Report - dfiles.eu/files/521a65ryj/PayDay2

Report Overview

Submitted URL
dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
IP
91.226.124.78
ASN
#35415 Webzilla B.V.
Submitted
2023-05-23 18:18:45
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
adsbb.dfiles.eu	unknown	unknown	2017-03-18	2023-05-22	5.0 kB	174 kB	91.226.124.80
js.wpadmngr.com	25762	2021-06-02	2021-06-02	2023-05-23	814 B	160 kB	45.133.44.53
cdn.unblockia.com	20316	2019-10-17	2019-12-02	2023-05-23	1.3 kB	259 kB	108.157.214.50
api.purpleads.io	146037	2020-01-29	2020-02-18	2023-05-23	2.1 kB	2.4 kB	75.101.220.184
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-05-23	512 B	24 kB	142.250.74.35
friendshipmale.com	unknown	2022-10-21	2022-10-21	2023-05-23	397 B	86 kB	172.64.140.24
js.wpshsdk.com	12130	2021-06-04	2021-06-04	2023-05-23	814 B	68 kB	45.133.44.53
varycares.com	unknown	2023-05-01	2023-05-01	2023-05-23	7.3 kB	37 kB	192.243.61.225
unseenreport.com	unknown	2022-03-30	2022-03-30	2023-05-23	1.5 kB	846 B	192.243.59.20
ntvpwpush.com	unknown	2020-12-15	2020-12-15	2023-05-23	509 B	972 B	94.130.198.6
static.depositfiles.com	unknown	2005-11-05	2012-05-24	2023-05-22	7.9 kB	708 kB	91.226.124.79
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2023-05-23	463 B	1.2 kB	45.133.44.3
t.unblockia.com	unknown	2019-10-17	2023-01-30	2023-05-23	413 B	408 B	54.230.111.90
notification.tubecup.net	8210	2008-09-26	2019-08-30	2023-05-23	469 B	309 B	78.47.199.210
cdn.pubfuture-ad.com	unknown	2022-09-30	2022-11-16	2023-05-23	965 B	9.6 kB	104.26.0.97
addresseepaper.com	18169	2021-11-01	2021-11-01	2023-05-23	397 B	0 B	0.0.0.0
cdn.prplads.com	unknown	2023-02-19	2023-02-20	2023-05-23	567 B	36 kB	172.67.74.93
pl16105218.highrevenuegate.com	unknown	2023-03-02	2023-03-03	2023-05-22	445 B	14 kB	192.243.59.13
ip2geo.pubfuture-ad.com	unknown	2022-09-30	2023-03-27	2023-05-23	423 B	1.2 kB	104.26.0.97
eyebrowsneardual.com	unknown	2023-04-28	2023-04-28	2023-05-23	484 B	467 B	173.233.137.52
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2023-05-23	2.3 kB	204 kB	172.64.196.23
na.nawpush.com	38563	2020-12-21	2020-12-23	2023-05-23	435 B	819 B	45.133.44.25
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-05-23	418 B	86 kB	142.250.74.168
simplewebanalysis.com	unknown	2022-02-15	2022-02-25	2023-05-23	1.4 kB	1.0 kB	18.192.155.180
loader.unblockia.com	unknown	2019-10-17	2023-01-30	2023-05-23	437 B	47 kB	108.157.214.40
images.outbrainimg.com	2085	2018-04-09	2018-05-15	2023-05-22	579 B	10 kB	2.18.173.172
log.outbrainimg.com	2177	2018-04-09	2018-09-04	2023-05-22	1.1 kB	646 B	64.202.112.223
dfiles.eu	434493	unknown	2012-12-23	2023-05-22	500 B	7.0 kB	91.226.124.80
www.google.com	7	1997-09-15	2015-05-10	2023-05-21	401 B	1.1 kB	216.58.211.4
www.gstatic.com	unknown	2008-02-11	2016-07-26	2023-05-23	470 B	168 kB	142.250.74.35
44831497b7.7b4d5bc078.com	unknown	2023-04-23	2023-05-23	2023-05-23	1.3 kB	320 B	45.133.44.53
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22	2023-05-23	1.0 kB	774 B	157.90.84.242
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-05-23	435 B	1.4 kB	142.250.74.138

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-05-23	medium	pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-05-23	medium	varycares.com
2023-05-23	medium	varycares.com
2023-05-23	medium	eyebrowsneardual.com
2023-05-23	medium	varycares.com
2023-05-23	medium	varycares.com
2023-05-23	medium	varycares.com
2023-05-23	medium	varycares.com
2023-05-23	medium	varycares.com
2023-05-23	medium	varycares.com
2023-05-23	medium	varycares.com
2023-05-23	medium	unseenreport.com
2023-05-23	medium	unseenreport.com
2023-05-23	medium	addresseepaper.com

ThreatFox

No alerts detected

JavaScript (39)

	URL	Size	First Seen	Last Seen
	js.wpshsdk.com/npc/sdk/push.m.js?v=1	67 kB	2023-04-05	2023-05-24
Pretty URL js.wpshsdk.com/npc/sdk/push.m.js?v=1 IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 16:56:19 Last Seen2023-05-24 12:50:30 Times Seen3968 Hash feb36403b62b67278b7e2678eadade8a d9fb0f995c7a6d93af6cc01794d60a3e4ea10220 2802e4618ec30ec53ea5296b1b832279514ea2325caae829c549aed796ce53ff Loading...

	dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe	154 B	2023-03-13	2024-04-24
Pretty URL dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 20:01:53 Last Seen2024-04-24 13:33:09 Times Seen594 Hash a5d30d6e8f7d127b22036f0cba694312 48b3fda0a81aeee349d1d58c1064e6028ad01500 3535afb4b7453318c16fd30caa8ed102f9e880596bd4391c7aff5be03295cdf0 Loading...

	www.googletagmanager.com/gtag/js?id=G-BL9163LYG1	251 kB	2023-05-23	2023-05-23
Pretty URL www.googletagmanager.com/gtag/js?id=G-BL9163LYG1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-23 20:18:48 Last Seen2023-05-23 20:18:48 Times Seen2 Hash cb7f572ff78c03894c5d633ab4b04e10 47803d8b0eee6329d11acf978d2f059431aa539a 5130add1538afd2a04b367af117c62240b5d3558367cf899f894dcc42d964631 Loading...

	pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js	37 kB	2023-05-12	2023-05-23
Pretty URL pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-12 18:25:48 Last Seen2023-05-23 20:18:48 Times Seen4 Hash b457c223a924a19fd2e5513094302b8e dfb3faa7d775d655538705edab6f07ca697d4b02 4336c3733cc3662f87ae1d70f99ad101d486dd1a0c4923c7c36648ae65ce8389 Loading...

	cdn.prplads.com/load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683	44 kB	2023-05-04	2023-07-06
Pretty URL cdn.prplads.com/load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683 IP 172.67.74.93 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-04 19:00:26 Last Seen2023-07-06 12:03:28 Times Seen91 Hash e7f2069322ec42bbceeeb82aa038ad97 ff19fb5f2a8acaaa6e5690ac8a4a18d4e3a96239 e925958da62482fd49a37dde6b3d8b2429ab1a7f7d531ab0c15e3fe112f464ef Loading...

	varycares.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js	86 kB	2023-05-12	2023-05-23
Pretty URL varycares.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-12 09:12:00 Last Seen2023-05-23 20:18:48 Times Seen4 Hash 23ac2034d20c9d7673861862e99254ed 4c9c82ee93ed395064b52383dbb9317154558950 6bd422d89eb0fb751ff7599284d3c565e700637ae2d7a4f5a9579e762592879a Loading...

	unknown	600 B	2023-03-14	2024-01-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 11:05:07 Last Seen2024-01-08 08:13:29 Times Seen57 Hash 091f5fc193d59a67dc89e9044107aa33 dc4c1d8f90b31e906e153926d5249ab5b2567932 f689e10c7dbcd8b51f78ab4b82f3cf8ed0ecc30ed59f9029d4f44ace7e5b6bc1 Loading...

	unknown	133 B	2023-05-12	2024-04-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-12 09:11:43 Last Seen2024-04-16 22:06:44 Times Seen81 Hash 377d3b2e03fc6f8306740f08a9727c40 a793b245d9de493b5312872d6675482f2c8c64d7 799899af28a256c42da96652251db4b655b4f6c0db0d5752bfe7d1c605a20817 Loading...

	friendshipmale.com/sfp.js	86 kB	2023-04-05	2023-08-25
Pretty URL friendshipmale.com/sfp.js IP 172.64.140.24 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 07:35:42 Last Seen2023-08-25 11:30:02 Times Seen8520 Hash 8bf542db65f0ff20d510889d62e5e092 1b1b7cc04275b7641e2f07b0f4bf99b5387303bf 77a3bebee72af7beb49cd94b7f16852a532aac5f3db8f610160440fe75ca4711 Loading...

	dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe	148 B	2023-03-07	2024-04-24
Pretty URL dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:56 Last Seen2024-04-24 13:33:09 Times Seen594 Hash 39f8fffd2249f3bb9deb92a533243df9 ee75ba64aea887c758cd24407d003bc9494237f3 62cdfe74dd5ba57340776bc53ee95b20c286efbc7c467ece9594d27e24b48dcd Loading...

	static.depositfiles.com/js/download_utils.js	13 kB	2023-03-07	2024-04-24
Pretty URL static.depositfiles.com/js/download_utils.js IP 91.226.124.79 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-24 13:33:10 Times Seen749 Hash 90a706006bc709cdc974ff3e0e01b34f 89585d2c7cac44c9c03c118bbb38aefba1d8a1e4 16f1515b9938fc7de086c504fe214484d97e237647a5d7fa2cb742a93f00c1ea Loading...

	cdn.unblockia.com/h.js	166 kB	2023-05-22	2023-06-12
Pretty URL cdn.unblockia.com/h.js IP 108.157.214.50 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 12:38:11 Last Seen2023-06-12 08:45:06 Times Seen211 Hash 3d75dc8f7c4000ccdac0fff2f09d78a8 9008e9830c5f3a690cbb6cc94ddb34b59fc12677 203af4ee7878df10c428ce6599c619695219f48681b832ef3f856abdd299b8e8 Loading...

	dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe	781 B	2023-03-07	2024-04-24
Pretty URL dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-24 13:33:09 Times Seen581 Hash fc579ba1ff4c0c2e22ba979c418178d1 87d25254a57e673bc1a10500c9a7f887d8dfa6a9 455914aff0c5916e2978af037cddc01aca97fe3c14c6cd1b8f2c6dfc557931bc Loading...

	dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe	125 B	2023-05-12	2023-05-28
Pretty URL dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-12 04:04:52 Last Seen2023-05-28 18:34:04 Times Seen32 Hash 69f459f4a109591677c3a6f6a2bddaed 28bd2335b141b1a261aacfc369bf73512d9b58ce b8ba0b9fcbb384c36eaa76e8afa547a2b5f91516ba0e2b3b275de0570f7d1a91 Loading...

	dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe	475 B	2023-03-07	2024-04-24
Pretty URL dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-24 13:33:10 Times Seen594 Hash 7d5b8ae86ab79df757399336af6dc4e6 d80237486fe292a185a576578308234114e302ce bf66c6e0c4ea53d83f6c17058e513aee1ff1c1fd319fe8fca1970ccc2151fed7 Loading...

	dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe	139 B	2023-03-07	2024-04-24
Pretty URL dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:56 Last Seen2024-04-24 13:33:10 Times Seen592 Hash 096fbc4b579acc65367920b87875c1f0 53a8d0be557838d6912339a6f684ac434f9cedc0 4a590c7532c8fdd5e2f6fe223990b525091f9412faf8b2971bfdc1e69be03cd2 Loading...

	js.wpadmngr.com/static/adManager.js	1.2 kB	2023-03-08	2023-09-14
Pretty URL js.wpadmngr.com/static/adManager.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:37:08 Last Seen2023-09-14 04:40:07 Times Seen1254 Hash 51b1a71b0add99b35a138609b191ca0a 49f6306d517f897883dcadb89fb725a3cd5f017d 902269f1228994ac73ce1a3ed21d948beb250b5c3d945b459ac6a48a097968fe Loading...

	js.wpadmngr.com/static/adManager.m.js	158 kB	2023-05-17	2023-05-29
Pretty URL js.wpadmngr.com/static/adManager.m.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-17 12:38:28 Last Seen2023-05-29 08:19:12 Times Seen1499 Hash dab0e6f83f75fb629b93faf638b0768c b1d129ba6836895c5025831ee1a2f13fd7694c11 032e1167d424f8908b3a76a84fe3151136ab45852d52ab951f81f5e89547c19b Loading...

	js.wpshsdk.com/npc/sdk/wp-banners.js	0 B	2023-03-07	2024-04-25
Pretty URL js.wpshsdk.com/npc/sdk/wp-banners.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 15:05:44 Times Seen37064559 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	static.depositfiles.com/js/base2.js	399 kB	2023-03-07	2024-04-24
Pretty URL static.depositfiles.com/js/base2.js IP 91.226.124.79 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:54 Last Seen2024-04-24 13:33:10 Times Seen1091 Hash 2fcae8126c3fd9a626370a701f0bd887 f3496fb7bbe122a9774d7dcfcd68da03a24dc285 d29ab86f64b4fcfbc45b9ef806c147f1e42e37e37d44a559147232288063badc Loading...

