Report - anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe

Report Overview

Submitted URL
anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
IP
135.181.248.190
ASN
#24940 Hetzner Online GmbH
Submitted
2024-05-04 14:13:27
Access
public
Website Title
Liliths_Throne_v0.4.9.5_exe_version.zip - AnonZip.com
Final URL
anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
60

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-04	5.4 kB	333 kB	142.250.74.163
fleraprt.com	unknown	2022-01-14	2022-01-14	2024-05-03	561 B	479 B	139.45.195.254
gishejuy.com	unknown	2023-10-25	2023-10-25	2024-05-03	5.2 kB	88 kB	139.45.197.242
externalde.com	unknown	2024-02-28	2024-02-28	2024-05-03	655 B	1.7 kB	104.21.9.15
offerimage.com	304078	2019-06-10	2019-06-10	2024-05-02	1.3 kB	55 kB	104.22.32.172
securedpeacomm.com	unknown	2023-02-27	2023-02-27	2024-05-03	673 B	4.3 kB	104.21.64.36
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-03	418 B	102 kB	142.250.74.72
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-04	1.3 kB	48 kB	142.250.74.106
tzegilo.com	unknown	2022-01-14	2022-01-14	2024-05-02	392 B	8.3 kB	172.67.193.52
veepteero.com	unknown	2023-05-08	2023-05-09	2024-04-30	1.5 kB	6.9 kB	139.45.197.242
alwingulla.com	unknown	2023-05-22	2023-05-22	2024-04-30	400 B	82 kB	104.21.72.155
anonzip.com	unknown	2024-01-04	2024-02-18	2024-04-18	17 kB	1.2 MB	135.181.248.190
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-03	455 B	740 B	139.45.195.8
cameesse.net	unknown	2023-10-18	2023-10-18	2024-05-02	7.1 kB	190 kB	139.45.197.242
aistekso.net	unknown	2023-10-16	2023-10-16	2024-04-30	3.6 kB	112 kB	139.45.197.244
moonoafy.net	unknown	2024-01-09	2024-01-09	2024-04-30	3.4 kB	109 kB	139.45.197.250
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-05-03	991 B	1.1 kB	139.45.197.250
track.jefytrack.com	unknown	2023-07-04	2023-09-05	2024-05-02	742 B	1.1 kB	143.204.55.105
lkbx.me	117868	2020-11-24	2020-12-14	2024-05-03	496 B	1.4 kB	47.89.248.255

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	moonoafy.net	Sinkholed
2024-05-04	medium	cameesse.net	Sinkholed
2024-05-04	medium	moonoafy.net	Sinkholed
2024-05-04	medium	moonoafy.net	Sinkholed
2024-05-04	medium	fleraprt.com	Sinkholed
2024-05-04	medium	moonoafy.net	Sinkholed
2024-05-04	medium	tzegilo.com	Sinkholed
2024-05-04	medium	cameesse.net	Sinkholed
2024-05-04	medium	aistekso.net	Sinkholed
2024-05-04	medium	veepteero.com	Sinkholed
2024-05-04	medium	amunfezanttor.com	Sinkholed
2024-05-04	medium	moonoafy.net	Sinkholed
2024-05-04	medium	amunfezanttor.com	Sinkholed
2024-05-04	medium	cameesse.net	Sinkholed
2024-05-04	medium	cameesse.net	Sinkholed
2024-05-04	medium	gishejuy.com	Sinkholed
2024-05-04	medium	aistekso.net	Sinkholed
2024-05-04	medium	gishejuy.com	Sinkholed
2024-05-04	medium	aistekso.net	Sinkholed
2024-05-04	medium	gishejuy.com	Sinkholed
2024-05-04	medium	gishejuy.com	Sinkholed
2024-05-04	medium	cameesse.net	Sinkholed
2024-05-04	medium	aistekso.net	Sinkholed
2024-05-04	medium	veepteero.com	Sinkholed
2024-05-04	medium	moonoafy.net	Sinkholed
2024-05-04	medium	cameesse.net	Sinkholed
2024-05-04	medium	gishejuy.com	Sinkholed
2024-05-04	medium	moonoafy.net	Sinkholed
2024-05-04	medium	cameesse.net	Sinkholed
2024-05-04	medium	alwingulla.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (25)

	URL	Size	First Seen	Last Seen
	moonoafy.net/pfe/current/tag.min.js?z=7406592	15 kB	2024-04-25	2024-05-14
Pretty URL moonoafy.net/pfe/current/tag.min.js?z=7406592 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:19:47 Last Seen2024-05-14 14:21:41 Times Seen215 Hash ffdd38e0a5a1a47cb341a116a3318e0e 2fd730feff506cf56e14c531e9d89cdea2cca424 7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c Loading...

	tzegilo.com/stattag.js	19 kB	2024-02-10	2024-05-18
Pretty URL tzegilo.com/stattag.js IP 172.67.193.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-10 03:00:18 Last Seen2024-05-18 08:35:29 Times Seen1786 Hash 70ebd404c2e1e7bad13998538b56887c 86e57af8ba3cfc2c004da3311835f6b54ba6d848 d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f Loading...

	gishejuy.com/400/7406589	84 kB	2024-05-04	2024-05-04
Pretty URL gishejuy.com/400/7406589 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 16:13:29 Last Seen2024-05-04 16:13:30 Times Seen2 Hash 6e9e3daa99aace4bfa7ffbdd91ed9c62 14e6b0db06a96013a1d8674a5d9edaf9dd19f389 64abc616ce5e436ce0c8b5cfb7efed03e3723b64a3f03b57c3c6860fa14a5741 Loading...

	anonzip.com/themes/spirit/assets/frontend/js/countdown.min.js	5.4 kB	2023-03-07	2024-05-18
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/countdown.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-18 12:16:15 Times Seen1096 Hash 76a923d3d69255c45cd24bf9b100244f eb3c96f9901692f1a03500ea632963a16afdb985 8f195573d6fa06641814b476fea2b92579c983cac46d683f356238207692c9f5 Loading...

	alwingulla.com/88/tag.min.js	81 kB	2024-05-04	2024-05-05
Pretty URL alwingulla.com/88/tag.min.js IP 104.21.72.155 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 00:02:57 Last Seen2024-05-05 12:14:36 Times Seen29 Hash d8fe6d8977be78f78ee48c068b8c8686 e9c96bfc9bcd374f528f73c0441c2358d6d1d135 43423a879e310562ceed423aa563f4fac45713e6f59b0517d897e2c96a42993b Loading...

	anonzip.com/themes/spirit/assets/frontend/js/cookiealert.js	1.8 kB	2023-03-07	2024-05-18
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/cookiealert.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:47:38 Last Seen2024-05-18 11:02:22 Times Seen5558 Hash 81279e22c8ece9e1d0536a402484daa3 911797507fb12d4f451d5900e32db96ad697c401 5c6237178e88ab7f1c6e26c9e99547e58782450b8f2a182129448ff4d99e89ab Loading...

	anonzip.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js	70 kB	2023-03-07	2024-05-18
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-18 12:16:17 Times Seen675 Hash 6fda19caa29287e6f584f0557fdeb6d4 40f58160090cd1f022704ee1352b343adb9e73b9 8ef749c3869991924150dc932c48cd57bf69ac25a378bb2e14f8e1733c17406f Loading...

	anonzip.com/themes/spirit/assets/frontend/js/typed.min.js	3.9 kB	2023-03-07	2024-05-18
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/typed.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-18 12:16:16 Times Seen6132 Hash 2f6185a8a32a50b2b3e04849f44359d4 0e5501588c5c0d1c9462f34b0d56c21abff5bfef 914df93a9770d8a0e132b6ce3e8f1cfba0e0fae8f3b9002a3f0eb47c3d0cc97b Loading...

	anonzip.com/themes/spirit/assets/frontend/js/scripts.js	115 kB	2023-03-07	2024-05-18
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/scripts.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-18 08:05:34 Times Seen425 Hash ce260d2170faf98639ab8e0e3758f1e2 32eeb82a44bf0bce2df78eafae9f2e9ff8d72e1f ac331833ebf1c06b0f8565caaeb4760c2184bd89d1cb5574c3947a8d0b6dca1c Loading...

	www.googletagmanager.com/gtag/js?id=G-GWR0PX9LQC	306 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-GWR0PX9LQC IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 16:13:29 Last Seen2024-05-04 16:13:29 Times Seen2 Hash 99abeed7466fe9b13884c215edeabfd8 b1ddae8e562d5486856df623f8dd7bbed057332f 00394e436d6e5bf44e92d58fc487cfe65624c0114265a80078c352ed0ba07e86 Loading...

	aistekso.net/401/7406591	91 kB	2024-05-04	2024-05-04
Pretty URL aistekso.net/401/7406591 IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 16:13:29 Last Seen2024-05-04 16:13:30 Times Seen2 Hash ece1af3b0e3144fe14d20a3a373fe0cf f991125d21f4dc941edb3505c12517a3e6fe94f6 6761677568c3f97d8e53a27757c61acde40c20e511ca29d07979db77f108d64e Loading...

	cameesse.net/1?z=7406590	43 kB	2024-05-04	2024-05-04
Pretty URL cameesse.net/1?z=7406590 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 16:13:29 Last Seen2024-05-04 16:13:29 Times Seen1 Hash a829390069796f932259e52bc2199d9b 016b5c7ad418c833eb4a557fbfd2dedd39b9375d 3ee129d0e20318de7004a8402efe4dca13a96655e7b42ca86bb12b6ab74fa088 Loading...

	lkbx.me/4KqY7?uid=w78hsnqua6mmt6213fvqrr0q	0 B	2023-03-07	2024-05-18
Pretty URL lkbx.me/4KqY7?uid=w78hsnqua6mmt6213fvqrr0q IP 47.89.248.255 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 12:45:12 Times Seen37785237 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	anonzip.com/themes/spirit/assets/frontend/js/flickity.min.js	54 kB	2023-03-07	2024-05-18
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/flickity.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-18 12:16:16 Times Seen669 Hash 8c1e666176ac7bdce67d58b45823ffac 75947e4316427ce0c5e33300aeb4dc4d7d54dd09 c0b706b9b1ca12b631496228a0eb0fe15ccb14f21ab554f6c4b4f20474e4d3a6 Loading...

	anonzip.com/themes/spirit/assets/frontend/js/datepicker.js	21 kB	2023-03-07	2024-05-18
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/datepicker.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-18 11:02:22 Times Seen6115 Hash 8cfe207a6a21c7495cfb751c761217a6 35d686a6c4ecc9946c35444ce93e110cb0e1611c 804e3c2608de23694fa71684178e2f9815115d56ee022ec770e1fcb208847acc Loading...

	unknown	90 kB	2024-04-25	2024-05-14
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:19:47 Last Seen2024-05-14 14:21:41 Times Seen281 Hash 4caad44ecc6a13eba45b63ed7cf9e387 e67dfe90bebd5447495d8fe962d03e55f6d13071 66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00 Loading...

	cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a	413 kB	2024-04-11	2024-05-18
Pretty URL cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-11 13:26:00 Last Seen2024-05-18 12:16:17 Times Seen252 Hash 297cc248309ba835cf13a1f82fd3f938 1e6f51ce257a0ee53e25280dd44092ed33339847 b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7 Loading...

	anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip	44 B	2023-03-07	2024-05-18
Pretty URL anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-18 11:02:22 Times Seen3183 Hash 21d884540875fb4d2b8f280c541d092c 9f2a58bb4ff1897269b2df54e333ce35d4435b91 8f75c65a00382bae7799a76f3517023df9a72035e9b469e95469b028d4bd0d0a Loading...

	anonzip.com/themes/spirit/assets/frontend/js/granim.min.js	11 kB	2023-03-07	2024-05-18
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/granim.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-18 12:16:16 Times Seen675 Hash 714368d20c70f8c91b0a596e128dac07 563954ec3a896fc129d014f01836245829f6d01d e70b27194b8793b68cccee28a6d8a1e39aae2ce5d28d5e71ac204d7a3ac164e3 Loading...

	anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip	927 B	2024-05-04	2024-05-04
Pretty URL anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 16:13:29 Last Seen2024-05-04 16:13:29 Times Seen1 Hash a317629c599aca9988a0007f0ee262b2 a05d63580d6330a3b809582590b0f1fb6769d20d fbf00c50f358a4b63add5a4d448cd1c2c5fb2fc4d8c6c7cb25b6efa16b1b515a Loading...

	anonzip.com/themes/spirit/assets/frontend/js/jquery.steps.min.js	14 kB	2023-03-07	2024-05-18
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/jquery.steps.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-18 12:16:17 Times Seen701 Hash 0eef6fe46d14f860d5666d2c7b13a564 7ab5f7deaca2f71efbc3bf9f5ba27b89d4697dbe 95a14a4473ff130eb29f3cc02e135978505655e3c931b6c3726dedd4f558f843 Loading...

	anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip	292 B	2023-03-07	2024-05-18
Pretty URL anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-18 12:16:16 Times Seen3287 Hash f6038f840321581380bcf8e68fbec2ed 9c64ca84baabd04b9994597b90882d8ec7158ba2 fc7d223cc022e6a00869dea89642667579b0ca033afb07bb0070c7b7a0fd23c3 Loading...

	anonzip.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js	87 kB	2023-03-07	2024-05-18
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:28 Last Seen2024-05-18 12:16:17 Times Seen7673 Hash 5b5a269bd363e0886c17d855c2aab241 042dd055cd289215835a58507c9531f808e1648a 1cf30e59d21d4ae560af7143f5913efcc8222bcaa4fcc7508eb802b5faa9e94e Loading...

	anonzip.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js	6.0 kB	2023-03-07	2024-05-18
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-18 12:16:16 Times Seen574 Hash c9e3a210d83398f301b3a7049c259676 8e227bb40fe120841829a7fef0ffeb091d179a91 aeda362b1d693480453b895cbcf8b92629f58240c42ba8c643f0d5d338baf805 Loading...

	anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip	153 B	2024-04-27	2024-05-18
Pretty URL anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-27 19:33:14 Last Seen2024-05-18 08:05:34 Times Seen53 Hash ebe6363c450e15741bfd266f056b7edd f27cab116d6ddcd32461aff593ac5dc540733b65 8a7acc7ff41204b7b271b201840225ed7ac744a12486add35ca7bbfc06baf9f6 Loading...

HTTP Transactions (83)

URL IP Response Size

anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip

135.181.248.190

200 OK

4.7 kB

URL User Request GET HTTP/1.1
anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
4.7 kB (4688 bytes)
Hash
747e61f5bc5055fa5c8ca5aa93953235
1b7656bef1607d63bc259691990962c4e917989c
b10d060b9bb40993da688dbdd184c6773d178b918453f5ffbb2d96a75ab88ec8

HTTP Headers

GET /114C/Liliths_Throne_v0.4.9.5_exe_version.zip HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: filehosting=okggsl4452kkel4mfrf260vekk; expires=Sun, 05-May-2024 14:12:59 GMT; Max-Age=86400; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, no-cache, private
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Encoding: gzip

anonzip.com/themes/spirit/assets/frontend/css/bootstrap.min.css

135.181.248.190

200 OK

77 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/bootstrap.min.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with very long lines (65319), with CRLF line terminators
Size
77 kB (76922 bytes)
Hash
9b67b9ffbfcbe226a8c413fa740fd91c
7837bd0c312897e46311aaf472947f3e23d75df2
2642f94894419d1cebdc4a010b9380a7403063dd6d28ea8a80bd5ebd01186732

HTTP Headers

GET /themes/spirit/assets/frontend/css/bootstrap.min.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: text/css
Content-Length: 76922
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-12c7a"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/jquery.steps.css

135.181.248.190

200 OK

6.0 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/jquery.steps.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with CRLF line terminators
Size
6.0 kB (6019 bytes)
Hash
25cfe48e07622a00154b677afcbaeb47
23e3ae1bd04ad1d00d25d30e39815104ceeae52f
709debbdebf13d8d6c85571caee6e44629142518e9336ed1aa01d6e94ab4d056

HTTP Headers

GET /themes/spirit/assets/frontend/css/jquery.steps.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: text/css
Content-Length: 6019
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-1783"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/stack-interface.css

135.181.248.190

200 OK

3.2 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/stack-interface.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
3.2 kB (3160 bytes)
Hash
4541b29b6040bc31b760f98e914fd1d7
0521a4f98cdf5e1fde3eeb9cae64fd39075cd9ba
6910b6609166588208a24355d3c3666140dd0d7fcb3884b31eedb72773e44794

HTTP Headers

GET /themes/spirit/assets/frontend/css/stack-interface.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: text/css
Content-Length: 3160
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-c58"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/socicon.css

135.181.248.190

200 OK

9.8 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/socicon.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with CRLF line terminators
Size
9.8 kB (9838 bytes)
Hash
910a42ce112991b31b30a735f1006a5f
6c8b4769270f1c86bb1c7a6b54325465395ba614
010e6ffb18715ededb10c4ae5a8518475c138fb63b83ec1c125d09b714ccdd8b

HTTP Headers

GET /themes/spirit/assets/frontend/css/socicon.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: text/css
Content-Length: 9838
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-266e"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/lightbox.min.css

135.181.248.190

200 OK

3.9 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/lightbox.min.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with CRLF line terminators
Size
3.9 kB (3889 bytes)
Hash
30265c8089a8f3e871d0873ef6a5b944
2804a2fe5a6a956626ce6a46adf6b1a0676ee13d
f9f33dca7f9a5a735a0a03502993e0a092df81d820beb1ed4071e4611a9630ed

HTTP Headers

GET /themes/spirit/assets/frontend/css/lightbox.min.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: text/css
Content-Length: 3889
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-f31"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/cookiealert.css

135.181.248.190

200 OK

12 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/cookiealert.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with very long lines (11486), with CRLF line terminators
Size
12 kB (12369 bytes)
Hash
3d2946aeae3cc8f43e2acf82ea029bd4
c25a0bd445ff9e6034d34e8f388f5565515a2783
705d9fc8952ac3bf3d9300e3d9ea6753284cdd920c34be0213ec8bc862df7a28

HTTP Headers

GET /themes/spirit/assets/frontend/css/cookiealert.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: text/css
Content-Length: 12369
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-3051"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/custom.css

135.181.248.190

200 OK

8.9 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/custom.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
8.9 kB (8936 bytes)
Hash
65417cde74809cb9b9e66d0ab4adc448
9729ccac013729aed790fdc25d71d858f50a137b
c8dee41785c1f45859a70f3bb9a65b3cba83d866dd46ca0096d07067fec9d280

HTTP Headers

GET /themes/spirit/assets/frontend/css/custom.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: text/css
Content-Length: 8936
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-22e8"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/flickity.css

135.181.248.190

200 OK

2.5 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/flickity.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with CRLF line terminators
Size
2.5 kB (2521 bytes)
Hash
244d315064064270eabbbb7ac9f6c700
21ad53d3efbb40154293190173ee0c497ed7651c
ff5fe542e37297733305fb7e68a41b3269a681d64145945f2131a646044c016a

HTTP Headers

GET /themes/spirit/assets/frontend/css/flickity.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: text/css
Content-Length: 2521
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-9d9"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js

135.181.248.190

200 OK

87 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (32030), with CRLF line terminators
Size
87 kB (86713 bytes)
Hash
5b5a269bd363e0886c17d855c2aab241
042dd055cd289215835a58507c9531f808e1648a
1cf30e59d21d4ae560af7143f5913efcc8222bcaa4fcc7508eb802b5faa9e94e

HTTP Headers

GET /themes/spirit/assets/frontend/js/jquery-3.1.1.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: application/javascript
Content-Length: 86713
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-152b9"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/font-awesome.min.css

135.181.248.190

200 OK

59 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/font-awesome.min.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with very long lines (58929), with CRLF line terminators
Size
59 kB (59119 bytes)
Hash
879812fc22af75aa3ae7b5666ca4f4b8
df27469a952b7ee36cc03db471c6198f577186a8
c5d7f0d9e646698b20734ce6dcc2c0a8ecf6ebe27b4b7625bfcf42c4416fb7ed

HTTP Headers

GET /themes/spirit/assets/frontend/css/font-awesome.min.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: text/css
Content-Length: 59119
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-e6ef"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/flickity.min.js

135.181.248.190

200 OK

54 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/flickity.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (32032), with CRLF line terminators
Size
54 kB (53873 bytes)
Hash
8c1e666176ac7bdce67d58b45823ffac
75947e4316427ce0c5e33300aeb4dc4d7d54dd09
c0b706b9b1ca12b631496228a0eb0fe15ccb14f21ab554f6c4b4f20474e4d3a6

HTTP Headers

GET /themes/spirit/assets/frontend/js/flickity.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: application/javascript
Content-Length: 53873
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-d271"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/theme.css

135.181.248.190

200 OK

206 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/theme.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
206 kB (206456 bytes)
Hash
e13b70f9d6654b3656aec5b1bd5ae02a
903010ac4b9034f6839847a20ecd0f5a728b2b96
8a10549eed29cff62aa0098311b5c1c37601577a11de64f72095aacb90715c8a

HTTP Headers

GET /themes/spirit/assets/frontend/css/theme.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: text/css
Content-Length: 206456
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-32678"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/theme/charcoal.css

135.181.248.190

200 OK

206 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/theme/charcoal.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
206 kB (206493 bytes)
Hash
08f6281c909985fb24a5e3ad2be6753a
3a2f1161f8aea5fab0f54b64f43f293d9f1316c3
dbe98b73866341078c596a42b87af67c03a79cf591d02467842939ce0848a55d

HTTP Headers

GET /themes/spirit/assets/frontend/css/theme/charcoal.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: text/css
Content-Length: 206493
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-3269d"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/typed.min.js

135.181.248.190

200 OK

3.9 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/typed.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (3949), with no line terminators
Size
3.9 kB (3949 bytes)
Hash
2f6185a8a32a50b2b3e04849f44359d4
0e5501588c5c0d1c9462f34b0d56c21abff5bfef
914df93a9770d8a0e132b6ce3e8f1cfba0e0fae8f3b9002a3f0eb47c3d0cc97b

HTTP Headers

GET /themes/spirit/assets/frontend/js/typed.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: application/javascript
Content-Length: 3949
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-f6d"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/datepicker.js

135.181.248.190

200 OK

21 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/datepicker.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (12692), with CRLF line terminators
Size
21 kB (20975 bytes)
Hash
8cfe207a6a21c7495cfb751c761217a6
35d686a6c4ecc9946c35444ce93e110cb0e1611c
804e3c2608de23694fa71684178e2f9815115d56ee022ec770e1fcb208847acc

HTTP Headers

GET /themes/spirit/assets/frontend/js/datepicker.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: application/javascript
Content-Length: 20975
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-51ef"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/granim.min.js

135.181.248.190

200 OK

11 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/granim.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (10573), with CRLF line terminators
Size
11 kB (10635 bytes)
Hash
714368d20c70f8c91b0a596e128dac07
563954ec3a896fc129d014f01836245829f6d01d
e70b27194b8793b68cccee28a6d8a1e39aae2ce5d28d5e71ac204d7a3ac164e3

HTTP Headers

GET /themes/spirit/assets/frontend/js/granim.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: application/javascript
Content-Length: 10635
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-298b"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/jquery.steps.min.js

135.181.248.190

200 OK

14 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/jquery.steps.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (13686), with CRLF line terminators
Size
14 kB (13862 bytes)
Hash
0eef6fe46d14f860d5666d2c7b13a564
7ab5f7deaca2f71efbc3bf9f5ba27b89d4697dbe
95a14a4473ff130eb29f3cc02e135978505655e3c931b6c3726dedd4f558f843

HTTP Headers

GET /themes/spirit/assets/frontend/js/jquery.steps.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: application/javascript
Content-Length: 13862
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-3626"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js

