonS3
date: Tue, 23 May 2023 04:08:48 GMT
etag: "5dcf47442fc7fbb8d0263bbf4869537e"
x-cache: Hit from cloudfront
via: 1.1 8ea75fde43c768e7e1d041f8b7a07bd6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 5365pCdVGeqt_q-8zvayiBWYI9GOESNu_KbowtMcq4QFhfAgO6oPOQ==
age: 53239
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
varycares.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST28cRRPGexIrh%2FflEsIFCaS5ARJaz4xn%2F5EDiglGFiYOCQhuqKe7Z924Z3rUPb2ztjhYREI5Lt9g%2FKwdC7Ci8AFAaMwtEpKXkw%2F4gJQPgEA5o11bLJQ0qnrqqcOvavqrfXdOAjh6tvaB3pVK0eV2K%2FBf%2FzQMb%2FobMncjf9TrfNaJb%2Fpm%2BFYY9FvBG%2F57gm3r5SgIgyAMQn9NGpHq0XIYhq0Asjjuh61%2B0IqjVtiOMTL%2F1dZ5sNQDH56TFyH59H%2FHj2NI1iDPntwWdrvUxZvvZk7RUhsM%2BdHH%2BXauqxzZokyNhzQ%2FupyGtqdrP0Lnh3Ng6OE%2Fg4mcEu%2FZ70jyo0tKJMPDC9BEQeRI%2BP9RDRsI1UDSBkw%2FgOSnBGAcdzaRZ4%2FuaFPRnQuXztwpWXr%2BJ2Q1JUu%2FvYQ8e7yq5Mi%2Fr5Urpc4tRmkNOWogBw0Kd4Jy9wpkdQJWfgnJfyHLzzeQZwebVmlIXs%2BXl7KBTBsoMQa1Htzskx5c6sEVHjJ%2B5ndZ3OvxXptTwViUpGEvjdO4T1mQsmClH8GxGd4YZTEGU2Mws4fC7GFbjmHcT7BbNSz3YMsp8T7cw5DXqARBZQkqSlBJgqokqIb1IVc2svUjrqxLwsscXeaVeqLLwT491OVA5GS%2FOCfX53f5q6OxLc78KIopj2kYJ3EStlnYjTpp2g3agnW6kaAdWFlD2ivzVXfl6Y0ChTx94RUk9ARWnYDJ66DuVdBq0o0C0K1J3Auwmz%2FhotBWlqlUwraYzsB1jaJcQrnj7atz8vKc47VnPgR7Si4DzNQoTI3P5c8EA%2FVwck9X5OCeriz5frMoZSZ36ezf3S9pKa59%2B77YqbTh67ft%2BJtbbGbMyuOPhC03aM5lPrDku1XJuTBr2jBBfli3n4jkrrNbq87krti4%2B87aelYYYa3UeQMqT7%2FogMkpuXbrcP4qb%2FzRgzQNjKuRuQWp1A1YsQdbLHpWExi10EnhoXL1xETJoqkkgRILTZMa9l86WdT79iEGxgMtHyDPagxNjaGqQdUY1l2dlIV5%2BvavK%2FNAorxJoox3kCijvr44rZVnvuiKTr8fB3GXB0ES8ygK24LRlZj2aRSlXZR2yrOr5m8AAAD%2F%2FwEAAP%2F%2F3PUQP2IEAAA%3D
192.243.61.225200 OK 7 B URL GET HTTP/1.1 varycares.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST28cRRPGexIrh%2FflEsIFCaS5ARJaz4xn%2F5EDiglGFiYOCQhuqKe7Z924Z3rUPb2ztjhYREI5Lt9g%2FKwdC7Ci8AFAaMwtEpKXkw%2F4gJQPgEA5o11bLJQ0qnrqqcOvavqrfXdOAjh6tvaB3pVK0eV2K%2FBf%2FzQMb%2FobMncjf9TrfNaJb%2Fpm%2BFYY9FvBG%2F57gm3r5SgIgyAMQn9NGpHq0XIYhq0Asjjuh61%2B0IqjVtiOMTL%2F1dZ5sNQDH56TFyH59H%2FHj2NI1iDPntwWdrvUxZvvZk7RUhsM%2BdHH%2BXauqxzZokyNhzQ%2FupyGtqdrP0Lnh3Ng6OE%2Fg4mcEu%2FZ70jyo0tKJMPDC9BEQeRI%2BP9RDRsI1UDSBkw%2FgOSnBGAcdzaRZ4%2FuaFPRnQuXztwpWXr%2BJ2Q1JUu%2FvYQ8e7yq5Mi%2Fr5Urpc4tRmkNOWogBw0Kd4Jy9wpkdQJWfgnJfyHLzzeQZwebVmlIXs%2BXl7KBTBsoMQa1Htzskx5c6sEVHjJ%2B5ndZ3OvxXptTwViUpGEvjdO4T1mQsmClH8GxGd4YZTEGU2Mws4fC7GFbjmHcT7BbNSz3YMsp8T7cw5DXqARBZQkqSlBJgqokqIb1IVc2svUjrqxLwsscXeaVeqLLwT491OVA5GS%2FOCfX53f5q6OxLc78KIopj2kYJ3EStlnYjTpp2g3agnW6kaAdWFlD2ivzVXfl6Y0ChTx94RUk9ARWnYDJ66DuVdBq0o0C0K1J3Auwmz%2FhotBWlqlUwraYzsB1jaJcQrnj7atz8vKc47VnPgR7Si4DzNQoTI3P5c8EA%2FVwck9X5OCeriz5frMoZSZ36ezf3S9pKa59%2B77YqbTh67ft%2BJtbbGbMyuOPhC03aM5lPrDku1XJuTBr2jBBfli3n4jkrrNbq87krti4%2B87aelYYYa3UeQMqT7%2FogMkpuXbrcP4qb%2FzRgzQNjKuRuQWp1A1YsQdbLHpWExi10EnhoXL1xETJoqkkgRILTZMa9l86WdT79iEGxgMtHyDPagxNjaGqQdUY1l2dlIV5%2BvavK%2FNAorxJoox3kCijvr44rZVnvuiKTr8fB3GXB0ES8ygK24LRlZj2aRSlXZR2yrOr5m8AAAD%2F%2FwEAAP%2F%2F3PUQP2IEAAA%3D
IP 192.243.61.225:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SST28cRRPGexIrh%2FflEsIFCaS5ARJaz4xn%2F5EDiglGFiYOCQhuqKe7Z924Z3rUPb2ztjhYREI5Lt9g%2FKwdC7Ci8AFAaMwtEpKXkw%2F4gJQPgEA5o11bLJQ0qnrqqcOvavqrfXdOAjh6tvaB3pVK0eV2K%2FBf%2FzQMb%2FobMncjf9TrfNaJb%2Fpm%2BFYY9FvBG%2F57gm3r5SgIgyAMQn9NGpHq0XIYhq0Asjjuh61%2B0IqjVtiOMTL%2F1dZ5sNQDH56TFyH59H%2FHj2NI1iDPntwWdrvUxZvvZk7RUhsM%2BdHH%2BXauqxzZokyNhzQ%2FupyGtqdrP0Lnh3Ng6OE%2Fg4mcEu%2FZ70jyo0tKJMPDC9BEQeRI%2BP9RDRsI1UDSBkw%2FgOSnBGAcdzaRZ4%2FuaFPRnQuXztwpWXr%2BJ2Q1JUu%2FvYQ8e7yq5Mi%2Fr5Urpc4tRmkNOWogBw0Kd4Jy9wpkdQJWfgnJfyHLzzeQZwebVmlIXs%2BXl7KBTBsoMQa1Htzskx5c6sEVHjJ%2B5ndZ3OvxXptTwViUpGEvjdO4T1mQsmClH8GxGd4YZTEGU2Mws4fC7GFbjmHcT7BbNSz3YMsp8T7cw5DXqARBZQkqSlBJgqokqIb1IVc2svUjrqxLwsscXeaVeqLLwT491OVA5GS%2FOCfX53f5q6OxLc78KIopj2kYJ3EStlnYjTpp2g3agnW6kaAdWFlD2ivzVXfl6Y0ChTx94RUk9ARWnYDJ66DuVdBq0o0C0K1J3Auwmz%2FhotBWlqlUwraYzsB1jaJcQrnj7atz8vKc47VnPgR7Si4DzNQoTI3P5c8EA%2FVwck9X5OCeriz5frMoZSZ36ezf3S9pKa59%2B77YqbTh67ft%2BJtbbGbMyuOPhC03aM5lPrDku1XJuTBr2jBBfli3n4jkrrNbq87krti4%2B87aelYYYa3UeQMqT7%2FogMkpuXbrcP4qb%2FzRgzQNjKuRuQWp1A1YsQdbLHpWExi10EnhoXL1xETJoqkkgRILTZMa9l86WdT79iEGxgMtHyDPagxNjaGqQdUY1l2dlIV5%2BvavK%2FNAorxJoox3kCijvr44rZVnvuiKTr8fB3GXB0ES8ygK24LRlZj2aRSlXZR2yrOr5m8AAAD%2F%2FwEAAP%2F%2F3PUQP2IEAAA%3D HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:27 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b189060f1c50cb135a52176be50ca374
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.barscreative1.com/sb/notifications/software/us/norton/1/index.html
45.133.44.3200 OK 804 B URL GET HTTP/2 cdn.barscreative1.com/sb/notifications/software/us/norton/1/index.html