	www.google.com/recaptcha/api.js	850 B	2023-05-19	2023-05-26
Pretty URL www.google.com/recaptcha/api.js IP 216.58.211.4 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-19 05:24:48 Last Seen2023-05-26 00:37:24 Times Seen2423 Hash b7b728964630ecd7e800d650f14695c5 473f7633fea7e2f828c3df9ab19356286f10a692 f4de494b6cfd42ce31b244cd84410cd4259d82773485f6c7b4ffd2a7ca2d6217 Loading...

	dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe	145 B	2023-03-07	2024-04-24
Pretty URL dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-24 13:33:10 Times Seen400 Hash 25e8fa0a01ccad8580ab6d3e32224215 1417328ad6c6ec271babbd02e416084732e5fe16 a3c5c8f919fba5ed782546322677dfaf74cad0e631d95787d6e003d127481dfc Loading...

	dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe	196 B	2023-03-07	2024-04-24
Pretty URL dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-24 13:33:10 Times Seen400 Hash 738f0ebda06d4e3be48f4576e83f5bdc e759a55fed96d6755fcfe6ca0e5462661623584c 89f8e0678a1c23c88167b818660ff3ee3177babd1941f25827c17884f0187f52 Loading...

	static.depositfiles.com/js/gold_offer.js	9.9 kB	2023-03-07	2024-04-24
Pretty URL static.depositfiles.com/js/gold_offer.js IP 91.226.124.79 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-24 13:33:10 Times Seen732 Hash 041bdbbe3ac15bc57b14933e164b55f8 790f921426d0b602424fb3077ca900af94b5ad9e a86d8d81e5c254822628c578c40d2d62956ab3060632d1884b5080093365b97b Loading...

	dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe	141 B	2023-03-07	2024-04-24
Pretty URL dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-24 13:33:10 Times Seen405 Hash bba9a3136929bdf22ef7c58444cd035d d8ab7384a7eae0f0cb07f544c4da92fd28a88606 76b819fa6287efa9f226f132c5779e0399810c17f08ce9fa15ddf7e8be521deb Loading...

	www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js	418 kB	2023-05-18	2023-06-28
Pretty URL www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-18 01:27:56 Last Seen2023-06-28 00:20:35 Times Seen22262 Hash 213e1a6e418f3df36f2ec077314ef525 7a553e545a48271f3afec47b3ed5f3518cfdd7b4 ad5008998005064af73229fb144d5f8e789641f8a846e2064ec18788a37e9e2d Loading...

	static.depositfiles.com/js/jquery.validate.js	38 kB	2023-04-05	2024-04-24
Pretty URL static.depositfiles.com/js/jquery.validate.js IP 91.226.124.79 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 16:56:19 Last Seen2024-04-24 13:33:10 Times Seen542 Hash f6d96c36018433b4c22c84fa072983df 3db792e82c157ffc093a3cea08e873343beb6452 df875197ee9dd42c13d717a36886997f9daa05e02641daa025c9039bb37b6126 Loading...

	static.depositfiles.com/js/function.js	35 kB	2023-03-07	2024-04-24
Pretty URL static.depositfiles.com/js/function.js IP 91.226.124.79 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-24 13:33:10 Times Seen1122 Hash a5779d2f560cd50376dbba372b0fd15b 07b08e35b9254288c1372e37577db8b9e4da01b4 51d26403861d61a7842bc73f518d4a4351a7027c40c9f0347f61421226950b84 Loading...

	dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe	686 B	2023-05-23	2023-05-23
Pretty URL dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-23 20:18:48 Last Seen2023-05-23 20:18:48 Times Seen1 Hash f059a80a1aff5730147fa0bafc35bc73 f7420102c97b51d570456992c41bc6c15450ecc9 9b579beeba6fd32a28dda3f0782ab37cdd75755b2461ad7bdc3e0013e1cfcf1e Loading...

	dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe	124 B	2023-03-07	2024-04-24
Pretty URL dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-24 13:33:10 Times Seen405 Hash ea56b045449a9a9b583e07a300254601 10f3457ead5193b389e2c5388688f1cfaedece73 292d2666bd7d7b11b87d541c20534f8d3c4ce40ec3bccc57c96d652ec30dcaf9 Loading...

	dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe	26 B	2023-03-07	2024-04-24
Pretty URL dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe IP 91.226.124.80 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-24 13:33:10 Times Seen594 Hash ed91f0c19cbcd50a62fe290680800145 b42572f05f14b93093f64b146245b32b3d0cbf9e c67d0cfcd4c4e9eb4c73c9ac4c4545d5628603946d522a5fca6f3106749df1e0 Loading...

	cdn.pubfuture-ad.com/v2/unit/pt.js	6.6 kB	2023-05-08	2023-07-18
Pretty URL cdn.pubfuture-ad.com/v2/unit/pt.js IP 172.67.70.21 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-08 18:57:55 Last Seen2023-07-18 10:00:36 Times Seen253 Hash 682292a8592cf915768cad01e4b3222d 7cac4c7f0693fe9296ced91b9ea1c60b2475600b 74075ecdd502ca9121a9d6a11e8824771cea3c7e158726e01a2964c750766e1d Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9375975267a225f68f12c028c3436098	111 B	2023-05-23	2023-05-23
Pretty Observations First Seen2023-05-23 20:18:48 Last Seen2023-05-23 20:18:48 Times Seen1 Hash 9375975267a225f68f12c028c3436098 0bab11c54681754e1333263a4c62e7dd52a77fce 294d39d976482b439fa0344e738c25aebfc96ba194692fea5e3194c7578f51d2 Loading...

	#2 Eval - b326b5062b2f0e69046810717534cb09	4 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:03:44 Last Seen2024-04-25 14:45:54 Times Seen23294 Hash b326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b Loading...

		Size	First Seen	Last Seen
	#1 Write - c463a0af0a77c004f8d1ae4e894f9a1c	92 B	2023-05-23	2023-05-23
Pretty Observations First Seen2023-05-23 20:18:48 Last Seen2023-05-23 20:18:48 Times Seen1 Hash c463a0af0a77c004f8d1ae4e894f9a1c a7574808b371baa86c9b041a91b566a68c162f99 2421ccbd9e37ff81855995144ae10d98caa0004d12efed553bf895d50d281747 Loading...

	#2 Write - 3bc42f03b3f1761ea9f95a335ab2bbba	77 B	2023-03-07	2024-04-24
Pretty Observations First Seen2023-03-07 01:26:57 Last Seen2024-04-24 13:33:10 Times Seen581 Hash 3bc42f03b3f1761ea9f95a335ab2bbba 4ab15b6c153a542425f02baadcc1ed4867078b8d 1f8c7edef8c37d8821755ee623f481f29d6584195b327d15ac5abe6d243d8ec0 Loading...

	#3 Write - 3e931d5c0ce8a94e81104c08d67872ba	164 B	2023-03-13	2024-04-24
Pretty Observations First Seen2023-03-13 12:53:25 Last Seen2024-04-24 13:33:10 Times Seen549 Hash 3e931d5c0ce8a94e81104c08d67872ba f13674fd6a6089aee16a19b1807f2f0fd2d9a0e2 18dea144f4b37879ae8916760ee75a30bb0e4d06fc7fa341029a70593a89d669 Loading...

	#4 Write - f846a6f7f9f77ee64de243dd2e11c9ae	164 B	2023-05-06	2024-04-24
Pretty Observations First Seen2023-05-06 12:18:48 Last Seen2024-04-24 13:33:10 Times Seen474 Hash f846a6f7f9f77ee64de243dd2e11c9ae 81b65f57f43372a490c1a82b0a40c3d18b40b0bf 63f0d3c423380243710222e2b275efa59ab2ed4eec8aab35781707f6459c407d Loading...

	#5 Write - 081a4852027f627711592ced8f4dc904	2.4 kB	2023-05-23	2023-05-23
Pretty Observations First Seen2023-05-23 20:18:48 Last Seen2023-05-23 20:18:48 Times Seen1 Hash 081a4852027f627711592ced8f4dc904 27e30605124f94b1fad5a251d0d92512644aa54e ee524902bfd56a080b61e18e72d749d9b21b6d9de9c14509edc4d35559f4bc0f Loading...

HTTP Transactions (80)

URL IP Response Size

dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe

91.226.124.80

200 OK

6.4 kB

URL User Request GET HTTP/1.1
dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (734), with CRLF, CR, LF line terminators
Size
6.4 kB (6402 bytes)
Hash
219533c88ed781176f700fe9c9dc7bff
49e4653b726846d73e014305216b51a1ab0593ae
5f760e4471595bae4d6f6acaeb2b3510f3655e4f3c1ec06e32d85ed671c9691e

HTTP Headers

GET /files/521a65ryj/PayDay2_v-1431.exe HTTP/1.1
Host: dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: uprand=3f60a911b69403479d7c46920311f871; path=/; domain=.dfiles.eu
last_file=521a65ryj; path=/; domain=.dfiles.eu
lang_current=en; expires=Wed, 22-May-2024 18:18:24 GMT; Max-Age=31536000; path=/; domain=.dfiles.eu; secure
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

www.googletagmanager.com/gtag/js?id=G-BL9163LYG1

142.250.74.168

200 OK

85 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-BL9163LYG1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint55:51:32:58:36:72:A1:C8:50:5E:5A:8D:CE:A5:2F:DC:D7:1E:62:03
ValidityMon, 24 Apr 2023 11:56:06 GMT - Mon, 17 Jul 2023 11:56:05 GMT

File type
ASCII text, with very long lines (4509)
Size
85 kB (85374 bytes)
Hash
cb7f572ff78c03894c5d633ab4b04e10
47803d8b0eee6329d11acf978d2f059431aa539a
5130add1538afd2a04b367af117c62240b5d3558367cf899f894dcc42d964631

HTTP Headers

GET /gtag/js?id=G-BL9163LYG1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 23 May 2023 18:18:24 GMT
expires: Tue, 23 May 2023 18:18:24 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85374
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js

216.58.211.4

200 OK

557 B

URL GET HTTP/2
www.google.com/recaptcha/api.js
IP
216.58.211.4:443
ASN
#15169 GOOGLE

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint85:AD:43:66:C0:73:07:1B:B5:5D:4A:83:4B:76:3F:DA:4B:2B:E1:F8
ValidityMon, 24 Apr 2023 12:01:16 GMT - Mon, 17 Jul 2023 12:01:15 GMT

File type
ASCII text, with very long lines (850), with no line terminators
Size
557 B (557 bytes)
Hash
b7b728964630ecd7e800d650f14695c5
473f7633fea7e2f828c3df9ab19356286f10a692
f4de494b6cfd42ce31b244cd84410cd4259d82773485f6c7b4ffd2a7ca2d6217

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Tue, 23 May 2023 18:18:25 GMT
date: Tue, 23 May 2023 18:18:25 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 557
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.depositfiles.com/js/download_utils.js

91.226.124.79

200 OK

13 kB

URL GET HTTP/1.1
static.depositfiles.com/js/download_utils.js
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
ASCII text, with very long lines (2250)
Size
13 kB (13383 bytes)
Hash
90a706006bc709cdc974ff3e0e01b34f
89585d2c7cac44c9c03c118bbb38aefba1d8a1e4
16f1515b9938fc7de086c504fe214484d97e237647a5d7fa2cb742a93f00c1ea

HTTP Headers

GET /js/download_utils.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: application/javascript
Content-Length: 13383
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-3447"
Expires: Tue, 23 May 2023 18:23:25 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes

static.depositfiles.com/js/gold_offer.js

91.226.124.79

200 OK

9.9 kB

URL GET HTTP/1.1
static.depositfiles.com/js/gold_offer.js
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
HTML document text\012- HTML document, ASCII text
Size
9.9 kB (9887 bytes)
Hash
041bdbbe3ac15bc57b14933e164b55f8
790f921426d0b602424fb3077ca900af94b5ad9e
a86d8d81e5c254822628c578c40d2d62956ab3060632d1884b5080093365b97b

HTTP Headers

GET /js/gold_offer.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: application/javascript
Content-Length: 9887
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-269f"
Expires: Tue, 23 May 2023 18:23:25 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes

static.depositfiles.com/js/jquery.validate.js

91.226.124.79

200 OK

38 kB

URL GET HTTP/1.1
static.depositfiles.com/js/jquery.validate.js
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
Unicode text, UTF-8 text, with very long lines (1238)
Size
38 kB (38269 bytes)
Hash
d5231b6378847ebdb55f64c77d5a234f
eed97aa0b2aa9486b6f6831ed8a85dc729ad6b9c
95434a8a2568a6481a1fbcf5808a75dd58e77348ed6d70b4f7aeda8842e8f0c7

HTTP Headers

GET /js/jquery.validate.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: application/javascript
Content-Length: 38269
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-957d"
Expires: Tue, 23 May 2023 18:23:25 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes

static.depositfiles.com/css/main.css

91.226.124.79

200 OK

47 kB

URL GET HTTP/1.1
static.depositfiles.com/css/main.css
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
ASCII text, with very long lines (332)
Size
47 kB (46819 bytes)
Hash
af57443dfa4bc2d3299321923ae1c57f
d922badb0ed1d665302cf93268e9960d0a04c065
50d446eade67c33dc4dba74f2f2b7480b5021de5a98bfedc1f10ce5c35d966f3