135.181.248.190

200 OK

6.0 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (4887), with CRLF line terminators
Size
6.0 kB (6028 bytes)
Hash
c9e3a210d83398f301b3a7049c259676
8e227bb40fe120841829a7fef0ffeb091d179a91
aeda362b1d693480453b895cbcf8b92629f58240c42ba8c643f0d5d338baf805

HTTP Headers

GET /themes/spirit/assets/frontend/js/smooth-scroll.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: application/javascript
Content-Length: 6028
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-178c"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js

135.181.248.190

200 OK

70 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (768), with CRLF line terminators
Size
70 kB (69754 bytes)
Hash
6fda19caa29287e6f584f0557fdeb6d4
40f58160090cd1f022704ee1352b343adb9e73b9
8ef749c3869991924150dc932c48cd57bf69ac25a378bb2e14f8e1733c17406f

HTTP Headers

GET /themes/spirit/assets/frontend/js/jquery.dataTables.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: application/javascript
Content-Length: 69754
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-1107a"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/iconsmind.css

135.181.248.190

200 OK

103 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/iconsmind.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with CRLF line terminators
Size
103 kB (102727 bytes)
Hash
c9b1c618a7b12bd7ecf6034164b29164
f7a4a8bbc3aab1d7bb44659c40a8702f3aa56c99
fc190f724340fc20fd1d175f49c70e70f4acfdd9303ae4f68d9765a2a5958d9b

HTTP Headers

GET /themes/spirit/assets/frontend/css/iconsmind.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: text/css
Content-Length: 102727
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-19147"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/countdown.min.js

135.181.248.190

200 OK

5.4 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/countdown.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (4136), with CRLF line terminators
Size
5.4 kB (5360 bytes)
Hash
76a923d3d69255c45cd24bf9b100244f
eb3c96f9901692f1a03500ea632963a16afdb985
8f195573d6fa06641814b476fea2b92579c983cac46d683f356238207692c9f5

HTTP Headers

GET /themes/spirit/assets/frontend/js/countdown.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: application/javascript
Content-Length: 5360
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-14f0"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/scripts.js

135.181.248.190

200 OK

115 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/scripts.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (914), with CRLF line terminators
Size
115 kB (114862 bytes)
Hash
ce260d2170faf98639ab8e0e3758f1e2
32eeb82a44bf0bce2df78eafae9f2e9ff8d72e1f
ac331833ebf1c06b0f8565caaeb4760c2184bd89d1cb5574c3947a8d0b6dca1c

HTTP Headers

GET /themes/spirit/assets/frontend/js/scripts.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: application/javascript
Content-Length: 114862
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-1c0ae"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/cookiealert.js

135.181.248.190

200 OK

1.8 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/cookiealert.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
1.8 kB (1836 bytes)
Hash
81279e22c8ece9e1d0536a402484daa3
911797507fb12d4f451d5900e32db96ad697c401
5c6237178e88ab7f1c6e26c9e99547e58782450b8f2a182129448ff4d99e89ab

HTTP Headers

GET /themes/spirit/assets/frontend/js/cookiealert.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:12:59 GMT
Content-Type: application/javascript
Content-Length: 1836
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-72c"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/images/logo/logo-whitebg.png

135.181.248.190

200 OK

6.2 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/images/logo/logo-whitebg.png
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
PNG image data, 588 x 94, 8-bit colormap, non-interlaced
Size
6.2 kB (6221 bytes)
Hash
6c1e20bb65960360a6d1782e017c9314
d864c40dbd565e934fddeea36938456d6a26982c
fafe927a322a36285028582aa429b7c47877cad76d2783d2b6ba3155e66bf9c6

HTTP Headers

GET /themes/spirit/assets/images/logo/logo-whitebg.png HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:13:00 GMT
Content-Type: image/png
Content-Length: 6221
Last-Modified: Sun, 04 Feb 2024 12:00:04 GMT
Connection: keep-alive
ETag: "65bf7c44-184d"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/images/logo/logo.png

135.181.248.190

200 OK

6.2 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/images/logo/logo.png
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
PNG image data, 588 x 94, 8-bit colormap, non-interlaced
Size
6.2 kB (6204 bytes)
Hash
ecb7f5dbe1eee9fcc3d5839f7d2bb2fb
59c65d814622d7ea901cd367b4114cea05fdf1b9
d53d70c5ee49ccc36c86eca632815e1eb254786c4041b228196bb8c0cb635b20

HTTP Headers

GET /themes/spirit/assets/images/logo/logo.png HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:13:00 GMT
Content-Type: image/png
Content-Length: 6204
Last-Modified: Sun, 04 Feb 2024 11:52:58 GMT
Connection: keep-alive
ETag: "65bf7a9a-183c"
Accept-Ranges: bytes

www.googletagmanager.com/gtag/js?id=G-GWR0PX9LQC

142.250.74.72

200 OK

102 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-GWR0PX9LQC
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
102 kB (101615 bytes)
Hash
99abeed7466fe9b13884c215edeabfd8
b1ddae8e562d5486856df623f8dd7bbed057332f
00394e436d6e5bf44e92d58fc487cfe65624c0114265a80078c352ed0ba07e86

HTTP Headers

GET /gtag/js?id=G-GWR0PX9LQC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 14:13:00 GMT
expires: Sat, 04 May 2024 14:13:00 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 101615
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

anonzip.com/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631

135.181.248.190

200 OK

4.3 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
Web Open Font Format (Version 2), TrueType, length 4292, version 1.0
Size
4.3 kB (4292 bytes)
Hash
ae072782b361d2afdbf43db08d3cfb73
f3db2e65b53d97491672f8631e21d6d05905cc88
31205df908aed9881f6d2d3ae7d38975252bf99e38268978b4236dc3c314754b

HTTP Headers

GET /themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631 HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/themes/spirit/assets/frontend/css/stack-interface.css
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:13:00 GMT
Content-Type: application/octet-stream
Content-Length: 4292
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-10c4"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/fonts/font-awesome/fa-solid-900.woff2

135.181.248.190

200 OK

80 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/fonts/font-awesome/fa-solid-900.woff2
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
Web Open Font Format (Version 2), TrueType, length 80148, version 331.17301
Size
80 kB (80148 bytes)
Hash
c500da19d776384ba69573ae6fe274e7
6290834672aba86d5b6c1c73b30b57c9c53996f7
cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658

HTTP Headers

GET /themes/spirit/assets/frontend/fonts/font-awesome/fa-solid-900.woff2 HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/themes/spirit/assets/frontend/css/font-awesome.min.css
Cookie: filehosting=okggsl4452kkel4mfrf260vekk
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:13:00 GMT
Content-Type: application/octet-stream
Content-Length: 80148
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-13914"
Accept-Ranges: bytes

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

812 B

URL GET HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
812 B (812 bytes)
Hash
878958f27fcd0bac90e34a4cc795d80e
885bdd89646e17385e25ab69254d890022a85e2b
1a5f432f0280d4609b5ac662f2d493c1c2850dd5da6a91317fb8e43db9681a0a

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 14:13:00 GMT
date: Sat, 04 May 2024 14:13:00 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 04:59:42 GMT
expires: Sun, 04 May 2025 04:59:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
age: 33198
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 04:59:42 GMT
expires: Sun, 04 May 2025 04:59:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
age: 33198
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 04:59:42 GMT
expires: Sun, 04 May 2025 04:59:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
age: 33198
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 04:59:42 GMT
expires: Sun, 04 May 2025 04:59:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
age: 33198
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 04:59:42 GMT
expires: Sun, 04 May 2025 04:59:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
age: 33198
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2

142.250.74.163

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19280, version 1.0
Size
19 kB (19280 bytes)
Hash
386fb59be54b2d819064af98e57cc226
9e2d14d736be97ec84bfca3513558450cd6e3249
b4855cc8ec721cbaf27f3c907345e101b1524858221c14faa79df34cb2f84991

HTTP Headers

GET /s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19280
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:49:12 GMT
expires: Fri, 02 May 2025 01:49:12 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:02:23 GMT
content-type: font/woff2
age: 217428
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16516, version 1.0
Size
16 kB (16516 bytes)
Hash
02ea59496b25ec14db0cd442451bf9f7
4266d37e1db030954b04cd1cf3ec06591d75fcab
dc0387c80ff53df47ca7ec19db75224fdb90a230f6cb06605563590b9791bf95

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16516
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:24:56 GMT
expires: Fri, 02 May 2025 02:24:56 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:02:21 GMT
content-type: font/woff2
age: 215284
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16516, version 1.0
Size
16 kB (16516 bytes)
Hash
02ea59496b25ec14db0cd442451bf9f7
4266d37e1db030954b04cd1cf3ec06591d75fcab
dc0387c80ff53df47ca7ec19db75224fdb90a230f6cb06605563590b9791bf95

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16516
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:24:56 GMT
expires: Fri, 02 May 2025 02:24:56 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:02:21 GMT
content-type: font/woff2
age: 215284
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

anonzip.com/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png

135.181.248.190

200 OK

5.0 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
5.0 kB (5016 bytes)
Hash
a9a8c24cea41bed7ef78ed1d12d48291
cd86d71e15b97ab602e0e39bb6e9bbaf6779f4d7
3b379c83d1c0b117cec88debed9390723daffc2fb99cf51cc2175c47169d190e

HTTP Headers

GET /themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk; _ga_GWR0PX9LQC=GS1.1.1714831980.1.0.1714831980.0.0.0; _ga=GA1.1.1547968634.1714831980
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:13:00 GMT
Content-Type: image/png
Content-Length: 5016
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-1398"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/img/favicon/favicon-16x16.png

135.181.248.190

200 OK

447 B

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/img/favicon/favicon-16x16.png
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
447 B (447 bytes)
Hash
f3d5da06fe8d5a2425d5d229285e5eea
01032b864f3c74bbf44771e2ba41eeb2251fad90
d11d596429d3543bfb07191a87a67a8c22e198113c6f3a109158a5a85bf82f26

HTTP Headers

GET /themes/spirit/assets/frontend/img/favicon/favicon-16x16.png HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Cookie: filehosting=okggsl4452kkel4mfrf260vekk; _ga_GWR0PX9LQC=GS1.1.1714831980.1.0.1714831980.0.0.0; _ga=GA1.1.1547968634.1714831980
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:13:00 GMT
Content-Type: image/png
Content-Length: 447
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-1bf"
Accept-Ranges: bytes

my.rtmark.net/gid.js?userId=008052728b66436ffbff12c8aa32a08f

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=008052728b66436ffbff12c8aa32a08f
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
9319f84a5de0f96f8c77e4d1c52a22b3
7368f807e3a98fe2ff6e1f52bed7e9f64ef8e6e1
1f5745a78ee48a900fdb7e46e41924673b9a5ab9927df3678f54881cd2f2beb1

HTTP Headers

GET /gid.js?userId=008052728b66436ffbff12c8aa32a08f HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:00 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008052728b66436ffbff12c8aa32a08f; expires=Sun, 04 May 2025 14:13:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

moonoafy.net/zone?pub=0&zone_id=7406592&is_mobile=false&domain=anonzip.com&var=&ymid=&var_3=&tg=0&sw=3.1.504

139.45.197.250

200 OK

880 B

URL GET HTTP/2
moonoafy.net/zone?pub=0&zone_id=7406592&is_mobile=false&domain=anonzip.com&var=&ymid=&var_3=&tg=0&sw=3.1.504
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
880 B (880 bytes)
Hash
7f94d5d772ba5667113992fe1b4e6d39
b07687fc907e973bd066273d441ab0b29a7dd625
50cbbeab07af07d548a556c1e5217d1f03a97f8dba9c76b55461a0835e5bd2a7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zone?pub=0&zone_id=7406592&is_mobile=false&domain=anonzip.com&var=&ymid=&var_3=&tg=0&sw=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: 1d948f6d49b9512e920122d67ed99f01
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a