IP 45.133.44.3:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint0B:AE:8A:C0:29:EA:B0:86:29:66:F6:7E:76:63:66:57:38:88:FC:E6
ValidityMon, 15 May 2023 04:01:53 GMT - Sun, 13 Aug 2023 04:01:52 GMT
File type HTML document text\012- HTML document, ASCII text
Hash 3be2a223ed1b1c36a153f54be2c83f27
ec1a98749afdd4b466d1834239572161f4483f56
a3ae56824eb2005ad2daea5baa21fe6f0fa44891f59c34aed64b7232f59354c6
GET /sb/notifications/software/us/norton/1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: text/html; charset=utf-8
content-length: 804
server: nginx/1.17.6
last-modified: Wed, 17 Feb 2021 11:42:48 GMT
etag: "602d0138-324"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Tue, 23 May 2023 19:18:27 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
t.unblockia.com/?sid=140&o=3&b=2&p=1&t=1
54.230.111.90200 OK 0 B URL POST HTTP/2 t.unblockia.com/?sid=140&o=3&b=2&p=1&t=1
IP 54.230.111.90:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /?sid=140&o=3&b=2&p=1&t=1 HTTP/1.1
Host: t.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
content-type: application/json
content-length: 0
server: nginx/1.20.0
date: Tue, 23 May 2023 18:18:27 GMT
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Flv_z-cWfr-YF-6rKdDcu3ZZBP_Noe_daVkyuZYBsJrEDOekKDJ1ew==
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Findex.html&l=804&fd=165
192.243.61.225200 OK 0 B URL GET HTTP/1.1 varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Findex.html&l=804&fd=165
IP 192.243.61.225:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Findex.html&l=804&fd=165 HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:27 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
notification.tubecup.net/tags?tag_id=46445&timezone_olson=UTC&version_name=d
78.47.199.210204 No Content 0 B URL GET HTTP/2 notification.tubecup.net/tags?tag_id=46445&timezone_olson=UTC&version_name=d
IP 78.47.199.210:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tags?tag_id=46445&timezone_olson=UTC&version_name=d HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.18.0
date: Tue, 23 May 2023 18:18:27 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/js/script.js
172.64.196.23200 OK 59 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/norton/1/js/script.js
IP 172.64.196.23:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
Hash 2c74052305c8fdb7d12d52f9b5d49f95
f56cdefd437d28e3e238c57a92108f3af9dbecea
b709aa45ff7eb1d6c667ceaeb90df1340dcfe97f3c620c2efd58f2335d5f1aeb
GET /sb/notifications/software/us/norton/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:45:00 GMT
etag: W/"602d01bc-181"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 46076
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3CrWjUFSmf6hJTMs4p8hV5dXkj4LcCT1SQRZQQs9z7CtrF%2FZFyh8AAANjLrvJ0bLJWehdWJgpNCiHC8s0r2OO2bEyGFPPK%2FqkbGgRNpXJt1asxL1jiQK0ax8JmBY9mbY5CAGm%2BAP9M00"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbf4d323ca54133-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/close.png
172.64.196.23200 OK 1.8 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/close.png
IP 172.64.196.23:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash c1b8f53c3afa0fdd5be48e6bfdbbb6fa
eeb2cd8d17e3abe135865be77330b8519f6bceb2
8f5d7d0bf69b5fcb8a110dd7c79948e70c860440b6ecc803a20ababe193a1af0
GET /sb/notifications/software/us/norton/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: image/png
content-length: 1778
last-modified: Wed, 17 Feb 2021 11:45:01 GMT
etag: "602d01bd-6f2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 10118848
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XSBf5rjllH05c137zhMSct2CI7YEKKJgg1DVqn5tRIdjbFV6%2BW0K6zoJY54NlTiIjrA%2FgM1%2FqIlAnteUuXM6svSrxrivFE8xvesEGaG9tuPyyTJMX5zjpCzNDUW1F6j%2BLptog1D6KDSB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbf4d336b397315-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fanimate.css&l=79249&fd=220
192.243.61.225200 OK 0 B URL GET HTTP/1.1 varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fanimate.css&l=79249&fd=220
IP 192.243.61.225:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fanimate.css&l=79249&fd=220 HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:27 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fstyle.css&l=2311&fd=271
192.243.61.225200 OK 0 B URL GET HTTP/1.1 varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fstyle.css&l=2311&fd=271
IP 192.243.61.225:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fstyle.css&l=2311&fd=271 HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:27 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