HTTP Headers

GET /css/main.css HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: text/css
Last-Modified: Thu, 28 Apr 2022 09:39:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"626a60be-2f719"
Expires: Tue, 23 May 2023 18:23:25 GMT
Cache-Control: max-age=300
Content-Encoding: gzip

static.depositfiles.com/js/function.js

91.226.124.79

200 OK

35 kB

URL GET HTTP/1.1
static.depositfiles.com/js/function.js
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
ASCII text, with very long lines (4240)
Size
35 kB (34915 bytes)
Hash
a5779d2f560cd50376dbba372b0fd15b
07b08e35b9254288c1372e37577db8b9e4da01b4
51d26403861d61a7842bc73f518d4a4351a7027c40c9f0347f61421226950b84

HTTP Headers

GET /js/function.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: application/javascript
Content-Length: 34915
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-8863"
Expires: Tue, 23 May 2023 18:23:25 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes

static.depositfiles.com/js/base2.js

91.226.124.79

200 OK

399 kB

URL GET HTTP/1.1
static.depositfiles.com/js/base2.js
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
Unicode text, UTF-8 text, with very long lines (65481)
Size
399 kB (398927 bytes)
Hash
2fcae8126c3fd9a626370a701f0bd887
f3496fb7bbe122a9774d7dcfcd68da03a24dc285
d29ab86f64b4fcfbc45b9ef806c147f1e42e37e37d44a559147232288063badc

HTTP Headers

GET /js/base2.js HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: application/javascript
Content-Length: 398927
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-6164f"
Expires: Tue, 23 May 2023 18:23:25 GMT
Cache-Control: max-age=300
Accept-Ranges: bytes

pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js

192.243.59.13

200 OK

13 kB

URL GET HTTP/1.1
pl16105218.highrevenuegate.com/22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjecthighrevenuegate.com
FingerprintE3:83:9C:63:64:A5:46:F7:CE:7B:E1:4D:12:0F:29:C3:22:23:C0:14
ValidityTue, 02 May 2023 09:41:55 GMT - Mon, 31 Jul 2023 09:41:54 GMT

File type
ASCII text, with very long lines (37143), with no line terminators
Size
13 kB (13435 bytes)
Hash
b457c223a924a19fd2e5513094302b8e
dfb3faa7d775d655538705edab6f07ca697d4b02
4336c3733cc3662f87ae1d70f99ad101d486dd1a0c4923c7c36648ae65ce8389

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /22/4a/d4/224ad4a14b4b15c1726ff705ec672ea6.js HTTP/1.1
Host: pl16105218.highrevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2cbab43a1c29cd19934f3001ae7ca49b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

static.depositfiles.com/images/no.png

91.226.124.79

200 OK

3.1 kB

URL GET HTTP/1.1
static.depositfiles.com/images/no.png
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
3.1 kB (3146 bytes)
Hash
1724ae7b4437c460dafe40dfe9f96d41
8dc80d5b802f180254a8ee1bf1edf0b843205f1e
9b95b8f24b2b0808d611f4fd9bf5f3c548b352ae6100ab7b298b99a86905db79

HTTP Headers

GET /images/no.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/png
Content-Length: 3146
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-c4a"
Accept-Ranges: bytes

static.depositfiles.com/images/speed_small.gif

91.226.124.79

200 OK

24 kB

URL GET HTTP/1.1
static.depositfiles.com/images/speed_small.gif
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
GIF image data, version 89a, 200 x 200\012- data
Size
24 kB (23980 bytes)
Hash
5cbc96bbb7230dd17ed38b5dd6e3271c
6ee1f0b9e29ac3e824cccd6e5135d51c8d3aaea1
01edcbb65e514def555b1e999d3a72f118f67e572f628293b91893b3758c6991

HTTP Headers

GET /images/speed_small.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/gif
Content-Length: 23980
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-5dac"
Expires: Sun, 28 May 2023 18:18:25 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

static.depositfiles.com/images/yes.png

91.226.124.79

200 OK

3.3 kB

URL GET HTTP/1.1
static.depositfiles.com/images/yes.png
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3275 bytes)
Hash
3055b8489aeb385fb40b27f0bf0a5ae7
4cfbe45a0ba393ab8ad535cc04af30debef0a1ab
b325d6cb153b02050e59230e2abfb01e05f4bda708ad54bd8f6d9693fa9c2dac

HTTP Headers

GET /images/yes.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/png
Content-Length: 3275
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-ccb"
Accept-Ranges: bytes

static.depositfiles.com/images/speed_small_gold.gif

91.226.124.79

200 OK

14 kB

URL GET HTTP/1.1
static.depositfiles.com/images/speed_small_gold.gif
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
GIF image data, version 89a, 200 x 200\012- data
Size
14 kB (14492 bytes)
Hash
c5f8f0e9ecd16637e267912376c24bed
324567a641d318ecfafe6374dfba86ccb2f90dd7
13678b229b6c4224bcb9578a2f29bc3686958f4bea73af7645eb39af4246e6a9

HTTP Headers

GET /images/speed_small_gold.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/gif
Content-Length: 14492
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-389c"
Expires: Sun, 28 May 2023 18:18:25 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

static.depositfiles.com/images/flags/lang24.png

91.226.124.79

200 OK

9.2 kB

URL GET HTTP/1.1
static.depositfiles.com/images/flags/lang24.png
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 24 x 552, 8-bit/color RGBA, non-interlaced\012- data
Size
9.2 kB (9172 bytes)
Hash
efdcd1ca23d564ddd811f41152a2b83c
0b5aa064e7f8f241363c55fa17eb448f42a5f8df
ce23be242e34c5b420f8ba0390aef20fa50ffc69f700091029616eff524e8f9b

HTTP Headers

GET /images/flags/lang24.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/png
Content-Length: 9172
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-23d4"
Accept-Ranges: bytes

static.depositfiles.com/images/upload_btn_bg.gif

91.226.124.79

200 OK

9.0 kB

URL GET HTTP/1.1
static.depositfiles.com/images/upload_btn_bg.gif
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
GIF image data, version 89a, 209 x 75\012- data
Size
9.0 kB (9010 bytes)
Hash
6f312f0f4ff138758bae76420f6efd78
b40a28f162140fedff9ee5ce0d687868b1f73d17
c667d75c7f916bf8b140b0e1f7ab0c996f76d4642faed85bd9fef3c738f0912b

HTTP Headers

GET /images/upload_btn_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/gif
Content-Length: 9010
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-2332"
Expires: Sun, 28 May 2023 18:18:25 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

static.depositfiles.com/images/logo.png

91.226.124.79

200 OK

3.6 kB

URL GET HTTP/1.1
static.depositfiles.com/images/logo.png
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 176 x 43, 8-bit/color RGBA, non-interlaced\012- data
Size
3.6 kB (3623 bytes)
Hash
c41fdd84b04e45a91cb17cfdeccb1b38
fec7fffe104c7e169aeb159032078c4b71ff2cdc
7f89eb8ab03684f4db282ca30eb231b1e254bca10c7b511950df5e0eab0a68a0

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/png
Content-Length: 3623
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-e27"
Accept-Ranges: bytes

static.depositfiles.com/images/member_menu_bg.gif

91.226.124.79

200 OK

78 B

URL GET HTTP/1.1
static.depositfiles.com/images/member_menu_bg.gif
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
GIF image data, version 89a, 1 x 48\012- data
Size
78 B (78 bytes)
Hash
20a24b56dcedf6a71a71ebec771e1f7d
d7bed493d5d4eeaed5dbbf7d30d45107840790a0
6f57f29224d8e9e51ed0839e329055426fba7dcd97ef31e93ed495f93a6063df

HTTP Headers

GET /images/member_menu_bg.gif HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/gif
Content-Length: 78
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-4e"
Expires: Sun, 28 May 2023 18:18:25 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

static.depositfiles.com/images/sprite.png

91.226.124.79

200 OK

37 kB

URL GET HTTP/1.1
static.depositfiles.com/images/sprite.png
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 102 x 630, 8-bit/color RGBA, non-interlaced\012- data
Size
37 kB (36802 bytes)
Hash
2333675d7e431d5313c6dbb5230a14cd
93c4032e5b8b85793a9cda7167804445d950dd96
b287134a60667ce8e2c3fa1603e3a8f2ffa59c64e746d026d1a13ef19f3f38a0

HTTP Headers

GET /images/sprite.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/png
Content-Length: 36802
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-8fc2"
Accept-Ranges: bytes

static.depositfiles.com/images/sprite64.png

91.226.124.79

200 OK

29 kB

URL GET HTTP/1.1
static.depositfiles.com/images/sprite64.png
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 64 x 1088, 8-bit/color RGBA, non-interlaced\012- data
Size
29 kB (28747 bytes)
Hash
e50649ecf6a2094c25da755ea0ea7bd1
e1c3e229a62f049442fa16cf43ec07f384b27362
a9ed59ab3bbcfdf66224664aeb14fa0f0e8f034d8472a58dadcf65cfff17685d

HTTP Headers

GET /images/sprite64.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:25 GMT
Content-Type: image/png
Content-Length: 28747
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-704b"
Accept-Ranges: bytes

simplewebanalysis.com/stats

18.192.155.180

200 OK

40 B

URL GET HTTP/2
simplewebanalysis.com/stats
IP
18.192.155.180:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
2d8e6e0564e1e59d98eaa290f7219a4b
312671f6cfc0ade361aef5bff21ef3f0fb581354
0e1136aaf47b8f7f23ba94831b725b23af6e82cbf5121419fd20de19d3975fcb

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:25 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=4f295984-fea6-49fe-a2aa-ccedfecc3a81:2:1; expires=Fri, 20 May 2033 18:18:25 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

static.depositfiles.com/images/sprite16.png

91.226.124.79

200 OK

28 kB

URL GET HTTP/1.1
static.depositfiles.com/images/sprite16.png
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
PNG image data, 32 x 1072, 8-bit/color RGBA, non-interlaced\012- data
Size
28 kB (28501 bytes)
Hash
2e86fe2d2c2650c5f4663f0fc135ebc1
ba86e14a9abcff0581eda84a307594ef1288b982
604187f8828381a47ae70249f55f21c78c53ab1401d20a5f2230a0d6c9ae50d1

HTTP Headers

GET /images/sprite16.png HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static.depositfiles.com/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: image/png
Content-Length: 28501
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-6f55"
Accept-Ranges: bytes

adsbb.dfiles.eu//ad.php?z=56&c=NO

91.226.124.80

303 See Other

0 B

URL GET HTTP/1.1
adsbb.dfiles.eu//ad.php?z=56&c=NO
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET //ad.php?z=56&c=NO HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=3f60a911b69403479d7c46920311f871; last_file=521a65ryj; lang_current=en; _ga_BL9163LYG1=GS1.1.1684865905.1.0.1684865905.0.0.0; _ga=GA1.1.1771423245.1684865905
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 303 See Other
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf56=1; expires=Wed, 24-May-2023 18:18:26 GMT; Max-Age=86400
Location: /upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway

91.226.124.80

303 See Other

0 B

URL GET HTTP/1.1
adsbb.dfiles.eu//ad.php?z=58&c=NO&g=gateway
IP
91.226.124.80:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET //ad.php?z=58&c=NO&g=gateway HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uprand=3f60a911b69403479d7c46920311f871; last_file=521a65ryj; lang_current=en; _ga_BL9163LYG1=GS1.1.1684865905.1.0.1684865905.0.0.0; _ga=GA1.1.1771423245.1684865905
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 303 See Other
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: _nf58=1; expires=Wed, 24-May-2023 18:18:26 GMT; Max-Age=86400
Location: /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

loader.unblockia.com/c/dfiles.eu/config.json

108.157.214.40

200 OK

47 kB

URL GET HTTP/2
loader.unblockia.com/c/dfiles.eu/config.json
IP
108.157.214.40:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (46747), with no line terminators
Size
47 kB (46747 bytes)
Hash
f365c1e4619a90bbadadacf55598fe90
1623c939b72aecd3831e1da35e4c0a5229383e91
23e2e4d868bb2652b97e9e13d36df1dfeeba338d4e9c4d1d737fba6b2b2b2d52