139.45.197.242

200 OK

131 kB

URL GET HTTP/2
cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
gzip compressed data, max speed, from Unix
Size
131 kB (131053 bytes)
Hash
1426c82c5c238623beb158664efd66c9
6143d397b5f3459d031f292da41473834ecf5f94
6e29a967534aae992088165c3e120f2987d9bbdcbdba7e15ad6ae8e8c0fffa36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27/7552beb94fc0bdff7bbb33cad3d1ab0a HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Cookie: scm=1; OAID=04005253aca34b49f62b265d61ceafbb; oaidts=1714831980
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 675b6052a34b06869c47f6ba157f45fd
cache-control: max-age:290304000, public
last-modified: Tue, 09 Apr 2024 03:16:58 GMT
expires: Tue, 09 May 2084 03:16:58 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

anonzip.com/sw.js

135.181.248.190

200 OK

5.2 kB

URL GET HTTP/1.1
anonzip.com/sw.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (5235)
Size
5.2 kB (5236 bytes)
Hash
f3da3a180b9fcc93796c2e0064f80439
d3155e90b8bb0ccd2db019fa66beebf3f28d9116
2cfd12766505422ce33dad30985158e425f686a6a4e18d8a44e67b7c1af9451f

HTTP Headers

GET /sw.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
DNT: 1
Connection: keep-alive
Cookie: filehosting=okggsl4452kkel4mfrf260vekk; _ga_GWR0PX9LQC=GS1.1.1714831980.1.0.1714831980.0.0.0; _ga=GA1.1.1547968634.1714831980; prefetchAd_7406588=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 14:13:01 GMT
Content-Type: application/javascript
Content-Length: 5236
Last-Modified: Sun, 28 Apr 2024 12:25:27 GMT
Connection: keep-alive
ETag: "662e4037-1474"
Accept-Ranges: bytes

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=8879bce3-b97d-4ee1-a3af-8bf090477551

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=8879bce3-b97d-4ee1-a3af-8bf090477551
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint32:DB:C5:24:21:ED:1D:C3:40:C3:46:9F:CF:EE:98:4D:72:29:4C:3C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Mon, 13 Jan 2025 23:59:59 GMT

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=8879bce3-b97d-4ee1-a3af-8bf090477551 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1425
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 04 May 2024 14:13:01 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://anonzip.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/
Content-Type: application/json
Content-Length: 403
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 461bb8f97e8b094b9bc79dd8b2bbbecc
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

172.67.193.52

200 OK

7.5 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
172.67.193.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint28:2E:D0:DF:04:78:60:5A:D2:5B:1F:EA:59:80:9C:2F:89:C1:9D:D1
ValiditySat, 30 Mar 2024 15:54:48 GMT - Fri, 28 Jun 2024 15:54:47 GMT

File type
JavaScript source, ASCII text, with very long lines (18486)
Size
7.5 kB (7478 bytes)
Hash
70ebd404c2e1e7bad13998538b56887c
86e57af8ba3cfc2c004da3311835f6b54ba6d848
d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 14:13:01 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 18
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EZ7zVScHQWSUsImxoT1PO40g8AiCOLMdK%2BpekAn63MFXuUc%2FR8Od3g0b2uOQnQiQRlQmttTYbpxGp2G2j%2B94KOfTGy4icYxILXSw9CC5B%2Frp0ztHwTM3qplwwbZe%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e916c948dd56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cameesse.net/9?z=7406590&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=008052728b66436ffbff12c8aa32a08f

139.45.197.242

200 OK

0 B

URL POST HTTP/2
cameesse.net/9?z=7406590&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=008052728b66436ffbff12c8aa32a08f
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /9?z=7406590&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=008052728b66436ffbff12c8aa32a08f HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

aistekso.net/500/7406591?excludes=&oaid=008052728b66436ffbff12c8aa32a08f&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.244

200 OK

0 B

URL OPTIONS HTTP/2
aistekso.net/500/7406591?excludes=&oaid=008052728b66436ffbff12c8aa32a08f&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/7406591?excludes=&oaid=008052728b66436ffbff12c8aa32a08f&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

veepteero.com/?rb=lkSaLNQtVqmOv40xxzMw7eSJks3Ccw6ParTyyfOJZGHvIIEzrLJ3OoR5cPxcCZdKN_SqS1jNY5PBfg4LEvSc5-P0YPbef2QNmmhyiw1t1jjnbc8X7A_U3B9hZyfr0ntJm32L_lizjof76BOhEF6dxg8bxztONxYe8E9caMurrq5j7XHp1Fl_93naZcd2LicBZMerR20hfaaBPCa45zNHBc5QuVf-cbbHQBkYPNnihkUTQdgXPzBWlVBnZiF3Ez79FhUn9A%3D%3D&request_ab2=0&zoneid=7406588&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&bs=e72e1b52-9acc-4105-b1bf-47ed870d7e71&wasm=1&userId=008052728b66436ffbff12c8aa32a08f&m=link

139.45.197.242

200 OK

1.9 kB

URL GET HTTP/2
veepteero.com/?rb=lkSaLNQtVqmOv40xxzMw7eSJks3Ccw6ParTyyfOJZGHvIIEzrLJ3OoR5cPxcCZdKN_SqS1jNY5PBfg4LEvSc5-P0YPbef2QNmmhyiw1t1jjnbc8X7A_U3B9hZyfr0ntJm32L_lizjof76BOhEF6dxg8bxztONxYe8E9caMurrq5j7XHp1Fl_93naZcd2LicBZMerR20hfaaBPCa45zNHBc5QuVf-cbbHQBkYPNnihkUTQdgXPzBWlVBnZiF3Ez79FhUn9A%3D%3D&request_ab2=0&zoneid=7406588&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&bs=e72e1b52-9acc-4105-b1bf-47ed870d7e71&wasm=1&userId=008052728b66436ffbff12c8aa32a08f&m=link
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectveepteero.com
Fingerprint13:68:56:48:EC:67:A6:93:BE:E0:36:BC:FA:04:75:6D:6E:D2:C1:91
ValiditySat, 23 Mar 2024 05:18:36 GMT - Fri, 21 Jun 2024 05:18:35 GMT

File type
JSON text data
Size
1.9 kB (1852 bytes)
Hash
0db033488c55c782235e00afb5bb86e9
39aed198097d3652d168c8dc150569c4b89e8c6b
e8178572053d2606812ea25df9811333778edf98dada06a210528b2ab91f4b19

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=lkSaLNQtVqmOv40xxzMw7eSJks3Ccw6ParTyyfOJZGHvIIEzrLJ3OoR5cPxcCZdKN_SqS1jNY5PBfg4LEvSc5-P0YPbef2QNmmhyiw1t1jjnbc8X7A_U3B9hZyfr0ntJm32L_lizjof76BOhEF6dxg8bxztONxYe8E9caMurrq5j7XHp1Fl_93naZcd2LicBZMerR20hfaaBPCa45zNHBc5QuVf-cbbHQBkYPNnihkUTQdgXPzBWlVBnZiF3Ez79FhUn9A%3D%3D&request_ab2=0&zoneid=7406588&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&bs=e72e1b52-9acc-4105-b1bf-47ed870d7e71&wasm=1&userId=008052728b66436ffbff12c8aa32a08f&m=link HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-type: application/json
x-trace-id: 1f5d5e1a3d76374d06e44e44eda9e28e
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008052728b66436ffbff12c8aa32a08f; expires=Sun, 04 May 2025 14:13:00 GMT; path=/; secure; SameSite=None
oaidts=1714831980; expires=Sun, 04 May 2025 14:13:00 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 11 May 2024 14:13:00 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/
Content-Type: application/json
Content-Length: 412
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 6c80f2d2c797995832ee9722f4dcdd63
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
0927decd5cb959dc581de44160434f0a
b9b1a9f7f364579085c718ab2bfc312cda71f284
5ab835c0d152bbcaaa6d96c6cd4f021fe38763fc225744a68483f8a0be82410e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/
Content-Type: application/json
Content-Length: 540
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

139.45.197.242

200 OK

2.7 kB

URL POST HTTP/2
cameesse.net/9?z=7406590&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=008052728b66436ffbff12c8aa32a08f
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
JSON text data
Size
2.7 kB (2695 bytes)
Hash
c90eae21df6a47aba76afaa58acc3cef
050066219a864bf05c3987be018a1941c3db7494
a8407107cc05771d7d824a9d8ce18bc9ad8a7a0bb21a1e6b6d7f52aecd426f30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /9?z=7406590&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=008052728b66436ffbff12c8aa32a08f HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 190
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Cookie: scm=1; OAID=04005253aca34b49f62b265d61ceafbb; oaidts=1714831980
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: e3da252a4bfcea32afd4ec60c06ae6e4
access-control-expose-headers: X-Sc
set-cookie: OAID=008052728b66436ffbff12c8aa32a08f; expires=Sun, 04 May 2025 14:13:01 GMT; secure; SameSite=None
oaidts=1714831980; expires=Sun, 04 May 2025 14:13:01 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

cameesse.net/1?z=7406590

139.45.197.242

200 OK

50 kB

URL GET HTTP/2
cameesse.net/1?z=7406590
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
JavaScript source, ASCII text, with very long lines (42427)
Size
50 kB (49774 bytes)
Hash
66c815b52c66c89118d34e4e81292381
de7f11ad32ae535201a1dad04d75797a920b62be
7a1608806949fb7bb172b0458cf2877894c4d6f184a33d71bdb3d0bc70227773

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=7406590 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:00 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 2cd49568f35a033b06c3196c42b9a683
access-control-expose-headers: X-Sc
x-sc: xdCFbfWAS65FVZ8hjwz9iHenb0qfAc95AWuBCBuZljVqe_EYW-OdYEUN9X72u4YWdNn3MVyzIvZjiJwEMl5RLpFp8tU=
set-cookie: scm=1; expires=Sun, 04 May 2025 14:13:00 GMT; secure; SameSite=None
OAID=04005253aca34b49f62b265d61ceafbb; expires=Sun, 04 May 2025 14:13:00 GMT; secure; SameSite=None
oaidts=1714831980; expires=Sun, 04 May 2025 14:13:00 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

gishejuy.com/500/7406589?excludes=&oaid=008052728b66436ffbff12c8aa32a08f&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

0 B

URL GET HTTP/2
gishejuy.com/500/7406589?excludes=&oaid=008052728b66436ffbff12c8aa32a08f&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/7406589?excludes=&oaid=008052728b66436ffbff12c8aa32a08f&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

139.45.197.244

200 OK

19 kB

URL OPTIONS HTTP/2
aistekso.net/500/7406591?excludes=&oaid=008052728b66436ffbff12c8aa32a08f&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT

File type
gzip compressed data, max speed, from Unix
Size
19 kB (18564 bytes)
Hash
0daf3264d00b0bcdc84fbee4ec52cc06
81cc5c36ac72441f7dfc75816d3fd3a2006dd54f
4b9d42109e25a28b917297940178ef99710750ff22d2a4b4d330134a21bf486d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /500/7406591?excludes=&oaid=008052728b66436ffbff12c8aa32a08f&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Cookie: OAID=03005263c12f4076fa2a51e7ae5086c4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-type: application/javascript
x-trace-id: 6fe6dfb5e6f92ed6006f4da9968674bb
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://anonzip.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=008052728b66436ffbff12c8aa32a08f; expires=Sun, 04 May 2025 14:13:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=7406590&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=810626688963579904&ctrl_fetch_dest=iframe&ctrl_id=6636426d944bc264752887&ctrl_ts=1714831981.6074&ctrl_ab=burp

143.204.55.105

302 Found

0 B

URL GET HTTP/2
track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=7406590&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=810626688963579904&ctrl_fetch_dest=iframe&ctrl_id=6636426d944bc264752887&ctrl_ts=1714831981.6074&ctrl_ab=burp
IP
143.204.55.105:443
ASN
#16509 AMAZON-02