varycares.com/impr.gif?sid=H4sIAAAAAAAC%2F1SST28cRRPGexIrh%2FflEsIFCaS5ARJaz4xn%2F5gcUEwwsjBxSEBwQz3dPevGPdOj7umdtcXBIhLKcfkG42ftWIAVhQ8AQmNukZC8nHzAB6R8AATKGe16xUJJo6qnnjr8qqa%2FOnAXJICj5%2Bsf6D2pFF1utwL%2F9U%2FD8Ka%2FKXM39Ie9zmed%2BKZvBm%2BFwWoreMN%2FT7AdvRwFYRCEQeivSyNSPVwOw7AVQBYnq2FrNWjFUStsxxia%2F2rrPFjqgQ8uyIuQfPK%2Fk8cxJGuQZ09uC7tT6uLNdzOnaKkNBvz443wn11WObFGmxkOaH8%2Bnoe3Z%2Bo%2FQ%2BdEMGHrwz2AiJ8R79juS%2FHhOiWRwdAmaKIgcCf8%2FqkEDoRpI2oDpB5D8jACM484W8uzRHW0qunvp0qk7IUvP%2F4SsJmTpt5eQZ4%2FXlBz697VypdS5xTCtIYcNZL9B4U5R7l2BrE7Byi8h%2BS9k%2Bfkm8uxwyyoNyevZ8lI2kGkDJUag1oObftKDSz24wkPGz%2F0ui3s93mtzKhiLkjTspXEar1IWpCxYWY3g2BRvhLIYgakRmNlHYfaxI0cw7ifY7RqWe7DlhHgf7mPAa1SCoLIEFSWoJEFVElSD%2BogrG9n6EVfWJeE8R%2FO8Uo912T%2BgR7rsi5wcFBfk%2Buwuf3U0dsS5H0Ux5TEN4yROwjYLu1EnTbtBW7BONxK0AytrSHtltuqePLtRoJBnL7yChJ7CqlMweR3UvQpajbtRALo9jnsB9vInXBTayjKVStgW0xm4rlGUSyh3vQN1QV6ecbz2zIdgT8k8wEyNwtT4XP5M0FcPx%2Fd0RQ7v6cqS77eKUmZyj07%2F3f2SluLat%2B%2BL3UobvnHbjr65xabGtDz5SNhyk%2BZc5n1LvluTnAuzrg0T5IcN%2B4lI7jq7veZM7orNu%2B%2Bsb2SFEdZKnTeg8uyLDpickGu3jmav8sYfPUjTwLgamVuQSt2AFfuwxaJnNYFRC50UHipXj02ULJpKEiix0DSpYf%2Blk0V9YB%2BibzzQ8gHyrMbA1BioGlSNYN3VcVmYp2%2F%2FujILJMobJ8p4h4ky6uvL01p57jMWCBom3VAILtorjMUd1ks66UrcFb02b6O0E55dNX8DAAD%2F%2FwEAAP%2F%2FI9K4L2IEAAA%3D
192.243.61.225200 OK 7 B URL GET HTTP/1.1 varycares.com/impr.gif?sid=H4sIAAAAAAAC%2F1SST28cRRPGexIrh%2FflEsIFCaS5ARJaz4xn%2F5gcUEwwsjBxSEBwQz3dPevGPdOj7umdtcXBIhLKcfkG42ftWIAVhQ8AQmNukZC8nHzAB6R8AATKGe16xUJJo6qnnjr8qqa%2FOnAXJICj5%2Bsf6D2pFF1utwL%2F9U%2FD8Ka%2FKXM39Ie9zmed%2BKZvBm%2BFwWoreMN%2FT7AdvRwFYRCEQeivSyNSPVwOw7AVQBYnq2FrNWjFUStsxxia%2F2rrPFjqgQ8uyIuQfPK%2Fk8cxJGuQZ09uC7tT6uLNdzOnaKkNBvz443wn11WObFGmxkOaH8%2Bnoe3Z%2Bo%2FQ%2BdEMGHrwz2AiJ8R79juS%2FHhOiWRwdAmaKIgcCf8%2FqkEDoRpI2oDpB5D8jACM484W8uzRHW0qunvp0qk7IUvP%2F4SsJmTpt5eQZ4%2FXlBz697VypdS5xTCtIYcNZL9B4U5R7l2BrE7Byi8h%2BS9k%2Bfkm8uxwyyoNyevZ8lI2kGkDJUag1oObftKDSz24wkPGz%2F0ui3s93mtzKhiLkjTspXEar1IWpCxYWY3g2BRvhLIYgakRmNlHYfaxI0cw7ifY7RqWe7DlhHgf7mPAa1SCoLIEFSWoJEFVElSD%2BogrG9n6EVfWJeE8R%2FO8Uo912T%2BgR7rsi5wcFBfk%2Buwuf3U0dsS5H0Ux5TEN4yROwjYLu1EnTbtBW7BONxK0AytrSHtltuqePLtRoJBnL7yChJ7CqlMweR3UvQpajbtRALo9jnsB9vInXBTayjKVStgW0xm4rlGUSyh3vQN1QV6ecbz2zIdgT8k8wEyNwtT4XP5M0FcPx%2Fd0RQ7v6cqS77eKUmZyj07%2F3f2SluLat%2B%2BL3UobvnHbjr65xabGtDz5SNhyk%2BZc5n1LvluTnAuzrg0T5IcN%2B4lI7jq7veZM7orNu%2B%2Bsb2SFEdZKnTeg8uyLDpickGu3jmav8sYfPUjTwLgamVuQSt2AFfuwxaJnNYFRC50UHipXj02ULJpKEiix0DSpYf%2Blk0V9YB%2BibzzQ8gHyrMbA1BioGlSNYN3VcVmYp2%2F%2FujILJMobJ8p4h4ky6uvL01p57jMWCBom3VAILtorjMUd1ks66UrcFb02b6O0E55dNX8DAAD%2F%2FwEAAP%2F%2FI9K4L2IEAAA%3D
IP 192.243.61.225:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SST28cRRPGexIrh%2FflEsIFCaS5ARJaz4xn%2F5gcUEwwsjBxSEBwQz3dPevGPdOj7umdtcXBIhLKcfkG42ftWIAVhQ8AQmNukZC8nHzAB6R8AATKGe16xUJJo6qnnjr8qqa%2FOnAXJICj5%2Bsf6D2pFF1utwL%2F9U%2FD8Ka%2FKXM39Ie9zmed%2BKZvBm%2BFwWoreMN%2FT7AdvRwFYRCEQeivSyNSPVwOw7AVQBYnq2FrNWjFUStsxxia%2F2rrPFjqgQ8uyIuQfPK%2Fk8cxJGuQZ09uC7tT6uLNdzOnaKkNBvz443wn11WObFGmxkOaH8%2Bnoe3Z%2Bo%2FQ%2BdEMGHrwz2AiJ8R79juS%2FHhOiWRwdAmaKIgcCf8%2FqkEDoRpI2oDpB5D8jACM484W8uzRHW0qunvp0qk7IUvP%2F4SsJmTpt5eQZ4%2FXlBz697VypdS5xTCtIYcNZL9B4U5R7l2BrE7Byi8h%2BS9k%2Bfkm8uxwyyoNyevZ8lI2kGkDJUag1oObftKDSz24wkPGz%2F0ui3s93mtzKhiLkjTspXEar1IWpCxYWY3g2BRvhLIYgakRmNlHYfaxI0cw7ifY7RqWe7DlhHgf7mPAa1SCoLIEFSWoJEFVElSD%2BogrG9n6EVfWJeE8R%2FO8Uo912T%2BgR7rsi5wcFBfk%2Buwuf3U0dsS5H0Ux5TEN4yROwjYLu1EnTbtBW7BONxK0AytrSHtltuqePLtRoJBnL7yChJ7CqlMweR3UvQpajbtRALo9jnsB9vInXBTayjKVStgW0xm4rlGUSyh3vQN1QV6ecbz2zIdgT8k8wEyNwtT4XP5M0FcPx%2Fd0RQ7v6cqS77eKUmZyj07%2F3f2SluLat%2B%2BL3UobvnHbjr65xabGtDz5SNhyk%2BZc5n1LvluTnAuzrg0T5IcN%2B4lI7jq7veZM7orNu%2B%2Bsb2SFEdZKnTeg8uyLDpickGu3jmav8sYfPUjTwLgamVuQSt2AFfuwxaJnNYFRC50UHipXj02ULJpKEiix0DSpYf%2Blk0V9YB%2BibzzQ8gHyrMbA1BioGlSNYN3VcVmYp2%2F%2FujILJMobJ8p4h4ky6uvL01p57jMWCBom3VAILtorjMUd1ks66UrcFb02b6O0E55dNX8DAAD%2F%2FwEAAP%2F%2FI9K4L2IEAAA%3D HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 76ac7937aaac6806f99770e80b15701b
Strict-Transport-Security: max-age=0; includeSubdomains
44831497b7.7b4d5bc078.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTIzMzE5NzYzMDc4NjIzNDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjQ5LjAiLCJ0YWdfaWQiOjQ2NDQ1LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjozLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNzYsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkRlcG9zaXRGaWxlcyUyQ0RlcG9zaXRGaWxlcyUyQ3Byb3ZpZGVzJTJDeW91JTJDd2l0aCUyQ2ElMkNsZWdpdGltYXRlJTJDdGVjaG5pY2FsJTJDc29sdXRpb24lMkN3aGljaCUyQ2VuYWJsZXMlMkN5b3UlMkN0byUyQ3VwbG9hZCUyQ3N0b3JlJTJDYWNjZXNzJTJDYW5kJTJDZG93bmxvYWQlMkN0ZXh0JTJDc29mdHdhcmUlMkMlMkNzY3JpcHRzJTJDaW1hZ2VzJTJDc291bmRzJTJDdmlkZW9zJTJDYW5pbWF0aW9ucyUyQ2FuZCUyQ2FueSUyQ290aGVyJTJDbWF0ZXJpYWxzJTJDaW4lMkNmb3JtJTJDb2YlMkNvbmUlMkNvciUyQ3NldmVyYWwlMkNlbGVjdHJvbmljJTJDZmlsZXMuIn0=