HTTP Headers

GET /c/dfiles.eu/config.json HTTP/1.1
Host: loader.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
content-length: 46747
last-modified: Fri, 12 May 2023 12:21:43 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 9pI8Ts97IpPXbRP2Kcl6CF4_Ph.rjMBr
accept-ranges: bytes
server: AmazonS3
date: Tue, 23 May 2023 01:40:41 GMT
etag: "f365c1e4619a90bbadadacf55598fe90"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ea75fde43c768e7e1d041f8b7a07bd6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: taHPAppVTVHAlNePXwu7u2cQHEXVocxltYPGKAd8p5W5pFn_tvao7Q==
age: 61532
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2

js.wpshsdk.com/npc/sdk/wp-banners.js

45.133.44.53

200 OK

0 B

URL GET HTTP/2
js.wpshsdk.com/npc/sdk/wp-banners.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectjs.wpshsdk.com
Fingerprint78:77:A4:19:CC:0D:15:24:69:96:1B:44:C9:A0:4D:0B:B7:C0:F2:D8
ValidityMon, 27 Mar 2023 02:06:36 GMT - Sun, 25 Jun 2023 02:06:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Tue, 23 May 2023 18:23:26 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

js.wpadmngr.com/static/adManager.js

45.133.44.53

200 OK

1.2 kB

URL GET HTTP/2
js.wpadmngr.com/static/adManager.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectjs.wpadmngr.com
FingerprintA9:7C:F8:A4:B8:B3:E3:98:76:72:9E:0B:4A:FB:FB:39:D4:F4:54:3D
ValidityTue, 16 May 2023 02:02:19 GMT - Mon, 14 Aug 2023 02:02:18 GMT

File type
gzip compressed data, from Unix\012- data
Size
1.2 kB (1191 bytes)
Hash
1a3f3ff421a17233ddaeaa3188b4f658
7fa58fd4f2db9fae34aa7d5659c9448a53f9decd
a41c00923d35a8fab0010e01409118aa4c61094fc925b4856f4da32419828cf6

HTTP Headers

GET /static/adManager.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:25 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 05 Dec 2022 13:37:26 GMT
etag: W/"638df416-4dd"
content-encoding: gzip
expires: Tue, 23 May 2023 18:23:25 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

91.226.124.76

200 OK

677 B

URL GET HTTP/1.1
adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP
91.226.124.76:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
677 B (677 bytes)
Hash
f7814638a4453f3f2c13545bf6845c7a
e786aead9ed89096cf115d847dba1048a70b8efa
93a3a6566b084b7fbe86a96ac06b949fcf2a01f68c7da51f21141c724937c8ae

HTTP Headers

GET /upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=3f60a911b69403479d7c46920311f871; last_file=521a65ryj; lang_current=en; _ga_BL9163LYG1=GS1.1.1684865905.1.0.1684865905.0.0.0; _ga=GA1.1.1771423245.1684865905; _nf56=1; _nf58=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Tue, 23 May 2023 18:15:01 GMT
Content-Encoding: gzip

adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752

91.226.124.76

200 OK

678 B

URL GET HTTP/1.1
adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
IP
91.226.124.76:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
678 B (678 bytes)
Hash
9b785ec39dcd55fe17d0758f36c64781
74cef24fe8406aed1f419f820f35e81adaecf6b5
bcf7431ee9307f4b44d719dde71b250eeb40181aacc87a1ca4825e2bccce46b8

HTTP Headers

GET /upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
DNT: 1
Connection: keep-alive
Cookie: uprand=3f60a911b69403479d7c46920311f871; last_file=521a65ryj; lang_current=en; _ga_BL9163LYG1=GS1.1.1684865905.1.0.1684865905.0.0.0; _ga=GA1.1.1771423245.1684865905; _nf56=1; _nf58=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Tue, 23 May 2023 18:15:01 GMT
Content-Encoding: gzip

varycares.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js

192.243.61.225

200 OK

29 kB

URL GET HTTP/1.1
varycares.com/c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
29 kB (28765 bytes)
Hash
23ac2034d20c9d7673861862e99254ed
4c9c82ee93ed395064b52383dbb9317154558950
6bd422d89eb0fb751ff7599284d3c565e700637ae2d7a4f5a9579e762592879a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /c2/2d/c5/c22dc50dc2bbe4422c7f68d26ab95eb9.js HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 641cdbffc2c6e9cf986f8c10374ad6af
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

simplewebanalysis.com/stats

18.192.155.180

200 OK

40 B

URL GET HTTP/2
simplewebanalysis.com/stats
IP
18.192.155.180:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
2d8e6e0564e1e59d98eaa290f7219a4b
312671f6cfc0ade361aef5bff21ef3f0fb581354
0e1136aaf47b8f7f23ba94831b725b23af6e82cbf5121419fd20de19d3975fcb

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=4f295984-fea6-49fe-a2aa-ccedfecc3a81:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

ip2geo.pubfuture-ad.com/detail

104.26.0.97

200 OK

33 B

URL GET HTTP/2
ip2geo.pubfuture-ad.com/detail
IP
104.26.0.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
33 B (33 bytes)
Hash
007af5ffed017e37943df31888ef8666
2877ed4c460ba9164b3625e32502a9d83a2a1d4a
bfb9d45766b6f87ee2c5f55862cdffe168aa7df0ff6ed0917b0fbcb035fdcdd2

HTTP Headers

GET /detail HTTP/1.1
Host: ip2geo.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:26 GMT
content-type: application/json; charset=utf-8
content-length: 33
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"21-KHftTEYLqRZLNiXjJQKp2DoqHUo"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XhcsLLlz17I11aAXw1CwlD3tsSBRNF3DRm0H%2BC%2FxzRu%2BQfqVw2GzwcREbjVdH4ChHI2KFZkvWkssMhTjFpWHT1l8V0Q7rd2BYEKeVOngNOfsthQMUrfUEFWZWdm64XkifsfH8bq2Pkge"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cbf4d294cac0b51-OSL
X-Firefox-Spdy: h2

adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js

91.226.124.76

85 kB

URL
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP
91.226.124.76:0
ASN
#35415 Webzilla B.V.

Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
Unicode text, UTF-8 text, with very long lines (65168)
Size
85 kB (85260 bytes)
Hash
b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b

HTTP Headers

GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=3f60a911b69403479d7c46920311f871; last_file=521a65ryj; lang_current=en; _ga_BL9163LYG1=GS1.1.1684865905.1.0.1684865905.0.0.0; _ga=GA1.1.1771423245.1684865905; _nf56=1; _nf58=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes

adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js

91.226.124.76

85 kB

URL
adsbb.dfiles.eu/static/js/jquery-1.5.1.min.js
IP
91.226.124.76:0
ASN
#35415 Webzilla B.V.

Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
Unicode text, UTF-8 text, with very long lines (65168)
Size
85 kB (85260 bytes)
Hash
b04a3bccd23ddeb7982143707a63ccf9
4a5dc1389aad050a44ee5e81408238a317ab3413
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b

HTTP Headers

GET /static/js/jquery-1.5.1.min.js HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2203/ad27602963634849.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=3f60a911b69403479d7c46920311f871; last_file=521a65ryj; lang_current=en; _ga_BL9163LYG1=GS1.1.1684865905.1.0.1684865905.0.0.0; _ga=GA1.1.1771423245.1684865905; _nf56=1; _nf58=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: application/javascript
Content-Length: 85260
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes

varycares.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6

192.243.61.225

200 OK

3.0 kB

URL GET HTTP/1.1
varycares.com/sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT

File type
JSON data\012- , ASCII text, with very long lines (5431), with no line terminators
Size
3.0 kB (3004 bytes)
Hash
49350e4db1369df2795eae2f97c87f46
a3c82f7fef3974b66f03b396ceaf8746a6e9a6af
5cc7226257ce575120323ac5c74fa5015f949596e8af96d26035faa8aece7b37

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sbar.json?key=224ad4a14b4b15c1726ff705ec672ea6 HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dfiles.eu
Access-Control-Allow-Origin: https://dfiles.eu
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16004719; expires=Wed, 24 May 2023 18:18:26 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 24 May 2023 18:18:26 GMT; secure; SameSite=None
uncs=1; expires=Wed, 24 May 2023 18:18:26 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 24 May 2023 18:18:26 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 24 May 2023 18:18:26 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 56c1a0b22b0756f6dee6a39b638b7054
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

static.depositfiles.com/images/favicon.ico

91.226.124.79

200 OK

318 B

URL GET HTTP/1.1
static.depositfiles.com/images/favicon.ico
IP
91.226.124.79:443
ASN
#35415 Webzilla B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectdepositfiles.com
Fingerprint90:44:8D:18:D5:0B:6D:4B:AA:47:FB:C3:D9:B4:43:28:E2:A9:58:14
ValidityMon, 27 Feb 2023 10:18:03 GMT - Sun, 28 May 2023 10:18:02 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Size
318 B (318 bytes)
Hash
0f0b975ee529197ec75780ebc2de5907
59688c6aafca5606e388ba9a44fc9dc25fc32cd3
28a0b52229f05b66354ca38b6b813d2281af3efb7e8b0a424ef8b4c68b9e583c

HTTP Headers

GET /images/favicon.ico HTTP/1.1
Host: static.depositfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Type: image/x-icon
Content-Length: 318
Last-Modified: Thu, 28 Apr 2022 09:39:11 GMT
Connection: keep-alive
ETag: "626a60bf-13e"
Accept-Ranges: bytes

www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js

142.250.74.35

200 OK

167 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
ASCII text, with very long lines (554)
Size
167 kB (166637 bytes)
Hash
213e1a6e418f3df36f2ec077314ef525
7a553e545a48271f3afec47b3ed5f3518cfdd7b4
ad5008998005064af73229fb144d5f8e789641f8a846e2064ec18788a37e9e2d

HTTP Headers

GET /recaptcha/releases/FFtxPnbuZxq6kkeHkQJR2MNQ/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166637
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 20 May 2023 19:09:56 GMT
expires: Sun, 19 May 2024 19:09:56 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 May 2023 04:00:52 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 256110
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

eyebrowsneardual.com/pixel/purst?dl=0&th=0&sc=0&rs=2356&rd=2356&fd=681&bv=22.10.v.10&tmpl=136

173.233.137.52

200 OK

0 B

URL GET HTTP/1.1
eyebrowsneardual.com/pixel/purst?dl=0&th=0&sc=0&rs=2356&rd=2356&fd=681&bv=22.10.v.10&tmpl=136
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjecteyebrowsneardual.com
Fingerprint2C:8B:17:85:35:44:9E:22:29:58:89:0A:71:07:83:E7:9C:70:F3:3B
ValidityFri, 28 Apr 2023 01:15:11 GMT - Thu, 27 Jul 2023 01:15:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2356&rd=2356&fd=681&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: eyebrowsneardual.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:26 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=646d02a57bd3523046261092724396

91.226.124.76

43 B

URL
adsbb.dfiles.eu/view.gif?c=2973&z=58&b=2775&u=646d02a57bd3523046261092724396
IP
91.226.124.76:0
ASN
#35415 Webzilla B.V.

Certificate
IssuerLet's Encrypt
Subject*.dfiles.eu
Fingerprint28:FA:BD:73:11:76:EB:79:D3:29:D3:CA:60:19:79:47:4B:43:6B:1C
ValiditySun, 09 Apr 2023 08:43:46 GMT - Sat, 08 Jul 2023 08:43:45 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

HTTP Headers

GET /view.gif?c=2973&z=58&b=2775&u=646d02a57bd3523046261092724396 HTTP/1.1
Host: adsbb.dfiles.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adsbb.dfiles.eu/upload/2303/ad2775297311915a.htm?canp=adv_73b411c406ca38ecadcf742fe6ade752
Cookie: uprand=3f60a911b69403479d7c46920311f871; last_file=521a65ryj; lang_current=en; _ga_BL9163LYG1=GS1.1.1684865905.1.0.1684865905.0.0.0; _ga=GA1.1.1771423245.1684865905; _nf56=1; _nf58=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 23 May 2023 18:18:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, private, no-cache, no-store, must-revalidate
Pragma: no-cache
Accept-Ranges: bytes

simplewebanalysis.com/stats

18.192.155.180

200 OK

40 B

URL GET HTTP/2
simplewebanalysis.com/stats
IP
18.192.155.180:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
2d8e6e0564e1e59d98eaa290f7219a4b
312671f6cfc0ade361aef5bff21ef3f0fb581354
0e1136aaf47b8f7f23ba94831b725b23af6e82cbf5121419fd20de19d3975fcb

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: uid_id2=4f295984-fea6-49fe-a2aa-ccedfecc3a81:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfiles.eu
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true

108.157.214.50

200 OK

37 kB

URL GET HTTP/2
cdn.unblockia.com/autopromos/unicef2.jpg?unblockia=true
IP
108.157.214.50:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 728x90, components 3\012- data
Size
37 kB (36773 bytes)
Hash
58fbb6ffe72ac0c1aa468de39ee18e13
d25230f1ef89aecc6048b0ceb09dd0af609ee7b6
e8ff7f3a8926e5b5497d2ab7a1bf47c5655e287a51045f11846f426ac6c7d180

HTTP Headers

GET /autopromos/unicef2.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 36773
last-modified: Tue, 12 Apr 2022 08:41:28 GMT
x-amz-version-id: xUurxjfnscsyJn430NFsrgfbabIFowSl
accept-ranges: bytes
server: AmazonS3
date: Tue, 23 May 2023 17:01:06 GMT
etag: "58fbb6ffe72ac0c1aa468de39ee18e13"
x-cache: Hit from cloudfront
via: 1.1 8ea75fde43c768e7e1d041f8b7a07bd6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: k5G8ZyBjK1JHQfVKZjBSEskMZdzCDrriq_M3nInNdrGG46sCuNWB1A==
age: 4651
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true