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerAmazon
Subjecttrack.jefytrack.com
FingerprintD9:FC:91:D1:FD:F0:F4:2D:48:E9:47:EE:31:A0:1C:23:D3:9A:29:D8
ValiditySun, 21 Apr 2024 00:00:00 GMT - Tue, 20 May 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /145f6684-c379-407a-a2eb-922622a713e1?zoneid=7406590&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=810626688963579904&ctrl_fetch_dest=iframe&ctrl_id=6636426d944bc264752887&ctrl_ts=1714831981.6074&ctrl_ab=burp HTTP/1.1
Host: track.jefytrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-length: 0
location: https://externalde.com/out/xyhkxckud/?ctrl_id=6636426d944bc264752887&ctrl_ab=burp&ctrl_ts=1714831981.6074&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=w78hsnqua6mmt6213fvqrr0q
date: Sat, 04 May 2024 14:13:01 GMT
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: 145f6684-c379-407a-a2eb-922622a713e1-v4=lnkOx7TxTABcVm_DPntrxiU1JO_g-Pbk5LA_iZaGn-M; Max-Age=86400; Expires=Sun, 05-May-2024 14:13:01 GMT; Domain=track.jefytrack.com; Path=/; Secure; HttpOnly;SameSite=None
voluum-cid-v4=%7B%22cid%22%3A%22w78hsnqua6mmt6213fvqrr0q%22%2C%22caid%22%3A%22145f6684-c379-407a-a2eb-922622a713e1%22%7D; Max-Age=31536000; Expires=Sun, 04-May-2025 14:13:01 GMT; Domain=track.jefytrack.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: BKq7KpflVFlR2VqLMwzL6uktzhw-KK93T8XOwlY523gMjmJ-amzgyA==
X-Firefox-Spdy: h2

gishejuy.com/impression/L5GP_3Df7uxo8WtvHhOmf5OrxFw-zmz_8janTlvGihaiAGWdoi6mQ-1T_SWUxqHCa00mcJBG0RLDpMqH_c3W_5skzMPRptVSjV1WAd-7q4n4IFRjA5nL7XqgrxdU7jxIc2N93L_UMVAMmt4VdcwKIooTDql2ySVawhH1tqf39C9MIwV65K_AepZfuoNd83YL151DdeEiN6vqD3jIQQPClhJosEUTCJiSMIMui8Pt-FflkY9k78XMl97do0s4Te2Zub9uoiCSyT1zgQ56_eoI-T3BhftHpNQYHaMT8q_xIEmcGP_EBoIJBkDwpRBQoRGbRT60CpRjtURN-YBM3144QQ-MQ_rmiX2tgP4HSP-c7wwilzH-JcTuKOe2pNKXF__lEpD6K07U3eXbH2ti9rByOMkCCx8GkkopyrJtejsoUwWDSS9ioUKk8BEIISJxkStdrueY8v325GAxA5RmTHyGuy8G8kbfRkUYwDSAArgv754r0LA7QCe1gDhL84faeEMybfCwgvDEtoqj0F1UKuv45Tg3JdvkkGoVegVNaw7F6DH46BoAvvukuDyvMlkN9RbDeI5pdfEvDC0nuJ03d-WQZPM-PpDMoz1oPC0uvJGz2RIipgzmUMEErOfoDfnErYKHjTwf-9i2dHEJZga9IhiKxynStm8Jo72atU2581VpOvEGCY51PaAvZFI4tQPYKpVA-fAPcgx2fxkUZzld4UcGboMAfi9HOs8v_MYJ7U2OJ5rkHiMjHbevyX9CddJeVTvHhSVF_dU7p0xR0GaeCcJyEu32ZsWdWNx5CtQ3iA8rGQCGEx_Tn73vjyy3VOE=?_z=7406589&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/L5GP_3Df7uxo8WtvHhOmf5OrxFw-zmz_8janTlvGihaiAGWdoi6mQ-1T_SWUxqHCa00mcJBG0RLDpMqH_c3W_5skzMPRptVSjV1WAd-7q4n4IFRjA5nL7XqgrxdU7jxIc2N93L_UMVAMmt4VdcwKIooTDql2ySVawhH1tqf39C9MIwV65K_AepZfuoNd83YL151DdeEiN6vqD3jIQQPClhJosEUTCJiSMIMui8Pt-FflkY9k78XMl97do0s4Te2Zub9uoiCSyT1zgQ56_eoI-T3BhftHpNQYHaMT8q_xIEmcGP_EBoIJBkDwpRBQoRGbRT60CpRjtURN-YBM3144QQ-MQ_rmiX2tgP4HSP-c7wwilzH-JcTuKOe2pNKXF__lEpD6K07U3eXbH2ti9rByOMkCCx8GkkopyrJtejsoUwWDSS9ioUKk8BEIISJxkStdrueY8v325GAxA5RmTHyGuy8G8kbfRkUYwDSAArgv754r0LA7QCe1gDhL84faeEMybfCwgvDEtoqj0F1UKuv45Tg3JdvkkGoVegVNaw7F6DH46BoAvvukuDyvMlkN9RbDeI5pdfEvDC0nuJ03d-WQZPM-PpDMoz1oPC0uvJGz2RIipgzmUMEErOfoDfnErYKHjTwf-9i2dHEJZga9IhiKxynStm8Jo72atU2581VpOvEGCY51PaAvZFI4tQPYKpVA-fAPcgx2fxkUZzld4UcGboMAfi9HOs8v_MYJ7U2OJ5rkHiMjHbevyX9CddJeVTvHhSVF_dU7p0xR0GaeCcJyEu32ZsWdWNx5CtQ3iA8rGQCGEx_Tn73vjyy3VOE=?_z=7406589&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/L5GP_3Df7uxo8WtvHhOmf5OrxFw-zmz_8janTlvGihaiAGWdoi6mQ-1T_SWUxqHCa00mcJBG0RLDpMqH_c3W_5skzMPRptVSjV1WAd-7q4n4IFRjA5nL7XqgrxdU7jxIc2N93L_UMVAMmt4VdcwKIooTDql2ySVawhH1tqf39C9MIwV65K_AepZfuoNd83YL151DdeEiN6vqD3jIQQPClhJosEUTCJiSMIMui8Pt-FflkY9k78XMl97do0s4Te2Zub9uoiCSyT1zgQ56_eoI-T3BhftHpNQYHaMT8q_xIEmcGP_EBoIJBkDwpRBQoRGbRT60CpRjtURN-YBM3144QQ-MQ_rmiX2tgP4HSP-c7wwilzH-JcTuKOe2pNKXF__lEpD6K07U3eXbH2ti9rByOMkCCx8GkkopyrJtejsoUwWDSS9ioUKk8BEIISJxkStdrueY8v325GAxA5RmTHyGuy8G8kbfRkUYwDSAArgv754r0LA7QCe1gDhL84faeEMybfCwgvDEtoqj0F1UKuv45Tg3JdvkkGoVegVNaw7F6DH46BoAvvukuDyvMlkN9RbDeI5pdfEvDC0nuJ03d-WQZPM-PpDMoz1oPC0uvJGz2RIipgzmUMEErOfoDfnErYKHjTwf-9i2dHEJZga9IhiKxynStm8Jo72atU2581VpOvEGCY51PaAvZFI4tQPYKpVA-fAPcgx2fxkUZzld4UcGboMAfi9HOs8v_MYJ7U2OJ5rkHiMjHbevyX9CddJeVTvHhSVF_dU7p0xR0GaeCcJyEu32ZsWdWNx5CtQ3iA8rGQCGEx_Tn73vjyy3VOE=?_z=7406589&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Cookie: OAID=008052728b66436ffbff12c8aa32a08f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:05 GMT
content-type: image/gif
content-length: 43
x-trace-id: 4870e5fef565f9f0584404f2e2bc0886
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

aistekso.net/impression/Y1tZetqJWw6ZhPwz5KkbEl36VL6aequVDVZhybKoY-yFVs7jNek5WgMXPxG1gp8wELKx9YQmfShjtnwHP-noHGDdAmFwutp6A-XFJci7aqoAaM6NiZih7zABjJmu3dnqHWvpZpuvt2Ym8DRE2dCSJL_FPgblRS8vhXizt8ML8HqLyCIjhUHogXMIz1e0wAZeGcbqW0XaRNhpcmVV59--H3KysFF0fjP4OzQgEXlZwwLD4rOWDXRcKfZIxD_2fcZKxxsRN9m8Sn5v1BArM2omV9qJMfPiE3lWVt9hBxhBd4GvaCMk0Ez7GCsmXc-B9YLZUKmkEiO7bOefSpJR2jHRfKJ7ij7qebw2mwCHkTGIhcgbMb2cw_-WNxhuPZ-OylqV9QsyNWcvWfHPg5q2Q2_BOwzWioMfcYR1GVvzKGEWG3nkvNtXEbrNAxhnzJMJaGxWJErj9UEBDbKwqlAp3InSA6zMOPIDYRQy78ToOxmeKZAd6EbTo1icWIoVb38oNQnq02dGip2v3f9XouJaX3TzwUL5OYeUVbxGyxMTez74LCSQQL8EpRYet1DE4G8ltBe1urmUcJpqE-9GXvFE3dAZZVIitHrkd8rsR2u-VlZotiVZGulb3IuUyVd6M2dta8-2l43p3JwLd_splHAulrmS5wknlNknMZNHzX-iq_FoTNSRy_Lhbgp4S9NtIo11zHyZINxkj296ARpBp9vEd-mI82d_j0DMZwG4AAKV7xF3122hCF7m5bJ82jWOXujtAW9ZrSfyUpzDKh2BhObIF5HZTAJ4i3FKu2tt314L2DrnYDDrv85J3ryBkjHGP64=?_z=7406591&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.244

200 OK

43 B

URL GET HTTP/2
aistekso.net/impression/Y1tZetqJWw6ZhPwz5KkbEl36VL6aequVDVZhybKoY-yFVs7jNek5WgMXPxG1gp8wELKx9YQmfShjtnwHP-noHGDdAmFwutp6A-XFJci7aqoAaM6NiZih7zABjJmu3dnqHWvpZpuvt2Ym8DRE2dCSJL_FPgblRS8vhXizt8ML8HqLyCIjhUHogXMIz1e0wAZeGcbqW0XaRNhpcmVV59--H3KysFF0fjP4OzQgEXlZwwLD4rOWDXRcKfZIxD_2fcZKxxsRN9m8Sn5v1BArM2omV9qJMfPiE3lWVt9hBxhBd4GvaCMk0Ez7GCsmXc-B9YLZUKmkEiO7bOefSpJR2jHRfKJ7ij7qebw2mwCHkTGIhcgbMb2cw_-WNxhuPZ-OylqV9QsyNWcvWfHPg5q2Q2_BOwzWioMfcYR1GVvzKGEWG3nkvNtXEbrNAxhnzJMJaGxWJErj9UEBDbKwqlAp3InSA6zMOPIDYRQy78ToOxmeKZAd6EbTo1icWIoVb38oNQnq02dGip2v3f9XouJaX3TzwUL5OYeUVbxGyxMTez74LCSQQL8EpRYet1DE4G8ltBe1urmUcJpqE-9GXvFE3dAZZVIitHrkd8rsR2u-VlZotiVZGulb3IuUyVd6M2dta8-2l43p3JwLd_splHAulrmS5wknlNknMZNHzX-iq_FoTNSRy_Lhbgp4S9NtIo11zHyZINxkj296ARpBp9vEd-mI82d_j0DMZwG4AAKV7xF3122hCF7m5bJ82jWOXujtAW9ZrSfyUpzDKh2BhObIF5HZTAJ4i3FKu2tt314L2DrnYDDrv85J3ryBkjHGP64=?_z=7406591&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/Y1tZetqJWw6ZhPwz5KkbEl36VL6aequVDVZhybKoY-yFVs7jNek5WgMXPxG1gp8wELKx9YQmfShjtnwHP-noHGDdAmFwutp6A-XFJci7aqoAaM6NiZih7zABjJmu3dnqHWvpZpuvt2Ym8DRE2dCSJL_FPgblRS8vhXizt8ML8HqLyCIjhUHogXMIz1e0wAZeGcbqW0XaRNhpcmVV59--H3KysFF0fjP4OzQgEXlZwwLD4rOWDXRcKfZIxD_2fcZKxxsRN9m8Sn5v1BArM2omV9qJMfPiE3lWVt9hBxhBd4GvaCMk0Ez7GCsmXc-B9YLZUKmkEiO7bOefSpJR2jHRfKJ7ij7qebw2mwCHkTGIhcgbMb2cw_-WNxhuPZ-OylqV9QsyNWcvWfHPg5q2Q2_BOwzWioMfcYR1GVvzKGEWG3nkvNtXEbrNAxhnzJMJaGxWJErj9UEBDbKwqlAp3InSA6zMOPIDYRQy78ToOxmeKZAd6EbTo1icWIoVb38oNQnq02dGip2v3f9XouJaX3TzwUL5OYeUVbxGyxMTez74LCSQQL8EpRYet1DE4G8ltBe1urmUcJpqE-9GXvFE3dAZZVIitHrkd8rsR2u-VlZotiVZGulb3IuUyVd6M2dta8-2l43p3JwLd_splHAulrmS5wknlNknMZNHzX-iq_FoTNSRy_Lhbgp4S9NtIo11zHyZINxkj296ARpBp9vEd-mI82d_j0DMZwG4AAKV7xF3122hCF7m5bJ82jWOXujtAW9ZrSfyUpzDKh2BhObIF5HZTAJ4i3FKu2tt314L2DrnYDDrv85J3ryBkjHGP64=?_z=7406591&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Cookie: OAID=008052728b66436ffbff12c8aa32a08f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:06 GMT
content-type: image/gif
content-length: 43
x-trace-id: 3af973fd629674e309f9a41a068149ce
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg

104.22.32.172

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
17 kB (17173 bytes)
Hash
9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906

HTTP Headers

GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 14:13:06 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Sat, 04 May 2024 20:06:53 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 65170
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e916e9990792a3-CPH
X-Firefox-Spdy: h2

gishejuy.com/500/7406589?excludes=19845928&oaid=008052728b66436ffbff12c8aa32a08f&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

0 B

URL OPTIONS HTTP/2
gishejuy.com/500/7406589?excludes=19845928&oaid=008052728b66436ffbff12c8aa32a08f&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/7406589?excludes=19845928&oaid=008052728b66436ffbff12c8aa32a08f&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:06 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/71581bf2ce9a00138faf7dd80fe3e12e.jpg

104.22.32.172

200 OK

19 kB

URL GET HTTP/2
offerimage.com/www/images/71581bf2ce9a00138faf7dd80fe3e12e.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
19 kB (19381 bytes)
Hash
71581bf2ce9a00138faf7dd80fe3e12e
56479135ed64bf23e1037067c0c87047eb8a414c
5d9f95c8c06343cc189b38268296615ed8816d8154b4b782ad0d62bedd23525e

HTTP Headers

GET /www/images/71581bf2ce9a00138faf7dd80fe3e12e.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 14:13:06 GMT
content-type: image/jpeg
content-length: 19381
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65674405-4bb5"
expires: Sat, 04 May 2024 18:07:30 GMT
last-modified: Wed, 29 Nov 2023 14:00:37 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 72336
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e916ea59e592a3-CPH
X-Firefox-Spdy: h2

offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg

104.22.32.172

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
17 kB (17173 bytes)
Hash
9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906

HTTP Headers

GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 14:13:06 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Sat, 04 May 2024 20:06:53 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 65170
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e916ebbb8f92a3-CPH
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 06:08:19 GMT
expires: Sat, 03 May 2025 06:08:19 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 115487
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.163

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Apr 2024 10:46:32 GMT
expires: Wed, 30 Apr 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 357994
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=7406590&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=810626688963579904

104.21.64.36

302 Found

3.4 kB

URL GET HTTP/2
securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=7406590&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=810626688963579904
IP
104.21.64.36:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subjectsecuredpeacomm.com
FingerprintE2:58:9B:FC:54:26:CA:CC:89:05:0D:28:D6:2E:28:9E:39:7E:5F:D6
ValidityMon, 15 Apr 2024 19:27:34 GMT - Sun, 14 Jul 2024 19:27:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3
Size
3.4 kB (3446 bytes)
Hash
3760de954296b4127be241e50251e17c
732a60fa3e6960f5d5216d59661a38a734599940
18732ff4313ebebeb0435b8decefe20c35559fe980ba710d3405136c8ef87b8b

HTTP Headers

GET /in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=7406590&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=810626688963579904 HTTP/1.1
Host: securedpeacomm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 04 May 2024 14:13:01 GMT
content-type: text/html; charset=UTF-8
location: https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=7406590&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=810626688963579904&ctrl_fetch_dest=iframe&ctrl_id=6636426d944bc264752887&ctrl_ts=1714831981.6074&ctrl_ab=burp
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Tks8XIGuyYg6tkS%2FagAoi3nD9ooIYESDAz3TCj3QefO8mOwTVprP%2BZW6w9%2FSZB%2FFu1W0FcJ5Gj4TKcwyJOaN7gBU%2BRB30XcX1AgXKCLNV2mVhK7NLEDncMCbTszBc43FRqUyXA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e916cc7b15568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

gishejuy.com/impression/bmHug5qZMnRcX54nHIkCx913BmnrpBElkd_o_E7leuEQ51ob7ZcC3DqPZyaWXJ2FIasPSdcCUi_7BmPfTDF28WKhZpwH63JFQFZT_JIyTh58hzKAeqfRT11lI4hL2OrBPvBpC-q0hfwhrNLqOoqbhA1Wj4oh5wUzZDhhioCUUf6gnazn8GD5ZApvSuL39xONSLoU4JOx81q3I9XUH84Jgzm5wBBBzDQiqCMcBBykez-mrxKtKBKYQJ3TSXDeZw_sZ5f_3_Q6GuFT1tlFh20i1ZkZLmdxy5H1EHnVkT1U6kgPK555IZdqFzgoEjgCJKaJ460vW9Oq57N0VMOGyGAntYVloP_Tt8BIbug0SN4d5OX7BGySiQGUd1IihUpwqdlHDqnm-IDGAnNAiixRVOs0CNLvYi585PK53dhIeCG0cap2RrZguBsNyuSLajW_U5DS86fhsdryk604NQuYGJEs_1wG4MIL2Mti9xHNYmkJt07hD-UYiWhB2SmFk9ze_6TxBRkOWd-8R6fgRqWeTdrmZoOkeA_4gPi_Ah0Vnzbt0jQhRU2AqSqxB_wQjhTMlyWRGosNaCCuPqi0IdP4od4-uInx-ZM5xSqG9vueYWRedA4NKN9hfC675I88dhEnXnaG-ayPDmdraC8ZlYUtKO8Vppixpdn7dhRVLn7quz1Cqu__S8kPQiSAQByxRPvy61dNjlRJa_4pY5Y58gzOzymxQQmhojZHjB8miE0lbI7HUs7YUgf84BfRXSWb1kl1oRPx-ySvLktuX4RciwiSUgJ01foXQGt9wsAVFIFkJnQZhI7oCmtWukSRGKj8Gvg=?_z=7406589&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/bmHug5qZMnRcX54nHIkCx913BmnrpBElkd_o_E7leuEQ51ob7ZcC3DqPZyaWXJ2FIasPSdcCUi_7BmPfTDF28WKhZpwH63JFQFZT_JIyTh58hzKAeqfRT11lI4hL2OrBPvBpC-q0hfwhrNLqOoqbhA1Wj4oh5wUzZDhhioCUUf6gnazn8GD5ZApvSuL39xONSLoU4JOx81q3I9XUH84Jgzm5wBBBzDQiqCMcBBykez-mrxKtKBKYQJ3TSXDeZw_sZ5f_3_Q6GuFT1tlFh20i1ZkZLmdxy5H1EHnVkT1U6kgPK555IZdqFzgoEjgCJKaJ460vW9Oq57N0VMOGyGAntYVloP_Tt8BIbug0SN4d5OX7BGySiQGUd1IihUpwqdlHDqnm-IDGAnNAiixRVOs0CNLvYi585PK53dhIeCG0cap2RrZguBsNyuSLajW_U5DS86fhsdryk604NQuYGJEs_1wG4MIL2Mti9xHNYmkJt07hD-UYiWhB2SmFk9ze_6TxBRkOWd-8R6fgRqWeTdrmZoOkeA_4gPi_Ah0Vnzbt0jQhRU2AqSqxB_wQjhTMlyWRGosNaCCuPqi0IdP4od4-uInx-ZM5xSqG9vueYWRedA4NKN9hfC675I88dhEnXnaG-ayPDmdraC8ZlYUtKO8Vppixpdn7dhRVLn7quz1Cqu__S8kPQiSAQByxRPvy61dNjlRJa_4pY5Y58gzOzymxQQmhojZHjB8miE0lbI7HUs7YUgf84BfRXSWb1kl1oRPx-ySvLktuX4RciwiSUgJ01foXQGt9wsAVFIFkJnQZhI7oCmtWukSRGKj8Gvg=?_z=7406589&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/bmHug5qZMnRcX54nHIkCx913BmnrpBElkd_o_E7leuEQ51ob7ZcC3DqPZyaWXJ2FIasPSdcCUi_7BmPfTDF28WKhZpwH63JFQFZT_JIyTh58hzKAeqfRT11lI4hL2OrBPvBpC-q0hfwhrNLqOoqbhA1Wj4oh5wUzZDhhioCUUf6gnazn8GD5ZApvSuL39xONSLoU4JOx81q3I9XUH84Jgzm5wBBBzDQiqCMcBBykez-mrxKtKBKYQJ3TSXDeZw_sZ5f_3_Q6GuFT1tlFh20i1ZkZLmdxy5H1EHnVkT1U6kgPK555IZdqFzgoEjgCJKaJ460vW9Oq57N0VMOGyGAntYVloP_Tt8BIbug0SN4d5OX7BGySiQGUd1IihUpwqdlHDqnm-IDGAnNAiixRVOs0CNLvYi585PK53dhIeCG0cap2RrZguBsNyuSLajW_U5DS86fhsdryk604NQuYGJEs_1wG4MIL2Mti9xHNYmkJt07hD-UYiWhB2SmFk9ze_6TxBRkOWd-8R6fgRqWeTdrmZoOkeA_4gPi_Ah0Vnzbt0jQhRU2AqSqxB_wQjhTMlyWRGosNaCCuPqi0IdP4od4-uInx-ZM5xSqG9vueYWRedA4NKN9hfC675I88dhEnXnaG-ayPDmdraC8ZlYUtKO8Vppixpdn7dhRVLn7quz1Cqu__S8kPQiSAQByxRPvy61dNjlRJa_4pY5Y58gzOzymxQQmhojZHjB8miE0lbI7HUs7YUgf84BfRXSWb1kl1oRPx-ySvLktuX4RciwiSUgJ01foXQGt9wsAVFIFkJnQZhI7oCmtWukSRGKj8Gvg=?_z=7406589&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Cookie: OAID=008052728b66436ffbff12c8aa32a08f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:09 GMT
content-type: image/gif
content-length: 43
x-trace-id: 32bc9e89efd9e9dfacda49b45bc045a5
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700

142.250.74.106

200 OK

8.1 kB

URL GET HTTP/3
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
8.1 kB (8149 bytes)
Hash
89c5b8a9359283a487580d98ee529f01
6e4b4a5c4d353c1b0517469970b4f3916ba3f3d9
011240a225754bfaa35d0fec0913647c80e520bc1fd130f57c310a8a32606426

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 14:13:06 GMT
date: Sat, 04 May 2024 14:13:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cameesse.net/11?rnd=3361781033&z=7406590&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=NwK7l_c3WDTWwFy4P_AjyQa2cfiPWN6BCFW9GCFHKsFyrKf1f_BiViKiQ6_AZr_e7wL3GnbGoLzerV6WC2n5Yn506JOTYUUb46v0-6D1BpFl1FADKeYUF0C1MDCrxV-KRJvLSZHsTcMR3ZI_D_hV5BwfqoXnV9i8tHz8u39lkPvGCxTCEBV_8VQtNCB_uJ7ygFL9ly0wzzGYd6Ze1OfbcntbE-bLJu3pYdcsrYKxDZ_d2SOnUgwi-Q4DnG0nrP1HcKFum_8qpWaBGrkFUKrpKp056JdVmCjHwlTBiRMvWUZSB8rJwfBklNLB3BX-cF_JPEmL7Zp0hJtSU62AzYWGRY7JRDNEamNkBou1mptYeOpmTYc8SuQxTCZhuszMRtORHU5q9lt46XFkmFpAOP2deggWGDiIv0Ivj6VEjJL4LLON32XQdvtH-2EwmsuntE2D3xxaEsQ1wrqhtb3-BgqfEjqqR5Z_6oGU2d_EVECyu7OV86Wrj175rAIY0Bi3NlmmxkOIaBiSpSs5OSNHoGE9YqH1P8A8kj-32sClSNOHxWseCIUlN3aCv5nbp-jyvwX0H--g8rj7Nt3W2p0GZ73oafBootBH9oLAmSoi2e5xtipF6l2o&ruid=f1a6bd0a-467a-40ec-8304-94bfe891560f&subid=810626688963579904&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1