45.133.44.53200 OK 0 B URL GET HTTP/2 44831497b7.7b4d5bc078.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTIzMzE5NzYzMDc4NjIzNDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjQ5LjAiLCJ0YWdfaWQiOjQ2NDQ1LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjozLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNzYsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkRlcG9zaXRGaWxlcyUyQ0RlcG9zaXRGaWxlcyUyQ3Byb3ZpZGVzJTJDeW91JTJDd2l0aCUyQ2ElMkNsZWdpdGltYXRlJTJDdGVjaG5pY2FsJTJDc29sdXRpb24lMkN3aGljaCUyQ2VuYWJsZXMlMkN5b3UlMkN0byUyQ3VwbG9hZCUyQ3N0b3JlJTJDYWNjZXNzJTJDYW5kJTJDZG93bmxvYWQlMkN0ZXh0JTJDc29mdHdhcmUlMkMlMkNzY3JpcHRzJTJDaW1hZ2VzJTJDc291bmRzJTJDdmlkZW9zJTJDYW5pbWF0aW9ucyUyQ2FuZCUyQ2FueSUyQ290aGVyJTJDbWF0ZXJpYWxzJTJDaW4lMkNmb3JtJTJDb2YlMkNvbmUlMkNvciUyQ3NldmVyYWwlMkNlbGVjdHJvbmljJTJDZmlsZXMuIn0=
IP 45.133.44.53:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subject44831497b7.7b4d5bc078.com
Fingerprint72:EC:F1:8D:66:7F:4F:F0:EB:69:9B:FD:06:42:B6:5C:DA:74:75:7F
ValiditySat, 20 May 2023 02:50:41 GMT - Fri, 18 Aug 2023 02:50:40 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTIzMzE5NzYzMDc4NjIzNDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjQ5LjAiLCJ0YWdfaWQiOjQ2NDQ1LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjozLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNzYsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkRlcG9zaXRGaWxlcyUyQ0RlcG9zaXRGaWxlcyUyQ3Byb3ZpZGVzJTJDeW91JTJDd2l0aCUyQ2ElMkNsZWdpdGltYXRlJTJDdGVjaG5pY2FsJTJDc29sdXRpb24lMkN3aGljaCUyQ2VuYWJsZXMlMkN5b3UlMkN0byUyQ3VwbG9hZCUyQ3N0b3JlJTJDYWNjZXNzJTJDYW5kJTJDZG93bmxvYWQlMkN0ZXh0JTJDc29mdHdhcmUlMkMlMkNzY3JpcHRzJTJDaW1hZ2VzJTJDc291bmRzJTJDdmlkZW9zJTJDYW5pbWF0aW9ucyUyQ2FuZCUyQ2FueSUyQ290aGVyJTJDbWF0ZXJpYWxzJTJDaW4lMkNmb3JtJTJDb2YlMkNvbmUlMkNvciUyQ3NldmVyYWwlMkNlbGVjdHJvbmljJTJDZmlsZXMuIn0= HTTP/1.1
Host: 44831497b7.7b4d5bc078.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:28 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fjs%2Fscript.js&l=385&fd=259
173.233.137.52200 OK 0 B URL GET HTTP/1.1 varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fjs%2Fscript.js&l=385&fd=259
IP 173.233.137.52:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fjs%2Fscript.js&l=385&fd=259 HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242200 OK 0 B URL POST HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Tue, 23 May 2023 18:18:28 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://dfiles.eu
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
varycares.com/pixel/sbs?c=1
173.233.137.52200 OK 0 B URL GET HTTP/1.1 varycares.com/pixel/sbs?c=1
IP 173.233.137.52:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
unseenreport.com/pxf.gif?uuid=4f295984-fea6-49fe-a2aa-ccedfecc3a81&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18
192.243.59.20200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=4f295984-fea6-49fe-a2aa-ccedfecc3a81&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18
IP 192.243.59.20:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=4f295984-fea6-49fe-a2aa-ccedfecc3a81&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:28 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 45c99c7f488c20164b7cb4debd531e14
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=4f295984-fea6-49fe-a2aa-ccedfecc3a81&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18
192.243.59.20200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=4f295984-fea6-49fe-a2aa-ccedfecc3a81&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18
IP 192.243.59.20:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=4f295984-fea6-49fe-a2aa-ccedfecc3a81&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:28 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b29a7d7ac0b5459684adf23f555df49a
Strict-Transport-Security: max-age=0; includeSubdomains
fp.metricswpsh.com/fp?tag_id=46445
157.90.84.242200 OK 27 B URL POST HTTP/1.1 fp.metricswpsh.com/fp?tag_id=46445
IP 157.90.84.242:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
File type JSON data\012- , ASCII text
Hash c4bea7951aaa542768f63f72d171ff83
7f57b3ce5d3a9bb0a15c32b34745b0214710e185
d4fbb24457a99cbf28127e8a416979ca0f2ab97c64a59b8d38760c40d4934756
POST /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 23167
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 23 May 2023 18:18:28 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 27