108.157.214.50

200 OK

54 kB

URL GET HTTP/2
cdn.unblockia.com/autopromos/unicef3.jpg?unblockia=true
IP
108.157.214.50:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 160x600, components 3\012- data
Size
54 kB (54292 bytes)
Hash
5dcf47442fc7fbb8d0263bbf4869537e
2c8232ac93448bbc06b5464f1839a5cdb2ed3e07
81804a1b2b20350ec009ba6429a4f58124c16ca30683af0af255544cd98c8fa6

HTTP Headers

GET /autopromos/unicef3.jpg?unblockia=true HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 54292
last-modified: Tue, 12 Apr 2022 08:41:27 GMT
x-amz-version-id: iA22.ytP0i4dmuIhnc0eyNVgJlt2K4fl
accept-ranges: bytes
server: AmazonS3
date: Tue, 23 May 2023 04:08:48 GMT
etag: "5dcf47442fc7fbb8d0263bbf4869537e"
x-cache: Hit from cloudfront
via: 1.1 8ea75fde43c768e7e1d041f8b7a07bd6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 5365pCdVGeqt_q-8zvayiBWYI9GOESNu_KbowtMcq4QFhfAgO6oPOQ==
age: 53239
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

varycares.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST28cRRPGexIrh%2FflEsIFCaS5ARJaz4xn%2F5EDiglGFiYOCQhuqKe7Z924Z3rUPb2ztjhYREI5Lt9g%2FKwdC7Ci8AFAaMwtEpKXkw%2F4gJQPgEA5o11bLJQ0qnrqqcOvavqrfXdOAjh6tvaB3pVK0eV2K%2FBf%2FzQMb%2FobMncjf9TrfNaJb%2Fpm%2BFYY9FvBG%2F57gm3r5SgIgyAMQn9NGpHq0XIYhq0Asjjuh61%2B0IqjVtiOMTL%2F1dZ5sNQDH56TFyH59H%2FHj2NI1iDPntwWdrvUxZvvZk7RUhsM%2BdHH%2BXauqxzZokyNhzQ%2FupyGtqdrP0Lnh3Ng6OE%2Fg4mcEu%2FZ70jyo0tKJMPDC9BEQeRI%2BP9RDRsI1UDSBkw%2FgOSnBGAcdzaRZ4%2FuaFPRnQuXztwpWXr%2BJ2Q1JUu%2FvYQ8e7yq5Mi%2Fr5Urpc4tRmkNOWogBw0Kd4Jy9wpkdQJWfgnJfyHLzzeQZwebVmlIXs%2BXl7KBTBsoMQa1Htzskx5c6sEVHjJ%2B5ndZ3OvxXptTwViUpGEvjdO4T1mQsmClH8GxGd4YZTEGU2Mws4fC7GFbjmHcT7BbNSz3YMsp8T7cw5DXqARBZQkqSlBJgqokqIb1IVc2svUjrqxLwsscXeaVeqLLwT491OVA5GS%2FOCfX53f5q6OxLc78KIopj2kYJ3EStlnYjTpp2g3agnW6kaAdWFlD2ivzVXfl6Y0ChTx94RUk9ARWnYDJ66DuVdBq0o0C0K1J3Auwmz%2FhotBWlqlUwraYzsB1jaJcQrnj7atz8vKc47VnPgR7Si4DzNQoTI3P5c8EA%2FVwck9X5OCeriz5frMoZSZ36ezf3S9pKa59%2B77YqbTh67ft%2BJtbbGbMyuOPhC03aM5lPrDku1XJuTBr2jBBfli3n4jkrrNbq87krti4%2B87aelYYYa3UeQMqT7%2FogMkpuXbrcP4qb%2FzRgzQNjKuRuQWp1A1YsQdbLHpWExi10EnhoXL1xETJoqkkgRILTZMa9l86WdT79iEGxgMtHyDPagxNjaGqQdUY1l2dlIV5%2BvavK%2FNAorxJoox3kCijvr44rZVnvuiKTr8fB3GXB0ES8ygK24LRlZj2aRSlXZR2yrOr5m8AAAD%2F%2FwEAAP%2F%2F3PUQP2IEAAA%3D

192.243.61.225

200 OK

7 B

URL GET HTTP/1.1
varycares.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST28cRRPGexIrh%2FflEsIFCaS5ARJaz4xn%2F5EDiglGFiYOCQhuqKe7Z924Z3rUPb2ztjhYREI5Lt9g%2FKwdC7Ci8AFAaMwtEpKXkw%2F4gJQPgEA5o11bLJQ0qnrqqcOvavqrfXdOAjh6tvaB3pVK0eV2K%2FBf%2FzQMb%2FobMncjf9TrfNaJb%2Fpm%2BFYY9FvBG%2F57gm3r5SgIgyAMQn9NGpHq0XIYhq0Asjjuh61%2B0IqjVtiOMTL%2F1dZ5sNQDH56TFyH59H%2FHj2NI1iDPntwWdrvUxZvvZk7RUhsM%2BdHH%2BXauqxzZokyNhzQ%2FupyGtqdrP0Lnh3Ng6OE%2Fg4mcEu%2FZ70jyo0tKJMPDC9BEQeRI%2BP9RDRsI1UDSBkw%2FgOSnBGAcdzaRZ4%2FuaFPRnQuXztwpWXr%2BJ2Q1JUu%2FvYQ8e7yq5Mi%2Fr5Urpc4tRmkNOWogBw0Kd4Jy9wpkdQJWfgnJfyHLzzeQZwebVmlIXs%2BXl7KBTBsoMQa1Htzskx5c6sEVHjJ%2B5ndZ3OvxXptTwViUpGEvjdO4T1mQsmClH8GxGd4YZTEGU2Mws4fC7GFbjmHcT7BbNSz3YMsp8T7cw5DXqARBZQkqSlBJgqokqIb1IVc2svUjrqxLwsscXeaVeqLLwT491OVA5GS%2FOCfX53f5q6OxLc78KIopj2kYJ3EStlnYjTpp2g3agnW6kaAdWFlD2ivzVXfl6Y0ChTx94RUk9ARWnYDJ66DuVdBq0o0C0K1J3Auwmz%2FhotBWlqlUwraYzsB1jaJcQrnj7atz8vKc47VnPgR7Si4DzNQoTI3P5c8EA%2FVwck9X5OCeriz5frMoZSZ36ezf3S9pKa59%2B77YqbTh67ft%2BJtbbGbMyuOPhC03aM5lPrDku1XJuTBr2jBBfli3n4jkrrNbq87krti4%2B87aelYYYa3UeQMqT7%2FogMkpuXbrcP4qb%2FzRgzQNjKuRuQWp1A1YsQdbLHpWExi10EnhoXL1xETJoqkkgRILTZMa9l86WdT79iEGxgMtHyDPagxNjaGqQdUY1l2dlIV5%2BvavK%2FNAorxJoox3kCijvr44rZVnvuiKTr8fB3GXB0ES8ygK24LRlZj2aRSlXZR2yrOr5m8AAAD%2F%2FwEAAP%2F%2F3PUQP2IEAAA%3D
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1SST28cRRPGexIrh%2FflEsIFCaS5ARJaz4xn%2F5EDiglGFiYOCQhuqKe7Z924Z3rUPb2ztjhYREI5Lt9g%2FKwdC7Ci8AFAaMwtEpKXkw%2F4gJQPgEA5o11bLJQ0qnrqqcOvavqrfXdOAjh6tvaB3pVK0eV2K%2FBf%2FzQMb%2FobMncjf9TrfNaJb%2Fpm%2BFYY9FvBG%2F57gm3r5SgIgyAMQn9NGpHq0XIYhq0Asjjuh61%2B0IqjVtiOMTL%2F1dZ5sNQDH56TFyH59H%2FHj2NI1iDPntwWdrvUxZvvZk7RUhsM%2BdHH%2BXauqxzZokyNhzQ%2FupyGtqdrP0Lnh3Ng6OE%2Fg4mcEu%2FZ70jyo0tKJMPDC9BEQeRI%2BP9RDRsI1UDSBkw%2FgOSnBGAcdzaRZ4%2FuaFPRnQuXztwpWXr%2BJ2Q1JUu%2FvYQ8e7yq5Mi%2Fr5Urpc4tRmkNOWogBw0Kd4Jy9wpkdQJWfgnJfyHLzzeQZwebVmlIXs%2BXl7KBTBsoMQa1Htzskx5c6sEVHjJ%2B5ndZ3OvxXptTwViUpGEvjdO4T1mQsmClH8GxGd4YZTEGU2Mws4fC7GFbjmHcT7BbNSz3YMsp8T7cw5DXqARBZQkqSlBJgqokqIb1IVc2svUjrqxLwsscXeaVeqLLwT491OVA5GS%2FOCfX53f5q6OxLc78KIopj2kYJ3EStlnYjTpp2g3agnW6kaAdWFlD2ivzVXfl6Y0ChTx94RUk9ARWnYDJ66DuVdBq0o0C0K1J3Auwmz%2FhotBWlqlUwraYzsB1jaJcQrnj7atz8vKc47VnPgR7Si4DzNQoTI3P5c8EA%2FVwck9X5OCeriz5frMoZSZ36ezf3S9pKa59%2B77YqbTh67ft%2BJtbbGbMyuOPhC03aM5lPrDku1XJuTBr2jBBfli3n4jkrrNbq87krti4%2B87aelYYYa3UeQMqT7%2FogMkpuXbrcP4qb%2FzRgzQNjKuRuQWp1A1YsQdbLHpWExi10EnhoXL1xETJoqkkgRILTZMa9l86WdT79iEGxgMtHyDPagxNjaGqQdUY1l2dlIV5%2BvavK%2FNAorxJoox3kCijvr44rZVnvuiKTr8fB3GXB0ES8ygK24LRlZj2aRSlXZR2yrOr5m8AAAD%2F%2FwEAAP%2F%2F3PUQP2IEAAA%3D HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:27 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b189060f1c50cb135a52176be50ca374
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.barscreative1.com/sb/notifications/software/us/norton/1/index.html

45.133.44.3

200 OK

804 B

URL GET HTTP/2
cdn.barscreative1.com/sb/notifications/software/us/norton/1/index.html
IP
45.133.44.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint0B:AE:8A:C0:29:EA:B0:86:29:66:F6:7E:76:63:66:57:38:88:FC:E6
ValidityMon, 15 May 2023 04:01:53 GMT - Sun, 13 Aug 2023 04:01:52 GMT

File type
HTML document text\012- HTML document, ASCII text
Size
804 B (804 bytes)
Hash
3be2a223ed1b1c36a153f54be2c83f27
ec1a98749afdd4b466d1834239572161f4483f56
a3ae56824eb2005ad2daea5baa21fe6f0fa44891f59c34aed64b7232f59354c6

HTTP Headers

GET /sb/notifications/software/us/norton/1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: text/html; charset=utf-8
content-length: 804
server: nginx/1.17.6
last-modified: Wed, 17 Feb 2021 11:42:48 GMT
etag: "602d0138-324"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Tue, 23 May 2023 19:18:27 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

t.unblockia.com/?sid=140&o=3&b=2&p=1&t=1

54.230.111.90

200 OK

0 B

URL POST HTTP/2
t.unblockia.com/?sid=140&o=3&b=2&p=1&t=1
IP
54.230.111.90:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /?sid=140&o=3&b=2&p=1&t=1 HTTP/1.1
Host: t.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
content-type: application/json
content-length: 0
server: nginx/1.20.0
date: Tue, 23 May 2023 18:18:27 GMT
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Flv_z-cWfr-YF-6rKdDcu3ZZBP_Noe_daVkyuZYBsJrEDOekKDJ1ew==
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2

varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Findex.html&l=804&fd=165

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Findex.html&l=804&fd=165
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Findex.html&l=804&fd=165 HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:27 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

notification.tubecup.net/tags?tag_id=46445&timezone_olson=UTC&version_name=d

78.47.199.210

204 No Content

0 B

URL GET HTTP/2
notification.tubecup.net/tags?tag_id=46445&timezone_olson=UTC&version_name=d
IP
78.47.199.210:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tags?tag_id=46445&timezone_olson=UTC&version_name=d HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.18.0
date: Tue, 23 May 2023 18:18:27 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/software/us/norton/1/js/script.js

172.64.196.23

200 OK

59 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/js/script.js
IP
172.64.196.23:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
ASCII text
Size
59 kB (58553 bytes)
Hash
2c74052305c8fdb7d12d52f9b5d49f95
f56cdefd437d28e3e238c57a92108f3af9dbecea
b709aa45ff7eb1d6c667ceaeb90df1340dcfe97f3c620c2efd58f2335d5f1aeb

HTTP Headers

GET /sb/notifications/software/us/norton/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:45:00 GMT
etag: W/"602d01bc-181"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 46076
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3CrWjUFSmf6hJTMs4p8hV5dXkj4LcCT1SQRZQQs9z7CtrF%2FZFyh8AAANjLrvJ0bLJWehdWJgpNCiHC8s0r2OO2bEyGFPPK%2FqkbGgRNpXJt1asxL1jiQK0ax8JmBY9mbY5CAGm%2BAP9M00"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbf4d323ca54133-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/close.png

172.64.196.23

200 OK

1.8 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/close.png
IP
172.64.196.23:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1778 bytes)
Hash
c1b8f53c3afa0fdd5be48e6bfdbbb6fa
eeb2cd8d17e3abe135865be77330b8519f6bceb2
8f5d7d0bf69b5fcb8a110dd7c79948e70c860440b6ecc803a20ababe193a1af0

HTTP Headers

GET /sb/notifications/software/us/norton/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: image/png
content-length: 1778
last-modified: Wed, 17 Feb 2021 11:45:01 GMT
etag: "602d01bd-6f2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 10118848
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XSBf5rjllH05c137zhMSct2CI7YEKKJgg1DVqn5tRIdjbFV6%2BW0K6zoJY54NlTiIjrA%2FgM1%2FqIlAnteUuXM6svSrxrivFE8xvesEGaG9tuPyyTJMX5zjpCzNDUW1F6j%2BLptog1D6KDSB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbf4d336b397315-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fanimate.css&l=79249&fd=220

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fanimate.css&l=79249&fd=220
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fanimate.css&l=79249&fd=220 HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:27 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fstyle.css&l=2311&fd=271

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fstyle.css&l=2311&fd=271
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fcss%2Fstyle.css&l=2311&fd=271 HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:27 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

varycares.com/impr.gif?sid=H4sIAAAAAAAC%2F1SST28cRRPGexIrh%2FflEsIFCaS5ARJaz4xn%2F5gcUEwwsjBxSEBwQz3dPevGPdOj7umdtcXBIhLKcfkG42ftWIAVhQ8AQmNukZC8nHzAB6R8AATKGe16xUJJo6qnnjr8qqa%2FOnAXJICj5%2Bsf6D2pFF1utwL%2F9U%2FD8Ka%2FKXM39Ie9zmed%2BKZvBm%2BFwWoreMN%2FT7AdvRwFYRCEQeivSyNSPVwOw7AVQBYnq2FrNWjFUStsxxia%2F2rrPFjqgQ8uyIuQfPK%2Fk8cxJGuQZ09uC7tT6uLNdzOnaKkNBvz443wn11WObFGmxkOaH8%2Bnoe3Z%2Bo%2FQ%2BdEMGHrwz2AiJ8R79juS%2FHhOiWRwdAmaKIgcCf8%2FqkEDoRpI2oDpB5D8jACM484W8uzRHW0qunvp0qk7IUvP%2F4SsJmTpt5eQZ4%2FXlBz697VypdS5xTCtIYcNZL9B4U5R7l2BrE7Byi8h%2BS9k%2Bfkm8uxwyyoNyevZ8lI2kGkDJUag1oObftKDSz24wkPGz%2F0ui3s93mtzKhiLkjTspXEar1IWpCxYWY3g2BRvhLIYgakRmNlHYfaxI0cw7ifY7RqWe7DlhHgf7mPAa1SCoLIEFSWoJEFVElSD%2BogrG9n6EVfWJeE8R%2FO8Uo912T%2BgR7rsi5wcFBfk%2Buwuf3U0dsS5H0Ux5TEN4yROwjYLu1EnTbtBW7BONxK0AytrSHtltuqePLtRoJBnL7yChJ7CqlMweR3UvQpajbtRALo9jnsB9vInXBTayjKVStgW0xm4rlGUSyh3vQN1QV6ecbz2zIdgT8k8wEyNwtT4XP5M0FcPx%2Fd0RQ7v6cqS77eKUmZyj07%2F3f2SluLat%2B%2BL3UobvnHbjr65xabGtDz5SNhyk%2BZc5n1LvluTnAuzrg0T5IcN%2B4lI7jq7veZM7orNu%2B%2Bsb2SFEdZKnTeg8uyLDpickGu3jmav8sYfPUjTwLgamVuQSt2AFfuwxaJnNYFRC50UHipXj02ULJpKEiix0DSpYf%2Blk0V9YB%2BibzzQ8gHyrMbA1BioGlSNYN3VcVmYp2%2F%2FujILJMobJ8p4h4ky6uvL01p57jMWCBom3VAILtorjMUd1ks66UrcFb02b6O0E55dNX8DAAD%2F%2FwEAAP%2F%2FI9K4L2IEAAA%3D

192.243.61.225

200 OK

7 B

URL GET HTTP/1.1
varycares.com/impr.gif?sid=H4sIAAAAAAAC%2F1SST28cRRPGexIrh%2FflEsIFCaS5ARJaz4xn%2F5gcUEwwsjBxSEBwQz3dPevGPdOj7umdtcXBIhLKcfkG42ftWIAVhQ8AQmNukZC8nHzAB6R8AATKGe16xUJJo6qnnjr8qqa%2FOnAXJICj5%2Bsf6D2pFF1utwL%2F9U%2FD8Ka%2FKXM39Ie9zmed%2BKZvBm%2BFwWoreMN%2FT7AdvRwFYRCEQeivSyNSPVwOw7AVQBYnq2FrNWjFUStsxxia%2F2rrPFjqgQ8uyIuQfPK%2Fk8cxJGuQZ09uC7tT6uLNdzOnaKkNBvz443wn11WObFGmxkOaH8%2Bnoe3Z%2Bo%2FQ%2BdEMGHrwz2AiJ8R79juS%2FHhOiWRwdAmaKIgcCf8%2FqkEDoRpI2oDpB5D8jACM484W8uzRHW0qunvp0qk7IUvP%2F4SsJmTpt5eQZ4%2FXlBz697VypdS5xTCtIYcNZL9B4U5R7l2BrE7Byi8h%2BS9k%2Bfkm8uxwyyoNyevZ8lI2kGkDJUag1oObftKDSz24wkPGz%2F0ui3s93mtzKhiLkjTspXEar1IWpCxYWY3g2BRvhLIYgakRmNlHYfaxI0cw7ifY7RqWe7DlhHgf7mPAa1SCoLIEFSWoJEFVElSD%2BogrG9n6EVfWJeE8R%2FO8Uo912T%2BgR7rsi5wcFBfk%2Buwuf3U0dsS5H0Ux5TEN4yROwjYLu1EnTbtBW7BONxK0AytrSHtltuqePLtRoJBnL7yChJ7CqlMweR3UvQpajbtRALo9jnsB9vInXBTayjKVStgW0xm4rlGUSyh3vQN1QV6ecbz2zIdgT8k8wEyNwtT4XP5M0FcPx%2Fd0RQ7v6cqS77eKUmZyj07%2F3f2SluLat%2B%2BL3UobvnHbjr65xabGtDz5SNhyk%2BZc5n1LvluTnAuzrg0T5IcN%2B4lI7jq7veZM7orNu%2B%2Bsb2SFEdZKnTeg8uyLDpickGu3jmav8sYfPUjTwLgamVuQSt2AFfuwxaJnNYFRC50UHipXj02ULJpKEiix0DSpYf%2Blk0V9YB%2BibzzQ8gHyrMbA1BioGlSNYN3VcVmYp2%2F%2FujILJMobJ8p4h4ky6uvL01p57jMWCBom3VAILtorjMUd1ks66UrcFb02b6O0E55dNX8DAAD%2F%2FwEAAP%2F%2FI9K4L2IEAAA%3D
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1SST28cRRPGexIrh%2FflEsIFCaS5ARJaz4xn%2F5gcUEwwsjBxSEBwQz3dPevGPdOj7umdtcXBIhLKcfkG42ftWIAVhQ8AQmNukZC8nHzAB6R8AATKGe16xUJJo6qnnjr8qqa%2FOnAXJICj5%2Bsf6D2pFF1utwL%2F9U%2FD8Ka%2FKXM39Ie9zmed%2BKZvBm%2BFwWoreMN%2FT7AdvRwFYRCEQeivSyNSPVwOw7AVQBYnq2FrNWjFUStsxxia%2F2rrPFjqgQ8uyIuQfPK%2Fk8cxJGuQZ09uC7tT6uLNdzOnaKkNBvz443wn11WObFGmxkOaH8%2Bnoe3Z%2Bo%2FQ%2BdEMGHrwz2AiJ8R79juS%2FHhOiWRwdAmaKIgcCf8%2FqkEDoRpI2oDpB5D8jACM484W8uzRHW0qunvp0qk7IUvP%2F4SsJmTpt5eQZ4%2FXlBz697VypdS5xTCtIYcNZL9B4U5R7l2BrE7Byi8h%2BS9k%2Bfkm8uxwyyoNyevZ8lI2kGkDJUag1oObftKDSz24wkPGz%2F0ui3s93mtzKhiLkjTspXEar1IWpCxYWY3g2BRvhLIYgakRmNlHYfaxI0cw7ifY7RqWe7DlhHgf7mPAa1SCoLIEFSWoJEFVElSD%2BogrG9n6EVfWJeE8R%2FO8Uo912T%2BgR7rsi5wcFBfk%2Buwuf3U0dsS5H0Ux5TEN4yROwjYLu1EnTbtBW7BONxK0AytrSHtltuqePLtRoJBnL7yChJ7CqlMweR3UvQpajbtRALo9jnsB9vInXBTayjKVStgW0xm4rlGUSyh3vQN1QV6ecbz2zIdgT8k8wEyNwtT4XP5M0FcPx%2Fd0RQ7v6cqS77eKUmZyj07%2F3f2SluLat%2B%2BL3UobvnHbjr65xabGtDz5SNhyk%2BZc5n1LvluTnAuzrg0T5IcN%2B4lI7jq7veZM7orNu%2B%2Bsb2SFEdZKnTeg8uyLDpickGu3jmav8sYfPUjTwLgamVuQSt2AFfuwxaJnNYFRC50UHipXj02ULJpKEiix0DSpYf%2Blk0V9YB%2BibzzQ8gHyrMbA1BioGlSNYN3VcVmYp2%2F%2FujILJMobJ8p4h4ky6uvL01p57jMWCBom3VAILtorjMUd1ks66UrcFb02b6O0E55dNX8DAAD%2F%2FwEAAP%2F%2FI9K4L2IEAAA%3D HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 76ac7937aaac6806f99770e80b15701b
Strict-Transport-Security: max-age=0; includeSubdomains

44831497b7.7b4d5bc078.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTIzMzE5NzYzMDc4NjIzNDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjQ5LjAiLCJ0YWdfaWQiOjQ2NDQ1LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjozLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNzYsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkRlcG9zaXRGaWxlcyUyQ0RlcG9zaXRGaWxlcyUyQ3Byb3ZpZGVzJTJDeW91JTJDd2l0aCUyQ2ElMkNsZWdpdGltYXRlJTJDdGVjaG5pY2FsJTJDc29sdXRpb24lMkN3aGljaCUyQ2VuYWJsZXMlMkN5b3UlMkN0byUyQ3VwbG9hZCUyQ3N0b3JlJTJDYWNjZXNzJTJDYW5kJTJDZG93bmxvYWQlMkN0ZXh0JTJDc29mdHdhcmUlMkMlMkNzY3JpcHRzJTJDaW1hZ2VzJTJDc291bmRzJTJDdmlkZW9zJTJDYW5pbWF0aW9ucyUyQ2FuZCUyQ2FueSUyQ290aGVyJTJDbWF0ZXJpYWxzJTJDaW4lMkNmb3JtJTJDb2YlMkNvbmUlMkNvciUyQ3NldmVyYWwlMkNlbGVjdHJvbmljJTJDZmlsZXMuIn0=

45.133.44.53

200 OK

0 B

URL GET HTTP/2
44831497b7.7b4d5bc078.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTIzMzE5NzYzMDc4NjIzNDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjQ5LjAiLCJ0YWdfaWQiOjQ2NDQ1LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjozLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNzYsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkRlcG9zaXRGaWxlcyUyQ0RlcG9zaXRGaWxlcyUyQ3Byb3ZpZGVzJTJDeW91JTJDd2l0aCUyQ2ElMkNsZWdpdGltYXRlJTJDdGVjaG5pY2FsJTJDc29sdXRpb24lMkN3aGljaCUyQ2VuYWJsZXMlMkN5b3UlMkN0byUyQ3VwbG9hZCUyQ3N0b3JlJTJDYWNjZXNzJTJDYW5kJTJDZG93bmxvYWQlMkN0ZXh0JTJDc29mdHdhcmUlMkMlMkNzY3JpcHRzJTJDaW1hZ2VzJTJDc291bmRzJTJDdmlkZW9zJTJDYW5pbWF0aW9ucyUyQ2FuZCUyQ2FueSUyQ290aGVyJTJDbWF0ZXJpYWxzJTJDaW4lMkNmb3JtJTJDb2YlMkNvbmUlMkNvciUyQ3NldmVyYWwlMkNlbGVjdHJvbmljJTJDZmlsZXMuIn0=
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subject44831497b7.7b4d5bc078.com
Fingerprint72:EC:F1:8D:66:7F:4F:F0:EB:69:9B:FD:06:42:B6:5C:DA:74:75:7F
ValiditySat, 20 May 2023 02:50:41 GMT - Fri, 18 Aug 2023 02:50:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTIzMzE5NzYzMDc4NjIzNDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjQ5LjAiLCJ0YWdfaWQiOjQ2NDQ1LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjozLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjEuNzYsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6MCwidXNlcl9rZXl3b3JkcyI6IkRlcG9zaXRGaWxlcyUyQ0RlcG9zaXRGaWxlcyUyQ3Byb3ZpZGVzJTJDeW91JTJDd2l0aCUyQ2ElMkNsZWdpdGltYXRlJTJDdGVjaG5pY2FsJTJDc29sdXRpb24lMkN3aGljaCUyQ2VuYWJsZXMlMkN5b3UlMkN0byUyQ3VwbG9hZCUyQ3N0b3JlJTJDYWNjZXNzJTJDYW5kJTJDZG93bmxvYWQlMkN0ZXh0JTJDc29mdHdhcmUlMkMlMkNzY3JpcHRzJTJDaW1hZ2VzJTJDc291bmRzJTJDdmlkZW9zJTJDYW5pbWF0aW9ucyUyQ2FuZCUyQ2FueSUyQ290aGVyJTJDbWF0ZXJpYWxzJTJDaW4lMkNmb3JtJTJDb2YlMkNvbmUlMkNvciUyQ3NldmVyYWwlMkNlbGVjdHJvbmljJTJDZmlsZXMuIn0= HTTP/1.1
Host: 44831497b7.7b4d5bc078.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:28 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fjs%2Fscript.js&l=385&fd=259

173.233.137.52

200 OK

0 B

URL GET HTTP/1.1
varycares.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fjs%2Fscript.js&l=385&fd=259
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fnorton%2F1%2Fjs%2Fscript.js&l=385&fd=259 HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fp.metricswpsh.com/fp?tag_id=46445

157.90.84.242

200 OK

0 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=46445
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Tue, 23 May 2023 18:18:28 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://dfiles.eu
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

varycares.com/pixel/sbs?c=1

173.233.137.52

200 OK

0 B

URL GET HTTP/1.1
varycares.com/pixel/sbs?c=1
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectvarycares.com
FingerprintD4:DA:6E:A7:73:68:5A:78:BD:2D:8F:1F:7B:50:F0:57:13:45:7A:B6
ValidityMon, 01 May 2023 19:24:05 GMT - Sun, 30 Jul 2023 19:24:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: varycares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Cookie: u_pl=16004719; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

unseenreport.com/pxf.gif?uuid=4f295984-fea6-49fe-a2aa-ccedfecc3a81&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18

192.243.59.20

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=4f295984-fea6-49fe-a2aa-ccedfecc3a81&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=4f295984-fea6-49fe-a2aa-ccedfecc3a81&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=224ad4a14b4b15c1726ff705ec672ea6&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:28 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 45c99c7f488c20164b7cb4debd531e14
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=4f295984-fea6-49fe-a2aa-ccedfecc3a81&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18

192.243.59.20

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=4f295984-fea6-49fe-a2aa-ccedfecc3a81&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=4f295984-fea6-49fe-a2aa-ccedfecc3a81&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=c22dc50dc2bbe4422c7f68d26ab95eb9&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 23 May 2023 18:18:28 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b29a7d7ac0b5459684adf23f555df49a
Strict-Transport-Security: max-age=0; includeSubdomains

fp.metricswpsh.com/fp?tag_id=46445

157.90.84.242

200 OK

27 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=46445
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT

File type
JSON data\012- , ASCII text
Size
27 B (27 bytes)
Hash
c4bea7951aaa542768f63f72d171ff83
7f57b3ce5d3a9bb0a15c32b34745b0214710e185
d4fbb24457a99cbf28127e8a416979ca0f2ab97c64a59b8d38760c40d4934756

HTTP Headers

POST /fp?tag_id=46445 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 23167
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 23 May 2023 18:18:28 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 27
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dfiles.eu
Set-Cookie: id=15617427274624043866; Expires=Wed, 22 May 2024 18:18:28 GMT; Secure; SameSite=None
Vary: Origin

images.outbrainimg.com/transform/v3/eyJpdSI6ImE3NTc2ZTZmNWNmNTdmMTc2YjY0YjgyZDkyNjM1MWZkYTBhZmI2NTdjYTU0MDk1YzRmNDE4OTIxYzMxYmIzMTIiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp

2.18.173.172

200 OK

10 kB

URL GET HTTP/2
images.outbrainimg.com/transform/v3/eyJpdSI6ImE3NTc2ZTZmNWNmNTdmMTc2YjY0YjgyZDkyNjM1MWZkYTBhZmI2NTdjYTU0MDk1YzRmNDE4OTIxYzMxYmIzMTIiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
IP
2.18.173.172:443
ASN
#16625 AKAMAI-AS

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerDigiCert Inc
Subject*.outbrainimg.com
Fingerprint4F:05:15:71:93:78:ED:64:53:30:81:ED:DA:9C:FE:4F:7B:F9:41:BE
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sat, 02 Mar 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 270x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
10 kB (9966 bytes)
Hash
a81433fbbaa1ea17d9ed1063e3e4ac1d
6405999c414ffafbe77dfc490d980845cd7bbf03
02a1aa368ab6e619e0a66bec9967daee294a7837bb07bc1f4c5a4f9645aa55d7

HTTP Headers

GET /transform/v3/eyJpdSI6ImE3NTc2ZTZmNWNmNTdmMTc2YjY0YjgyZDkyNjM1MWZkYTBhZmI2NTdjYTU0MDk1YzRmNDE4OTIxYzMxYmIzMTIiLCJ3IjoxODAsImgiOjE2MCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp HTTP/1.1
Host: images.outbrainimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/webp
content-length: 9966
last-modified: Sat, 29 Apr 2023 10:52:21 GMT
x-traceid: 602788ae2fddded72e8f7c5b29677825
cache-control: max-age=542394
date: Tue, 23 May 2023 18:18:30 GMT
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
timing-allow-origin: *, *
X-Firefox-Spdy: h2

api.purpleads.io/x/a/8ccf6e29495f812acbd889005f4a3a20:9ccd5292b2ab6806205f73221580ffbed1fd44774952f5661d2c475c59a6ea3febf0db30c059b18c0c7e693fbceda2c7cb53caa85d4fcdeac744a5f03f9d4129b0a6a3e85877934516e08c095fac15d6714d490d349534a6c3c76c866f40646e/i?id=624da50b-1abc-4c4f-907d-44b805446748

75.101.220.184

204 No Content

0 B

URL GET HTTP/2
api.purpleads.io/x/a/8ccf6e29495f812acbd889005f4a3a20:9ccd5292b2ab6806205f73221580ffbed1fd44774952f5661d2c475c59a6ea3febf0db30c059b18c0c7e693fbceda2c7cb53caa85d4fcdeac744a5f03f9d4129b0a6a3e85877934516e08c095fac15d6714d490d349534a6c3c76c866f40646e/i?id=624da50b-1abc-4c4f-907d-44b805446748
IP
75.101.220.184:443
ASN
#14618 AMAZON-AES

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /x/a/8ccf6e29495f812acbd889005f4a3a20:9ccd5292b2ab6806205f73221580ffbed1fd44774952f5661d2c475c59a6ea3febf0db30c059b18c0c7e693fbceda2c7cb53caa85d4fcdeac744a5f03f9d4129b0a6a3e85877934516e08c095fac15d6714d490d349534a6c3c76c866f40646e/i?id=624da50b-1abc-4c4f-907d-44b805446748 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Tue, 23 May 2023 18:18:29 GMT
access-control-allow-origin: api.purpleads.io
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
X-Firefox-Spdy: h2

cdn.prplads.com/load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683

172.67.74.93

200 OK

36 kB

URL GET HTTP/2
cdn.prplads.com/load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683
IP
172.67.74.93:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectprplads.com
Fingerprint44:46:5A:F0:A0:B0:25:70:06:3F:E4:EB:02:D5:A2:67:7A:E3:7D:0E
ValidityWed, 19 Apr 2023 12:34:16 GMT - Tue, 18 Jul 2023 12:34:15 GMT

File type
Unicode text, UTF-8 text, with very long lines (44009), with no line terminators
Size
36 kB (35586 bytes)
Hash
e7f2069322ec42bbceeeb82aa038ad97
ff19fb5f2a8acaaa6e5690ac8a4a18d4e3a96239
e925958da62482fd49a37dde6b3d8b2429ab1a7f7d531ab0c15e3fe112f464ef

HTTP Headers

GET /load.js?publisherId=64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683 HTTP/1.1
Host: cdn.prplads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"103f53a915d53d541a023f9c8352e84c"
last-modified: Wed, 03 May 2023 17:14:59 GMT
x-amz-id-2: c0BBo0bTVFeShG8i+7lo2b2VE/UirvGjsaEwxq/wwMJ6ns1s3aKZvOG0lzRnXyQ2PtAWUDAre3c=
x-amz-request-id: VF6G331VR5CZSWHS
cache-control: max-age=86400
cf-cache-status: HIT
age: 5226
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SQ1hFzggY5CjkTW7D%2Bm3Eq%2Fn6ACO8XvIYwXWN%2FBPvA1%2Ftsf03ms91jeZpqYUni7so9bvjjtQajqFQKW1IGfQ4T%2FsUw%2FQbsE9DHY7lu5Xg1U207kBPg8Cv1B%2BTSguj4rDCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbf4d325c4d0b69-OSL
content-encoding: br
X-Firefox-Spdy: h2

log.outbrainimg.com/loggerServices/log-viewability?requestId=2517d9e62d3f19b499aeaf9403927f04&position=0

64.202.112.223

200 OK

4 B

URL GET HTTP/1.1
log.outbrainimg.com/loggerServices/log-viewability?requestId=2517d9e62d3f19b499aeaf9403927f04&position=0
IP
64.202.112.223:443
ASN
#22075 AS-OUTBRAIN

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerDigiCert Inc
Subject*.outbrainimg.com
Fingerprint20:D2:F0:B3:C3:92:99:66:27:4F:78:12:57:9F:4D:C0:BF:9A:8F:C4
ValidityTue, 14 Mar 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

HTTP Headers

GET /loggerServices/log-viewability?requestId=2517d9e62d3f19b499aeaf9403927f04&position=0 HTTP/1.1
Host: log.outbrainimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 23 May 2023 18:18:30 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 4
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST
X-TraceId: 343f3229e90b23869142795e56670980

log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=2517d9e62d3f19b499aeaf9403927f04&pvId=2517d9e62d3f19b499aeaf9403927f04&sid=10054537&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent

64.202.112.223

200 OK

4 B

URL GET HTTP/1.1
log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=2517d9e62d3f19b499aeaf9403927f04&pvId=2517d9e62d3f19b499aeaf9403927f04&sid=10054537&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent
IP
64.202.112.223:443
ASN
#22075 AS-OUTBRAIN

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerDigiCert Inc
Subject*.outbrainimg.com
Fingerprint20:D2:F0:B3:C3:92:99:66:27:4F:78:12:57:9F:4D:C0:BF:9A:8F:C4
ValidityTue, 14 Mar 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

HTTP Headers

GET /loggerServices/widgetGlobalEvent?rId=2517d9e62d3f19b499aeaf9403927f04&pvId=2517d9e62d3f19b499aeaf9403927f04&sid=10054537&pid=45718&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent HTTP/1.1
Host: log.outbrainimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 23 May 2023 18:18:30 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 4
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST
X-TraceId: 9507f63217093ae56ad5b5cc1595caa2

js.wpshsdk.com/npc/sdk/push.m.js?v=1

45.133.44.53

200 OK

67 kB

URL GET HTTP/2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectjs.wpshsdk.com
Fingerprint78:77:A4:19:CC:0D:15:24:69:96:1B:44:C9:A0:4D:0B:B7:C0:F2:D8
ValidityMon, 27 Mar 2023 02:06:36 GMT - Sun, 25 Jun 2023 02:06:35 GMT

File type

Size
67 kB (66894 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 05 Apr 2023 13:10:08 GMT
etag: W/"642d7330-1054e"
content-encoding: gzip
expires: Tue, 23 May 2023 18:23:27 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

ntvpwpush.com/dl/cookies

94.130.198.6

200 OK

620 B

URL GET HTTP/2
ntvpwpush.com/dl/cookies
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (656), with no line terminators
Size
620 B (620 bytes)
Hash
0f28ac8b62710210d8c20200cb32caf2
e5cf4c2df4e48eff5fe877531dd3f12351c0c37d
2e6743f06e4cc09ff077b579b75511eaaf5ccf370f70fd2075d74725bf5b872c

HTTP Headers

GET /dl/cookies HTTP/1.1
Host: ntvpwpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Tue, 23 May 2023 18:18:28 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

api.purpleads.io/x/v2/f?pid=165b73539c4440ceaaac857a289c9d74&ts=1684865907527

75.101.220.184

200 OK

1.4 kB

URL GET HTTP/2
api.purpleads.io/x/v2/f?pid=165b73539c4440ceaaac857a289c9d74&ts=1684865907527
IP
75.101.220.184:443
ASN
#14618 AMAZON-AES

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1451), with no line terminators
Size
1.4 kB (1395 bytes)
Hash
7e3a998f5a45cbef16c429ffd05ccba0
b9f56a0532323c65e3bcc46cc7c1833fb930bd72
9a155d1f409ba38503c8a6967a1fa33337961609ec42aef37cc1f4f1c188c5b6

HTTP Headers

GET /x/v2/f?pid=165b73539c4440ceaaac857a289c9d74&ts=1684865907527 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Content-Type: application/json
x-purpleads-version: 2.0.2
x-request-url: aHR0cHM6Ly9kZmlsZXMuZXUvZmlsZXMvNTIxYTY1cnlqL1BheURheTJfdi0xNDMxLmV4ZQ==
Authorization: Bearer 64df4768ef6a3d343387f03963cc6d27:a3fc5ba00d8a1e88f69e3c15e8e8c501507f1b2063b64e48a97000a1c4480fda350894047ca3535d3ce8fc5253d0214840300a723dc6ecae38a57d550d5ed683
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:28 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
set-cookie: pa-user-id=849e9ae7-53fc-4171-97b6-4be2f175138a; Domain=.purpleads.io; Path=/
pa-user-id: 849e9ae7-53fc-4171-97b6-4be2f175138a
etag: W/"573-OEf2tbIm6Vhsjd+fIyuZVQY3Imo"
vary: Accept-Encoding
content-encoding: br
X-Firefox-Spdy: h2

js.wpadmngr.com/static/adManager.m.js

45.133.44.53

200 OK

158 kB

URL GET HTTP/2
js.wpadmngr.com/static/adManager.m.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectjs.wpadmngr.com
FingerprintA9:7C:F8:A4:B8:B3:E3:98:76:72:9E:0B:4A:FB:FB:39:D4:F4:54:3D
ValidityTue, 16 May 2023 02:02:19 GMT - Mon, 14 Aug 2023 02:02:18 GMT

File type

Size
158 kB (158096 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/adManager.m.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:25 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 19 May 2023 08:16:51 GMT
etag: W/"64673073-26990"
content-encoding: gzip
expires: Tue, 23 May 2023 18:23:25 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Lato&display=swap

142.250.74.138

200 OK

761 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Lato&display=swap
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9B:D0:53:C4:55:9D:41:A4:94:03:4A:2B:6A:5B:57:EB:EB:A5:F0:4A
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
ASCII text, with very long lines (779), with no line terminators
Size
761 B (761 bytes)
Hash
a364604486274150bc70125ad37308ca
25ec492b058c53fa7df209da06563bee634eac05
1ced3fcf55032fd29188f7e360bc9429f0263d62e0bb4ae665161303f059c695

HTTP Headers

GET /css?family=Lato&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 23 May 2023 18:18:29 GMT
date: Tue, 23 May 2023 18:18:29 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.pubfuture-ad.com/v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L2ZpbGVzLzUyMWE2NXJ5ai9QYXlEYXkyX3YtMTQzMS5leGU=

104.26.0.97

200 OK

466 B

URL GET HTTP/2
cdn.pubfuture-ad.com/v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L2ZpbGVzLzUyMWE2NXJ5ai9QYXlEYXkyX3YtMTQzMS5leGU=
IP
104.26.0.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT

File type
HTML document text\012- troff or preprocessor input, ASCII text, with very long lines (506), with no line terminators
Size
466 B (466 bytes)
Hash
46d6a279ed0c6af60678f0a09c202f89
4e0160faaa294fc142665fe766c6e7dd456e410e
fcffad7fd6d1eb1fdcc362a4392ea8302c836108d3f004a97611b0fedb7bf83e

HTTP Headers

GET /v2/config/645b13aa2bbd92003f72bf8a?v=6&d=b3RoZXJz&ip=OTEuOTAuNDIuMTU0&c=&cc=Tk8=&s=ZGZpbGVzLmV1L2ZpbGVzLzUyMWE2NXJ5ai9QYXlEYXkyX3YtMTQzMS5leGU= HTTP/1.1
Host: cdn.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: application/json; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"1d2-3F/O2YfTCSHzwaBOO6iIIw6CFEY"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LjrKiWR414tFil2jGQZMyZNYTjHPkLCX9P5Xq%2BUqJUhfbqykmmRXTVuc9tjnWr11zsOVa5l6cO7%2FX3V33UkCbhSPT%2FSVCQ85GuJ9DIhLUAi935ccOJy5qno0ZOheQK6e3qEo9yvY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cbf4d2fbb950b51-OSL
content-encoding: br
X-Firefox-Spdy: h2

api.purpleads.io/x/v2/f?pid=165b73539c4440ceaaac857a289c9d74&ts=1684865907527

75.101.220.184

200 OK

0 B

URL OPTIONS HTTP/2
api.purpleads.io/x/v2/f?pid=165b73539c4440ceaaac857a289c9d74&ts=1684865907527
IP
75.101.220.184:443
ASN
#14618 AMAZON-AES

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerAmazon
Subject*.purpleads.io
Fingerprint2C:07:41:61:C9:75:ED:6A:72:5B:30:CE:B3:18:1C:47:DB:07:BF:D4
ValidityFri, 24 Feb 2023 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /x/v2/f?pid=165b73539c4440ceaaac857a289c9d74&ts=1684865907527 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Referer: https://dfiles.eu/
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:28 GMT
access-control-allow-origin: https://dfiles.eu
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-max-age: 86400
X-Firefox-Spdy: h2

cdn.unblockia.com/h.js

108.157.214.50

200 OK

166 kB

URL GET HTTP/2
cdn.unblockia.com/h.js
IP
108.157.214.50:443
ASN
#16509 AMAZON-02

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerAmazon
Subject*.unblockia.com
FingerprintF2:6F:03:00:E3:4A:B1:87:3C:4D:28:BB:E6:CE:8F:F1:2A:6E:1B:5D
ValidityTue, 21 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
166 kB (166192 bytes)
Hash
3d75dc8f7c4000ccdac0fff2f09d78a8
9008e9830c5f3a690cbb6cc94ddb34b59fc12677
203af4ee7878df10c428ce6599c619695219f48681b832ef3f856abdd299b8e8

HTTP Headers

GET /h.js HTTP/1.1
Host: cdn.unblockia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-javascript
last-modified: Mon, 22 May 2023 09:17:35 GMT
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-content-sha256: 3b11cd91ab382736a9ba8e63029f318e3177aa77903aa4fa093a80765fac8c07
x-amz-version-id: gKayxwShEzJAnBjNaPvAM9Fj3A2ZU3Kt
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:987257285531:build/unblockia-loader-codebuild-project:6a48fce0-eba0-40cc-8a72-49f5d7d1abde
x-amz-meta-codebuild-content-md5: 60511405d11f9acd0880a4539ae338cb
server: AmazonS3
content-encoding: br
date: Tue, 23 May 2023 09:19:59 GMT
etag: W/"3d75dc8f7c4000ccdac0fff2f09d78a8"
x-cache: Hit from cloudfront
via: 1.1 8ea75fde43c768e7e1d041f8b7a07bd6.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: nGAksnIkpbWYS7LPPuNTmNxfn-IBjma4R4bJkvFLWWUk-Z9UQb5opw==
age: 32307
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

addresseepaper.com/sfp.js

0.0.0.0

0 B

URL GET
addresseepaper.com/sfp.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

142.250.74.35

200 OK

24 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 May 2023 04:04:41 GMT
expires: Fri, 17 May 2024 04:04:41 GMT
cache-control: public, max-age=31536000
age: 483229
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.pubfuture-ad.com/v2/unit/pt.js

172.67.70.21

200 OK

6.6 kB

URL GET HTTP/2
cdn.pubfuture-ad.com/v2/unit/pt.js
IP
172.67.70.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA4:70:A9:B9:AC:49:1E:53:23:43:41:25:CD:10:7C:01:2E:87:01:01
ValidityTue, 07 Feb 2023 00:00:00 GMT - Tue, 06 Feb 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (6778), with no line terminators
Size
6.6 kB (6612 bytes)
Hash
0111fa8d579e88268584595c79ad05d8
557bd8adf0625893e0ede25162f2cee913ae702c
0e2968fc4d954021c6a483bf6195122c7934c97b6bc495e2c46e4382b2ee0ae4

HTTP Headers

GET /v2/unit/pt.js HTTP/1.1
Host: cdn.pubfuture-ad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:25 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=172800
cf-bgj: minify
access-control-allow-origin: *
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
etag: W/"19d4-fKxMfwaT/pKWztkbnqHGCyR1YAs"
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cf-cache-status: HIT
age: 23276
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MVnRXRIgR8HpRuyK8tX6ynVpWfgmd2x7eB%2BtD4x2jz9F73VhscKIcqd3UGcxgjV1FL6BnUuDdJVBrR%2BLGFYUWM5LRBpdSFO9khPySLAiUgH%2FiAGAGy3AkIVp%2BdlRcMKk%2BZBdsVA7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cbf4d228941b4f9-OSL
content-encoding: br
X-Firefox-Spdy: h2

na.nawpush.com/tags/46445?version_name=d

45.133.44.25

200 OK

578 B

URL GET HTTP/2
na.nawpush.com/tags/46445?version_name=d
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerLet's Encrypt
Subjectna.nawpush.com
Fingerprint06:8A:2E:29:09:91:41:F0:6E:1C:15:DE:41:23:FB:9C:E4:5B:47:B0
ValidityMon, 03 Apr 2023 01:01:43 GMT - Sun, 02 Jul 2023 01:01:42 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (655), with no line terminators
Size
578 B (578 bytes)
Hash
23c5177c1ebb159deb143f673f6a812d
ad975e58fea8c358e66fd0900eb76f2a45aaf1f6
92f9ff1eba505ee14f479695a9ee48be4e4f04e096cb42d6c6918a5ffb0f17b2

HTTP Headers

GET /tags/46445?version_name=d HTTP/1.1
Host: na.nawpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:26 GMT
content-type: application/json
content-length: 578
server: nginx/1.18.0
cache-control: max-age=300, public
x-proxy-cache: EXPIRED
access-control-allow-origin: *
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/animate.css

172.64.196.23

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/animate.css
IP
172.64.196.23:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
ASCII text
Size
79 kB (79249 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/notifications/software/us/norton/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:45:00 GMT
etag: W/"602d01bc-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 104068
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B7z3x%2FQRtjPpWYh5tFBk5p0Gt3K6u%2BYWrFbudj3Tuzw%2B9fd7EQKBl%2BPZLOdlG%2FyBaRQwVyz6H5yyJ2GgCJ4J0Bf5rm1n4obojPmrcR2hOHJg3GnB1ZbYsS2rDpKno5rn%2BUXQezd4lkIJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbf4d31ec354133-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/style.css

172.64.196.23

200 OK

2.3 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/css/style.css
IP
172.64.196.23:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
ASCII text, with very long lines (2472), with no line terminators
Size
2.3 kB (2311 bytes)
Hash
50a727839c0d5c323ac1e5a8b32e5838
ab2dbb07e2f14e3010b7bcb8cf276a17bc681bcd
cb2dc4b9bfac73114f274ed68a9d7fe3efe6db932ea3958a29f255337f050489

HTTP Headers

GET /sb/notifications/software/us/norton/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfiles.eu
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:44:59 GMT
etag: W/"602d01bb-907"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 104068
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x1%2FvAvhZybakManSqZRmBQvS3sIjZh3qwBmIGeUgtJTmj%2FHWM6pgFoeq0O%2F5zM56AO0k5mAXHowOBm9GNZttQJWmH9DrT6fUFolWf5QON5xP34a4GA2g1AoHSejatUGRmSutyNcYi17w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbf4d324cb74133-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/bg.jpg

172.64.196.23

200 OK

58 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/notifications/software/us/norton/1/img/bg.jpg
IP
172.64.196.23:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=250, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=970], progressive, precision 8, 970x250, components 3\012- data
Size
58 kB (58368 bytes)
Hash
93db86920aaf5aa1cb2f1b727b06dfe8
bce81c9da296929263f7ec1e606616a97ab42b9d
d67bdc40107fb5f7db687092375adbce71dcf6faec40d1c5c9c50c3c9e6d5ca7

HTTP Headers

GET /sb/notifications/software/us/norton/1/img/bg.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 23 May 2023 18:18:27 GMT
content-type: image/jpeg
content-length: 58368
last-modified: Wed, 17 Feb 2021 11:45:02 GMT
etag: "602d01be-e400"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 16344721
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xOm3Kj%2BRMqhiMQcdgPs7aRnLCOiDuOM4v7EyXagHIPZKnGVW8UpSXWuiwzdIghQiu%2F%2BMxbqsVGDnPEkqS%2F6AgwlyOoK3gCj1%2FKizQlhQ1z%2Fdx3u614O1w5wKw5O5f8%2B3ltpVgtXXn0LW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbf4d336b387315-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

friendshipmale.com/sfp.js

172.64.140.24

200 OK

86 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
172.64.140.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfiles.eu/files/521a65ryj/PayDay2_v-1431.exe
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type

Size
86 kB (85467 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dfiles.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 May 2023 18:18:26 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 0c1ddb9b39ac2dcb43ebce458f28a0a9
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 23 May 2023 18:18:25 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t2zabbS5yB6nZHlCZEnai1NWzQKhqm473MWiHUy2kalR3y2VaL70tFvHHt8MeHlB9lF536046T5flrL7xDqpKJXzmSadC9VvwMXVdaGYI9Jm8MFcy3pJulAhrP55lLnzxQMKopE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cbf4d281bf6240e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (39)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by