139.45.197.242

200 OK

0 B

URL GET HTTP/2
cameesse.net/11?rnd=3361781033&z=7406590&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=NwK7l_c3WDTWwFy4P_AjyQa2cfiPWN6BCFW9GCFHKsFyrKf1f_BiViKiQ6_AZr_e7wL3GnbGoLzerV6WC2n5Yn506JOTYUUb46v0-6D1BpFl1FADKeYUF0C1MDCrxV-KRJvLSZHsTcMR3ZI_D_hV5BwfqoXnV9i8tHz8u39lkPvGCxTCEBV_8VQtNCB_uJ7ygFL9ly0wzzGYd6Ze1OfbcntbE-bLJu3pYdcsrYKxDZ_d2SOnUgwi-Q4DnG0nrP1HcKFum_8qpWaBGrkFUKrpKp056JdVmCjHwlTBiRMvWUZSB8rJwfBklNLB3BX-cF_JPEmL7Zp0hJtSU62AzYWGRY7JRDNEamNkBou1mptYeOpmTYc8SuQxTCZhuszMRtORHU5q9lt46XFkmFpAOP2deggWGDiIv0Ivj6VEjJL4LLON32XQdvtH-2EwmsuntE2D3xxaEsQ1wrqhtb3-BgqfEjqqR5Z_6oGU2d_EVECyu7OV86Wrj175rAIY0Bi3NlmmxkOIaBiSpSs5OSNHoGE9YqH1P8A8kj-32sClSNOHxWseCIUlN3aCv5nbp-jyvwX0H--g8rj7Nt3W2p0GZ73oafBootBH9oLAmSoi2e5xtipF6l2o&ruid=f1a6bd0a-467a-40ec-8304-94bfe891560f&subid=810626688963579904&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=3361781033&z=7406590&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=NwK7l_c3WDTWwFy4P_AjyQa2cfiPWN6BCFW9GCFHKsFyrKf1f_BiViKiQ6_AZr_e7wL3GnbGoLzerV6WC2n5Yn506JOTYUUb46v0-6D1BpFl1FADKeYUF0C1MDCrxV-KRJvLSZHsTcMR3ZI_D_hV5BwfqoXnV9i8tHz8u39lkPvGCxTCEBV_8VQtNCB_uJ7ygFL9ly0wzzGYd6Ze1OfbcntbE-bLJu3pYdcsrYKxDZ_d2SOnUgwi-Q4DnG0nrP1HcKFum_8qpWaBGrkFUKrpKp056JdVmCjHwlTBiRMvWUZSB8rJwfBklNLB3BX-cF_JPEmL7Zp0hJtSU62AzYWGRY7JRDNEamNkBou1mptYeOpmTYc8SuQxTCZhuszMRtORHU5q9lt46XFkmFpAOP2deggWGDiIv0Ivj6VEjJL4LLON32XQdvtH-2EwmsuntE2D3xxaEsQ1wrqhtb3-BgqfEjqqR5Z_6oGU2d_EVECyu7OV86Wrj175rAIY0Bi3NlmmxkOIaBiSpSs5OSNHoGE9YqH1P8A8kj-32sClSNOHxWseCIUlN3aCv5nbp-jyvwX0H--g8rj7Nt3W2p0GZ73oafBootBH9oLAmSoi2e5xtipF6l2o&ruid=f1a6bd0a-467a-40ec-8304-94bfe891560f&subid=810626688963579904&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Cookie: scm=1; OAID=008052728b66436ffbff12c8aa32a08f; oaidts=1714831980
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:21 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 0587ffb7c2f98cc4bb831a45487d14de
access-control-expose-headers: X-Sc
set-cookie: OAID=008052728b66436ffbff12c8aa32a08f; expires=Sun, 04 May 2025 14:13:21 GMT; secure; SameSite=None
oaidts=1714831980; expires=Sun, 04 May 2025 14:13:21 GMT; secure; SameSite=None
oaidvc=1; expires=Sun, 04 May 2025 14:13:21 GMT; secure; SameSite=None
CNT=1_v1_rtk9AQEAAACHTQAA; expires=Sat, 04 May 2024 15:13:21 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

aistekso.net/401/7406591

139.45.197.244

200 OK

91 kB

URL GET HTTP/2
aistekso.net/401/7406591
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
91 kB (90710 bytes)
Hash
ece1af3b0e3144fe14d20a3a373fe0cf
f991125d21f4dc941edb3505c12517a3e6fe94f6
6761677568c3f97d8e53a27757c61acde40c20e511ca29d07979db77f108d64e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /401/7406591 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:00 GMT
content-type: application/javascript
x-trace-id: 92e23839411db6ad44d9c1ec5828323d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=03005263c12f4076fa2a51e7ae5086c4; expires=Sun, 04 May 2025 14:13:00 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

veepteero.com/88/61794

139.45.197.242

200 OK

3.1 kB

URL GET HTTP/2
veepteero.com/88/61794
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectveepteero.com
Fingerprint13:68:56:48:EC:67:A6:93:BE:E0:36:BC:FA:04:75:6D:6E:D2:C1:91
ValiditySat, 23 Mar 2024 05:18:36 GMT - Fri, 21 Jun 2024 05:18:35 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3367), with no line terminators
Size
3.1 kB (3103 bytes)
Hash
d628735742f4fc8597f3980d3df1f629
d99bd4d143870c0d62f1d558339ad5229a28b1e9
af64f0aa5b09a954eef8a88505a6cfdd6a408f0ae1587695c1a0233655b1e0d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /88/61794 HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:00 GMT
content-type: application/json
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/tag.min.js?z=7406592

139.45.197.250

200 OK

15 kB

URL GET HTTP/2
moonoafy.net/pfe/current/tag.min.js?z=7406592
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JavaScript source, ASCII text, with very long lines (14612), with no line terminators
Size
15 kB (14612 bytes)
Hash
ffdd38e0a5a1a47cb341a116a3318e0e
2fd730feff506cf56e14c531e9d89cdea2cca424
7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/tag.min.js?z=7406592 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:00 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:53 GMT
etag: W/"662a3515-3914"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

cameesse.net/121?rnd=2467410867&z=7406590&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D7406590%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D810626688963579904&cln={CELL_NUMBER}&btp=7&rb=NwK7l_c3WDTWwFy4P_AjyQa2cfiPWN6BCFW9GCFHKsFyrKf1f_BiViKiQ6_AZr_e7wL3GnbGoLzerV6WC2n5Yn506JOTYUUb46v0-6D1BpFl1FADKeYUF0C1MDCrxV-KRJvLSZHsTcMR3ZI_D_hV5BwfqoXnV9i8tHz8u39lkPvGCxTCEBV_8VQtNCB_uJ7ygFL9ly0wzzGYd6Ze1OfbcntbE-bLJu3pYdcsrYKxDZ_d2SOnUgwi-Q4DnG0nrP1HcKFum_8qpWaBGrkFUKrpKp056JdVmCjHwlTBiRMvWUZSB8rJwfBklNLB3BX-cF_JPEmL7Zp0hJtSU62AzYWGRY7JRDNEamNkBou1mptYeOpmTYc8SuQxTCZhuszMRtORHU5q9lt46XFkmFpAOP2deggWGDiIv0Ivj6VEjJL4LLON32XQdvtH-2EwmsuntE2D3xxaEsQ1wrqhtb3-BgqfEjqqR5Z_6oGU2d_EVECyu7OV86Wrj175rAIY0Bi3NlmmxkOIaBiSpSs5OSNHoGE9YqH1P8A8kj-32sClSNOHxWseCIUlN3aCv5nbp-jyvwX0H--g8rj7Nt3W2p0GZ73oafBootBH9oLAmSoi2e5xtipF6l2o&bag=ydU9kaAfa6I=&ruid=f1a6bd0a-467a-40ec-8304-94bfe891560f&subid=810626688963579904

139.45.197.242

302 Found

1.1 kB

URL GET HTTP/2
cameesse.net/121?rnd=2467410867&z=7406590&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D7406590%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D810626688963579904&cln={CELL_NUMBER}&btp=7&rb=NwK7l_c3WDTWwFy4P_AjyQa2cfiPWN6BCFW9GCFHKsFyrKf1f_BiViKiQ6_AZr_e7wL3GnbGoLzerV6WC2n5Yn506JOTYUUb46v0-6D1BpFl1FADKeYUF0C1MDCrxV-KRJvLSZHsTcMR3ZI_D_hV5BwfqoXnV9i8tHz8u39lkPvGCxTCEBV_8VQtNCB_uJ7ygFL9ly0wzzGYd6Ze1OfbcntbE-bLJu3pYdcsrYKxDZ_d2SOnUgwi-Q4DnG0nrP1HcKFum_8qpWaBGrkFUKrpKp056JdVmCjHwlTBiRMvWUZSB8rJwfBklNLB3BX-cF_JPEmL7Zp0hJtSU62AzYWGRY7JRDNEamNkBou1mptYeOpmTYc8SuQxTCZhuszMRtORHU5q9lt46XFkmFpAOP2deggWGDiIv0Ivj6VEjJL4LLON32XQdvtH-2EwmsuntE2D3xxaEsQ1wrqhtb3-BgqfEjqqR5Z_6oGU2d_EVECyu7OV86Wrj175rAIY0Bi3NlmmxkOIaBiSpSs5OSNHoGE9YqH1P8A8kj-32sClSNOHxWseCIUlN3aCv5nbp-jyvwX0H--g8rj7Nt3W2p0GZ73oafBootBH9oLAmSoi2e5xtipF6l2o&bag=ydU9kaAfa6I=&ruid=f1a6bd0a-467a-40ec-8304-94bfe891560f&subid=810626688963579904
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
1.1 kB (1073 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /121?rnd=2467410867&z=7406590&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D7406590%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D810626688963579904&cln={CELL_NUMBER}&btp=7&rb=NwK7l_c3WDTWwFy4P_AjyQa2cfiPWN6BCFW9GCFHKsFyrKf1f_BiViKiQ6_AZr_e7wL3GnbGoLzerV6WC2n5Yn506JOTYUUb46v0-6D1BpFl1FADKeYUF0C1MDCrxV-KRJvLSZHsTcMR3ZI_D_hV5BwfqoXnV9i8tHz8u39lkPvGCxTCEBV_8VQtNCB_uJ7ygFL9ly0wzzGYd6Ze1OfbcntbE-bLJu3pYdcsrYKxDZ_d2SOnUgwi-Q4DnG0nrP1HcKFum_8qpWaBGrkFUKrpKp056JdVmCjHwlTBiRMvWUZSB8rJwfBklNLB3BX-cF_JPEmL7Zp0hJtSU62AzYWGRY7JRDNEamNkBou1mptYeOpmTYc8SuQxTCZhuszMRtORHU5q9lt46XFkmFpAOP2deggWGDiIv0Ivj6VEjJL4LLON32XQdvtH-2EwmsuntE2D3xxaEsQ1wrqhtb3-BgqfEjqqR5Z_6oGU2d_EVECyu7OV86Wrj175rAIY0Bi3NlmmxkOIaBiSpSs5OSNHoGE9YqH1P8A8kj-32sClSNOHxWseCIUlN3aCv5nbp-jyvwX0H--g8rj7Nt3W2p0GZ73oafBootBH9oLAmSoi2e5xtipF6l2o&bag=ydU9kaAfa6I=&ruid=f1a6bd0a-467a-40ec-8304-94bfe891560f&subid=810626688963579904 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: scm=1; OAID=008052728b66436ffbff12c8aa32a08f; oaidts=1714831980
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-length: 0
location: https://securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=7406590&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=810626688963579904
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: ed82507379832633a48f6913f4681e1d
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

lkbx.me/4KqY7?uid=w78hsnqua6mmt6213fvqrr0q

47.89.248.255

200 OK

1.1 kB

URL GET HTTP/2
lkbx.me/4KqY7?uid=w78hsnqua6mmt6213fvqrr0q
IP
47.89.248.255:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerDigiCert Inc
Subjectlkbx.me
Fingerprint85:1C:F3:96:31:0D:EC:E9:85:9D:6E:27:5F:AE:1D:6C:F2:9B:F5:BD
ValidityMon, 27 Nov 2023 00:00:00 GMT - Tue, 26 Nov 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1129), with no line terminators
Size
1.1 kB (1073 bytes)
Hash
752d116ad9763cca692cb45ac95e94a1
4384b74ca22eb08cf8703216e372babf6fdc5b7d
1db7055f9963d5be2fd9904e2f5e58c034dc60a98a965ea03415ca9630695dc3