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dfiles.eu
Set-Cookie: id=15617427274624043866; Expires=Wed, 22 May 2024 18:18:28 GMT; Secure; SameSite=None
Vary: Origin
images.outbrainimg.com/transform/v3/eyJpdSI6ImE3NTc2ZTZmNWNmNTdmMTc2YjY0YjgyZDkyNjM1MWZkYTBhZmI2NTdjYTU0MDk1YzRmNDE4OTIxYzMxYmIzMTIiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
2.18.173.172200 OK 10 kB URL GET HTTP/2 images.outbrainimg.com/transform/v3/eyJpdSI6ImE3NTc2ZTZmNWNmNTdmMTc2YjY0YjgyZDkyNjM1MWZkYTBhZmI2NTdjYTU0MDk1YzRmNDE4OTIxYzMxYmIzMTIiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
IP 2.18.173.172:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerDigiCert Inc
Subject*.outbrainimg.com
Fingerprint4F:05:15:71:93:78:ED:64:53:30:81:ED:DA:9C:FE:4F:7B:F9:41:BE
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sat, 02 Mar 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 270x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a81433fbbaa1ea17d9ed1063e3e4ac1d
6405999c414ffafbe77dfc490d980845cd7bbf03
02a1aa368ab6e619e0a66bec9967daee294a7837bb07bc1f4c5a4f9645aa55d7
GET /transform/v3/eyJpdSI6ImE3NTc2ZTZmNWNmNTdmMTc2YjY0YjgyZDkyNjM1MWZkYTBhZmI2NTdjYTU0MDk1YzRmNDE4OTIxYzMxYmIzMTIiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp HTTP/1.1
Host: images.outbrainimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/webp
content-length: 9966
last-modified: Sat, 29 Apr 2023 10:52:21 GMT
x-traceid: 602788ae2fddded72e8f7c5b29677825
cache-control: max-age=542394
date: Tue, 23 May 2023 18:18:30 GMT
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
timing-allow-origin: *, *
X-Firefox-Spdy: h2
api.purpleads.io/x/a/8ccf6e29495f812acbd889005f4a3a20:9ccd5292b2ab6806205f73221580ffbed1fd44774952f5661d2c475c59a6ea3febf0db30c059b18c0c7e693fbceda2c7cb53caa85d4fcdeac744a5f03f9d4129b0a6a3e85877934516e08c095fac15d6714d490d349534a6c3c76c866f40646e/i?id=624da50b-1abc-4c4f-907d-44b805446748
75.101.220.184204 No Content 0 B URL GET HTTP/2 api.purpleads.io/x/a/8ccf6e29495f812acbd889005f4a3a20:9ccd5292b2ab6806205f73221580ffbed1fd44774952f5661d2c475c59a6ea3febf0db30c059b18c0c7e693fbceda2c7cb53caa85d4fcdeac744a5f03f9d4129b0a6a3e85877934516e08c095fac15d6714d490d349534a6c3c76c866f40646e/i?id=624da50b-1abc-4c4f-907d-44b805446748
IP 75.101.220.184:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /x/a/8ccf6e29495f812acbd889005f4a3a20:9ccd5292b2ab6806205f73221580ffbed1fd44774952f5661d2c475c59a6ea3febf0db30c059b18c0c7e693fbceda2c7cb53caa85d4fcdeac744a5f03f9d4129b0a6a3e85877934516e08c095fac15d6714d490d349534a6c3c76c866f40646e/i?id=624da50b-1abc-4c4f-907d-44b805446748 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Tue, 23 May 2023 18:18:29 GMT
access-control-allow-origin: api.purpleads.io
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
X-Firefox-Spdy: h2
cdn.prplads.com/load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683
172.67.74.93200 OK 36 kB URL GET HTTP/2 cdn.prplads.com/load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683
IP 172.67.74.93:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerGoogle Trust Services LLC
Subjectprplads.com
Fingerprint44:46:5A:F0:A0:B0:25:70:06:3F:E4:EB:02:D5:A2:67:7A:E3:7D:0E
ValidityWed, 19 Apr 2023 12:34:16 GMT - Tue, 18 Jul 2023 12:34:15 GMT
File type Unicode text, UTF-8 text, with very long lines (44009), with no line terminators
Hash e7f2069322ec42bbceeeb82aa038ad97
ff19fb5f2a8acaaa6e5690ac8a4a18d4e3a96239
e925958da62482fd49a37dde6b3d8b2429ab1a7f7d531ab0c15e3fe112f464ef
GET /load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683 HTTP/1.1
Host: cdn.prplads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"103f53a915d53d541a023f9c8352e84c"
last-modified: Wed, 03 May 2023 17:14:59 GMT
x-amz-id-2: c0BBo0bTVFeShG8i+7lo2b2VE/UirvGjsaEwxq/wwMJ6ns1s3aKZvOG0lzRnXyQ2PtAWUDAre3c=
x-amz-request-id: VF6G331VR5CZSWHS
cache-control: max-age=86400
cf-cache-status: HIT
age: 5226
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SQ1hFzggY5CjkTW7D%2Bm3Eq%2Fn6ACO8XvIYwXWN%2FBPvA1%2Ftsf03ms91jeZpqYUni7so9bvjjtQajqFQKW1IGfQ4T%2FsUw%2FQbsE9DHY7lu5Xg1U207kBPg8Cv1B%2BTSguj4rDCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbf4d325c4d0b69-OSL
content-encoding: br
X-Firefox-Spdy: h2
log.outbrainimg.com/loggerServices/log-viewability?requestId=2517d9e62d3f19b499aeaf9403927f04&position=0
64.202.112.223200 OK 4 B URL GET HTTP/1.1 log.outbrainimg.com/loggerServices/log-viewability?requestId=2517d9e62d3f19b499aeaf9403927f04&position=0
IP 64.202.112.223:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerDigiCert Inc
Subject*.outbrainimg.com
Fingerprint20:D2:F0:B3:C3:92:99:66:27:4F:78:12:57:9F:4D:C0:BF:9A:8F:C4
ValidityTue, 14 Mar 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
GET /loggerServices/log-viewability?requestId=2517d9e62d3f19b499aeaf9403927f04&position=0 HTTP/1.1
Host: log.outbrainimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 May 2023 18:18:30 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 4
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST
X-TraceId: 343f3229e90b23869142795e56670980
log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=2517d9e62d3f19b499aeaf9403927f04&pvId=2517d9e62d3f19b499aeaf9403927f04&sid=10054537&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent
64.202.112.223200 OK 4 B URL GET HTTP/1.1 log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=2517d9e62d3f19b499aeaf9403927f04&pvId=2517d9e62d3f19b499aeaf9403927f04&sid=10054537&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent
IP 64.202.112.223:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerDigiCert Inc
Subject*.outbrainimg.com
Fingerprint20:D2:F0:B3:C3:92:99:66:27:4F:78:12:57:9F:4D:C0:BF:9A:8F:C4
ValidityTue, 14 Mar 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
GET /loggerServices/widgetGlobalEvent?rId=2517d9e62d3f19b499aeaf9403927f04&pvId=2517d9e62d3f19b499aeaf9403927f04&sid=10054537&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent HTTP/1.1
Host: log.outbrainimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 23 May 2023 18:18:30 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 4
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST
X-TraceId: 9507f63217093ae56ad5b5cc1595caa2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
45.133.44.53200 OK 67 kB URL GET HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP 45.133.44.53:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectjs.wpshsdk.com
Fingerprint78:77:A4:19:CC:0D:15:24:69:96:1B:44:C9:A0:4D:0B:B7:C0:F2:D8
ValidityMon, 27 Mar 2023 02:06:36 GMT - Sun, 25 Jun 2023 02:06:35 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 05 Apr 2023 13:10:08 GMT
etag: W/"642d7330-1054e"
content-encoding: gzip
expires: Tue, 23 May 2023 18:23:27 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
ntvpwpush.com/dl/cookies
94.130.198.6200 OK 620 B IP 94.130.198.6:443
ASN #24940 Hetzner Online GmbH
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (656), with no line terminators
Hash 0f28ac8b62710210d8c20200cb32caf2
e5cf4c2df4e48eff5fe877531dd3f12351c0c37d
2e6743f06e4cc09ff077b579b75511eaaf5ccf370f70fd2075d74725bf5b872c
GET /dl/cookies HTTP/1.1
Host: ntvpwpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 23 May 2023 18:18:28 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
api.purpleads.io/x/v2/f?pid=165b73539c4440ceaaac857a289c9d74&ts=1684865907527
75.101.220.184200 OK 1.4 kB URL GET HTTP/2 api.purpleads.io/x/v2/f?pid=165b73539c4440ceaaac857a289c9d74&ts=1684865907527
IP 75.101.220.184:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with very long lines (1451), with no line terminators
Hash 7e3a998f5a45cbef16c429ffd05ccba0
b9f56a0532323c65e3bcc46cc7c1833fb930bd72
9a155d1f409ba38503c8a6967a1fa33337961609ec42aef37cc1f4f1c188c5b6
GET /x/v2/f?pid=165b73539c4440ceaaac857a289c9d74&ts=1684865907527 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Content-Type: application/json
x-purpleads-version: 2.0.2
x-request-url: aHR0cHM6Ly9kZmlsZXMuZXUvZmlsZXMvNTIxYTY1cnlqL1BheURheTJfdi0xNDMxLmV4ZQ==
Authorization: Bearer 64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:28 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
set-cookie: pa-user-id=849e9ae7-53fc-4171-97b6-4be2f175138a; Domain=.purpleads.io; Path=/
pa-user-id: 849e9ae7-53fc-4171-97b6-4be2f175138a
etag: W/"573-OEf2tbIm6Vhsjd+fIyuZVQY3Imo"
vary: Accept-Encoding
content-encoding: br
X-Firefox-Spdy: h2
js.wpadmngr.com/static/adManager.m.js
45.133.44.53200 OK 158 kB URL GET HTTP/2 js.wpadmngr.com/static/adManager.m.js
IP 45.133.44.53:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectjs.wpadmngr.com
FingerprintA9:7C:F8:A4:B8:B3:E3:98:76:72:9E:0B:4A:FB:FB:39:D4:F4:54:3D
ValidityTue, 16 May 2023 02:02:19 GMT - Mon, 14 Aug 2023 02:02:18 GMT
Size 158 kB (158096 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/adManager.m.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:25 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 19 May 2023 08:16:51 GMT
etag: W/"64673073-26990"
content-encoding: gzip
expires: Tue, 23 May 2023 18:23:25 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato&display=swap
142.250.74.138200 OK 761 B URL GET HTTP/2 fonts.googleapis.com/css?family=Lato&display=swap
IP 142.250.74.138:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9B:D0:53:C4:55:9D:41:A4:94:03:4A:2B:6A:5B:57:EB:EB:A5:F0:4A
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT
File type ASCII text, with very long lines (779), with no line terminators
Hash a364604486274150bc70125ad37308ca
25ec492b058c53fa7df209da06563bee634eac05
1ced3fcf55032fd29188f7e360bc9429f0263d62e0bb4ae665161303f059c695
GET /css?family=Lato&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 23 May 2023 18:18:29 GMT
date: Tue, 23 May 2023 18:18:29 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.pubfuture-ad.com/v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L2ZpbGVzLzUyMWE2NXJ5ai9QYXlEYXkyX3YtMTQzMS5leGU=
104.26.0.97200 OK 466 B URL GET HTTP/2 cdn.pubfuture-ad.com/v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L2ZpbGVzLzUyMWE2NXJ5ai9QYXlEYXkyX3YtMTQzMS5leGU=
IP 104.26.0.97:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT
File type HTML document text\012- troff or preprocessor input, ASCII text, with very long lines (506), with no line terminators
Hash 46d6a279ed0c6af60678f0a09c202f89
4e0160faaa294fc142665fe766c6e7dd456e410e
fcffad7fd6d1eb1fdcc362a4392ea8302c836108d3f004a97611b0fedb7bf83e
GET /v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L2ZpbGVzLzUyMWE2NXJ5ai9QYXlEYXkyX3YtMTQzMS5leGU= HTTP/1.1
Host: cdn.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: application/json; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"1d2-3F/O2YfTCSHzwaBOO6iIIw6CFEY"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LjrKiWR414tFil2jGQZMyZNYTjHPkLCX9P5Xq%2BUqJUhfbqykmmRXTVuc9tjnWr11zsOVa5l6cO7%2FX3V33UkCbhSPT%2FSVCQ85GuJ9DIhLUAi935ccOJy5qno0ZOheQK6e3qEo9yvY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cbf4d2fbb950b51-OSL
content-encoding: br
X-Firefox-Spdy: h2
api.purpleads.io/x/v2/f?pid=165b73539c4440ceaaac857a289c9d74&ts=1684865907527
75.101.220.184200 OK 0 B URL OPTIONS HTTP/2 api.purpleads.io/x/v2/f?pid=165b73539c4440ceaaac857a289c9d74&ts=1684865907527
IP 75.101.220.184:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /x/v2/f?pid=165b73539c4440ceaaac857a289c9d74&ts=1684865907527 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:28 GMT
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-max-age: 86400
X-Firefox-Spdy: h2
cdn.unblockia.com/h.js
108.157.214.50200 OK 166 kB IP 108.157.214.50:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 166 kB (166192 bytes)
Hash 3d75dc8f7c4000ccdac0fff2f09d78a8
9008e9830c5f3a690cbb6cc94ddb34b59fc12677
203af4ee7878df10c428ce6599c619695219f48681b832ef3f856abdd299b8e8
GET /h.js HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/x-javascript
last-modified: Mon, 22 May 2023 09:17:35 GMT
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-content-sha256: 3b11cd91ab382736a9ba8e63029f318e3177aa77903aa4fa093a80765fac8c07
x-amz-version-id: gKayxwShEzJAnBjNaPvAM9Fj3A2ZU3Kt
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:987257285531:build/unblockia-loader-codebuild-project:6a48fce0-eba0-40cc-8a72-49f5d7d1abde
x-amz-meta-codebuild-content-md5: 60511405d11f9acd0880a4539ae338cb
server: AmazonS3
content-encoding: br
date: Tue, 23 May 2023 09:19:59 GMT
etag: W/"3d75dc8f7c4000ccdac0fff2f09d78a8"
x-cache: Hit from cloudfront
via: 1.1 8ea75fde43c768e7e1d041f8b7a07bd6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: nGAksnIkpbWYS7LPPuNTmNxfn-IBjma4R4bJkvFLWWUk-Z9UQb5opw==
age: 32307
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
0.0.0.0 0 B URL GET addresseepaper.com/sfp.js
IP 0.0.0.0:0
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.35200 OK 24 kB URL GET HTTP/2 fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.35:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 May 2023 04:04:41 GMT
expires: Fri, 17 May 2024 04:04:41 GMT
cache-control: public, max-age=31536000
age: 483229
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.pubfuture-ad.com/v2/unit/pt.js
172.67.70.21200 OK 6.6 kB URL GET HTTP/2 cdn.pubfuture-ad.com/v2/unit/pt.js
IP 172.67.70.21:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (6778), with no line terminators
Hash 0111fa8d579e88268584595c79ad05d8
557bd8adf0625893e0ede25162f2cee913ae702c
0e2968fc4d954021c6a483bf6195122c7934c97b6bc495e2c46e4382b2ee0ae4
GET /v2/unit/pt.js HTTP/1.1
Host: cdn.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:25 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=172800
cf-bgj: minify
access-control-allow-origin: *
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
etag: W/"19d4-fKxMfwaT/pKWztkbnqHGCyR1YAs"
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cf-cache-status: HIT
age: 23276
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MVnRXRIgR8HpRuyK8tX6ynVpWfgmd2x7eB%2BtD4x2jz9F73VhscKIcqd3UGcxgjV1FL6BnUuDdJVBrR%2BLGFYUWM5LRBpdSFO9khPySLAiUgH%2FiAGAGy3AkIVp%2BdlRcMKk%2BZBdsVA7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cbf4d228941b4f9-OSL
content-encoding: br
X-Firefox-Spdy: h2
na.nawpush.com/tags/46445?version_name=d
45.133.44.25200 OK 578 B URL GET HTTP/2 na.nawpush.com/tags/46445?version_name=d
IP 45.133.44.25:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerLet's Encrypt
Subjectna.nawpush.com
Fingerprint06:8A:2E:29:09:91:41:F0:6E:1C:15:DE:41:23:FB:9C:E4:5B:47:B0
ValidityMon, 03 Apr 2023 01:01:43 GMT - Sun, 02 Jul 2023 01:01:42 GMT
File type troff or preprocessor input, ASCII text, with very long lines (655), with no line terminators
Hash 23c5177c1ebb159deb143f673f6a812d
ad975e58fea8c358e66fd0900eb76f2a45aaf1f6
92f9ff1eba505ee14f479695a9ee48be4e4f04e096cb42d6c6918a5ffb0f17b2
GET /tags/46445?version_name=d HTTP/1.1
Host: na.nawpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:26 GMT
content-type: application/json
content-length: 578
server: nginx/1.18.0
cache-control: max-age=300, public
x-proxy-cache: EXPIRED
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/animate.css
172.64.196.23200 OK 79 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/animate.css
IP 172.64.196.23:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
Hash e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a
GET /sb/notifications/software/us/norton/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:45:00 GMT
etag: W/"602d01bc-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 104068
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B7z3x%2FQRtjPpWYh5tFBk5p0Gt3K6u%2BYWrFbudj3Tuzw%2B9fd7EQKBl%2BPZLOdlG%2FyBaRQwVyz6H5yyJ2GgCJ4J0Bf5rm1n4obojPmrcR2hOHJg3GnB1ZbYsS2rDpKno5rn%2BUXQezd4lkIJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbf4d31ec354133-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/style.css
172.64.196.23200 OK 2.3 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/style.css
IP 172.64.196.23:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type ASCII text, with very long lines (2472), with no line terminators
Hash 50a727839c0d5c323ac1e5a8b32e5838
ab2dbb07e2f14e3010b7bcb8cf276a17bc681bcd
cb2dc4b9bfac73114f274ed68a9d7fe3efe6db932ea3958a29f255337f050489
GET /sb/notifications/software/us/norton/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:44:59 GMT
etag: W/"602d01bb-907"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 104068
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x1%2FvAvhZybakManSqZRmBQvS3sIjZh3qwBmIGeUgtJTmj%2FHWM6pgFoeq0O%2F5zM56AO0k5mAXHowOBm9GNZttQJWmH9DrT6fUFolWf5QON5xP34a4GA2g1AoHSejatUGRmSutyNcYi17w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbf4d324cb74133-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/bg.jpg
172.64.196.23200 OK 58 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/bg.jpg
IP 172.64.196.23:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=250, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=970], progressive, precision 8, 970x250, components 3\012- data
Hash 93db86920aaf5aa1cb2f1b727b06dfe8
bce81c9da296929263f7ec1e606616a97ab42b9d
d67bdc40107fb5f7db687092375adbce71dcf6faec40d1c5c9c50c3c9e6d5ca7
GET /sb/notifications/software/us/norton/1/img/bg.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: image/jpeg
content-length: 58368
last-modified: Wed, 17 Feb 2021 11:45:02 GMT
etag: "602d01be-e400"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 16344721
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xOm3Kj%2BRMqhiMQcdgPs7aRnLCOiDuOM4v7EyXagHIPZKnGVW8UpSXWuiwzdIghQiu%2F%2BMxbqsVGDnPEkqS%2F6AgwlyOoK3gCj1%2FKizQlhQ1z%2Fdx3u614O1w5wKw5O5f8%2B3ltpVgtXXn0LW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbf4d336b387315-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
friendshipmale.com/sfp.js
172.64.140.24200 OK 86 kB URL GET HTTP/2 friendshipmale.com/sfp.js
IP 172.64.140.24:443
Requested by https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:26 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 0c1ddb9b39ac2dcb43ebce458f28a0a9
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 23 May 2023 18:18:25 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t2zabbS5yB6nZHlCZEnai1NWzQKhqm473MWiHUy2kalR3y2VaL70tFvHHt8MeHlB9lF536046T5flrL7xDqpKJXzmSadC9VvwMXVdaGYI9Jm8MFcy3pJulAhrP55lLnzxQMKopE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbf4d281bf6240e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2