HTTP Headers

GET /4KqY7?uid=w78hsnqua6mmt6213fvqrr0q HTTP/1.1
Host: lkbx.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 14:13:03 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
set-cookie: discuz_2132_saltkey=aZadnW1y; expires=Mon, 03-Jun-2024 14:13:02 GMT; Max-Age=2592000; path=/; secure; httponly
discuz_2132_lang=en; path=/; secure
discuz_2132_lang=en; path=/; secure
content-encoding: gzip
X-Firefox-Spdy: h2

gishejuy.com/400/7406589

139.45.197.242

200 OK

84 kB

URL GET HTTP/2
gishejuy.com/400/7406589
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
84 kB (83824 bytes)
Hash
6e9e3daa99aace4bfa7ffbdd91ed9c62
14e6b0db06a96013a1d8674a5d9edaf9dd19f389
64abc616ce5e436ce0c8b5cfb7efed03e3723b64a3f03b57c3c6860fa14a5741

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/7406589 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:00 GMT
content-type: application/javascript
x-trace-id: 31061bbb92290a9f763de78554750f74
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=030052762174407ae136bda97ca83a8f; expires=Sun, 04 May 2025 14:13:00 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/universal.min.js?v=3.1.504

139.45.197.250

200 OK

90 kB

URL GET HTTP/2
moonoafy.net/pfe/current/universal.min.js?v=3.1.504
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (89850 bytes)
Hash
4caad44ecc6a13eba45b63ed7cf9e387
e67dfe90bebd5447495d8fe962d03e55f6d13071
66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:53 GMT
etag: W/"662a3515-15efa"
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

cameesse.net/11?rnd=3361781033&z=7406590&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=NwK7l_c3WDTWwFy4P_AjyQa2cfiPWN6BCFW9GCFHKsFyrKf1f_BiViKiQ6_AZr_e7wL3GnbGoLzerV6WC2n5Yn506JOTYUUb46v0-6D1BpFl1FADKeYUF0C1MDCrxV-KRJvLSZHsTcMR3ZI_D_hV5BwfqoXnV9i8tHz8u39lkPvGCxTCEBV_8VQtNCB_uJ7ygFL9ly0wzzGYd6Ze1OfbcntbE-bLJu3pYdcsrYKxDZ_d2SOnUgwi-Q4DnG0nrP1HcKFum_8qpWaBGrkFUKrpKp056JdVmCjHwlTBiRMvWUZSB8rJwfBklNLB3BX-cF_JPEmL7Zp0hJtSU62AzYWGRY7JRDNEamNkBou1mptYeOpmTYc8SuQxTCZhuszMRtORHU5q9lt46XFkmFpAOP2deggWGDiIv0Ivj6VEjJL4LLON32XQdvtH-2EwmsuntE2D3xxaEsQ1wrqhtb3-BgqfEjqqR5Z_6oGU2d_EVECyu7OV86Wrj175rAIY0Bi3NlmmxkOIaBiSpSs5OSNHoGE9YqH1P8A8kj-32sClSNOHxWseCIUlN3aCv5nbp-jyvwX0H--g8rj7Nt3W2p0GZ73oafBootBH9oLAmSoi2e5xtipF6l2o&ruid=f1a6bd0a-467a-40ec-8304-94bfe891560f&subid=810626688963579904&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=85

139.45.197.242

200 OK

0 B

URL GET HTTP/2
cameesse.net/11?rnd=3361781033&z=7406590&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=NwK7l_c3WDTWwFy4P_AjyQa2cfiPWN6BCFW9GCFHKsFyrKf1f_BiViKiQ6_AZr_e7wL3GnbGoLzerV6WC2n5Yn506JOTYUUb46v0-6D1BpFl1FADKeYUF0C1MDCrxV-KRJvLSZHsTcMR3ZI_D_hV5BwfqoXnV9i8tHz8u39lkPvGCxTCEBV_8VQtNCB_uJ7ygFL9ly0wzzGYd6Ze1OfbcntbE-bLJu3pYdcsrYKxDZ_d2SOnUgwi-Q4DnG0nrP1HcKFum_8qpWaBGrkFUKrpKp056JdVmCjHwlTBiRMvWUZSB8rJwfBklNLB3BX-cF_JPEmL7Zp0hJtSU62AzYWGRY7JRDNEamNkBou1mptYeOpmTYc8SuQxTCZhuszMRtORHU5q9lt46XFkmFpAOP2deggWGDiIv0Ivj6VEjJL4LLON32XQdvtH-2EwmsuntE2D3xxaEsQ1wrqhtb3-BgqfEjqqR5Z_6oGU2d_EVECyu7OV86Wrj175rAIY0Bi3NlmmxkOIaBiSpSs5OSNHoGE9YqH1P8A8kj-32sClSNOHxWseCIUlN3aCv5nbp-jyvwX0H--g8rj7Nt3W2p0GZ73oafBootBH9oLAmSoi2e5xtipF6l2o&ruid=f1a6bd0a-467a-40ec-8304-94bfe891560f&subid=810626688963579904&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=85
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=3361781033&z=7406590&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=NwK7l_c3WDTWwFy4P_AjyQa2cfiPWN6BCFW9GCFHKsFyrKf1f_BiViKiQ6_AZr_e7wL3GnbGoLzerV6WC2n5Yn506JOTYUUb46v0-6D1BpFl1FADKeYUF0C1MDCrxV-KRJvLSZHsTcMR3ZI_D_hV5BwfqoXnV9i8tHz8u39lkPvGCxTCEBV_8VQtNCB_uJ7ygFL9ly0wzzGYd6Ze1OfbcntbE-bLJu3pYdcsrYKxDZ_d2SOnUgwi-Q4DnG0nrP1HcKFum_8qpWaBGrkFUKrpKp056JdVmCjHwlTBiRMvWUZSB8rJwfBklNLB3BX-cF_JPEmL7Zp0hJtSU62AzYWGRY7JRDNEamNkBou1mptYeOpmTYc8SuQxTCZhuszMRtORHU5q9lt46XFkmFpAOP2deggWGDiIv0Ivj6VEjJL4LLON32XQdvtH-2EwmsuntE2D3xxaEsQ1wrqhtb3-BgqfEjqqR5Z_6oGU2d_EVECyu7OV86Wrj175rAIY0Bi3NlmmxkOIaBiSpSs5OSNHoGE9YqH1P8A8kj-32sClSNOHxWseCIUlN3aCv5nbp-jyvwX0H--g8rj7Nt3W2p0GZ73oafBootBH9oLAmSoi2e5xtipF6l2o&ruid=f1a6bd0a-467a-40ec-8304-94bfe891560f&subid=810626688963579904&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2F114C%2FLiliths_Throne_v0.4.9.5_exe_version.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=85 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Cookie: scm=1; OAID=008052728b66436ffbff12c8aa32a08f; oaidts=1714831980
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 14:13:01 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 185f68935c15632a0631ea15dd016d4d
access-control-expose-headers: X-Sc
set-cookie: OAID=008052728b66436ffbff12c8aa32a08f; expires=Sun, 04 May 2025 14:13:01 GMT; secure; SameSite=None
oaidts=1714831980; expires=Sun, 04 May 2025 14:13:01 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i

142.250.74.106

200 OK

37 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1572)
Size
37 kB (37345 bytes)
Hash
c2b8ea09ec90a66034e1b61bc1f8e5d4
9558953728cacfc3433ba6281c1b4a58fbbc9d51
1c593f4a688585b14c31e71fc64bfaa81d768984cdf182bca40ba8c524582685

HTTP Headers

GET /css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 14:13:00 GMT
date: Sat, 04 May 2024 14:13:00 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

alwingulla.com/88/tag.min.js

104.21.72.155

200 OK

81 kB

URL GET HTTP/2
alwingulla.com/88/tag.min.js
IP
104.21.72.155:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subjectalwingulla.com
FingerprintB6:A3:BD:4F:5E:0D:58:50:07:9D:17:E0:30:97:67:97:9E:23:1A:1C
ValidityTue, 12 Mar 2024 16:48:22 GMT - Mon, 10 Jun 2024 16:48:21 GMT

File type
JavaScript source, ASCII text, with very long lines (65494)
Size
81 kB (81042 bytes)
Hash
d8fe6d8977be78f78ee48c068b8c8686
e9c96bfc9bcd374f528f73c0441c2358d6d1d135
43423a879e310562ceed423aa563f4fac45713e6f59b0517d897e2c96a42993b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /88/tag.min.js HTTP/1.1
Host: alwingulla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 14:12:59 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 624b03ca331891542e6efac5f0adfba8
cache-control: max-age=86400
last-modified: Fri, 03 May 2024 05:52:08 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Sun, 05 May 2024 05:45:33 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 30446
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F0H5k%2FqO2JfySpj1K1Gcv520WOOAAMPx2muKoxNXm90b0xRTZaI72wuLHQXigj8OMjEiKY0q%2BIwYUqIoBtsmzOAj6kDj0uhOiKv23bmCvmtheoU86ht8JPNucyIyatBjSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e916c1799c1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

externalde.com/out/xyhkxckud/?ctrl_id=6636426d944bc264752887&ctrl_ab=burp&ctrl_ts=1714831981.6074&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=w78hsnqua6mmt6213fvqrr0q

104.21.9.15

302 Found

1.1 kB

URL GET HTTP/2
externalde.com/out/xyhkxckud/?ctrl_id=6636426d944bc264752887&ctrl_ab=burp&ctrl_ts=1714831981.6074&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=w78hsnqua6mmt6213fvqrr0q
IP
104.21.9.15:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anonzip.com/114C/Liliths_Throne_v0.4.9.5_exe_version.zip
Certificate
IssuerGoogle Trust Services LLC
Subjectexternalde.com
Fingerprint0D:2A:5D:DC:29:15:BD:05:1C:8E:F1:C5:82:D4:C0:5C:D6:A5:AB:58
ValiditySat, 27 Apr 2024 14:00:09 GMT - Fri, 26 Jul 2024 14:00:08 GMT

File type

Size
1.1 kB (1073 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /out/xyhkxckud/?ctrl_id=6636426d944bc264752887&ctrl_ab=burp&ctrl_ts=1714831981.6074&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=w78hsnqua6mmt6213fvqrr0q HTTP/1.1
Host: externalde.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 04 May 2024 14:13:01 GMT
content-type: text/html; charset=UTF-8
location: https://lkbx.me/4KqY7?uid=w78hsnqua6mmt6213fvqrr0q
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XKL%2FsBLyXbn3rd%2Fuqr2nkDBwZsyCydNh6RTok%2BKsVGahYfwDivVSDjyQGol4LbfaMsY0RpVXBEKVCJJWoJ56olRxam5YCzXqBnUzRv9RMQKD1cIyHsfBiPKhVHzpdUhCLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e916ce4d535696-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (25)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML