Report - cdn-126.anonfiles.com/B3d2k6Cdy6/c784a56b-1665580400/Wallpaper%20Dumps.zip

Report Overview

URL

cdn-126.anonfiles.com/B3d2k6Cdy6/c784a56b-1665580400/Wallpaper%20Dumps.zip
IP

195.96.151.78

ASN

#41634 Svea Hosting AB
Submitted

2022-10-12T13:13:32Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

4

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
cdn-126.anonfiles.com (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	884	678	195.96.151.78
ocsp.pki.goog (3)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	993	2097	142.250.74.3
houldthinkhi.buzz (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1029	1150	172.67.146.18
otireofhisl.one (3)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2172	4167	54.230.111.44
eautumncam.one (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	411	676	54.230.111.105
baconaces.pro (1)	835148	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	453	376	44.195.137.121
www.facebook.com (1)	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	429	3141	31.13.72.36
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758	2733	54.230.111.65
vjs.zencdn.net (2)	4968	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	726	142778	151.101.86.217
accounts.google.com (4)	81	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2245	22931	216.58.207.237
pogothere.xyz (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	777	1698	172.64.198.35
anonfiles.com (21)	117161	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8370	150920	45.154.253.151
swordhilte.buzz (4)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1746	344	107.22.28.167
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321	229	34.117.237.239
ocsp.digicert.com (3)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	987	2391	93.184.220.29
djv99sxoqpv11.cloudfront.net (3)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1562	70634	54.230.245.59
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594	127	35.81.125.88
e1.o.lencr.org (2)	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	652	1454	23.36.77.32
img-getpocket.cdn.mozilla.net (5)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2644	47924	34.120.237.76
r3.o.lencr.org (10)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3260	8868	23.36.77.32
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401	5843	34.160.144.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-12	medium	djv99sxoqpv11.cloudfront.net/vWmlTWG05Bj0+Ui4AN2VaaV5galR8AyA3AypUByxfK1EYMz0dDAQzBSA4Jn4ZIA1uaEs2CD0/UHwMPTtQa08yPA9nXXUsHTUCbjwCLBg7IAYzEz5+GDtUPjcXMwU/OUhoL2Z2XX9bY3AVa1h2ay9/W2M0BDQcK31fahFrbjJsXXZrL39bYyobf1oSYVt0WX-p9X2oONjsGNUxhHl9qWGNoXGpYdmpdPAAhPQs1EXZqK2NffWhLL1Ri	Malware
2022-10-12	medium	djv99sxoqpv11.cloudfront.net/6ak9jdjUJIA0QCh4mB0sCWXhQRQVMJRAZWxpyAA56InwvAHAlGiwdfUw7GRIIWmkPF1sNckUTWwlyUlBUDi1eQhMfLl4bWhAmDxpUT30lQxtaalFGHRJ+UlMGKGpRRlkDIRYOEFh/G04DNXlXUwYoalFGRxxqUDcMXGFTXxBYfwQTVgEgRkRzWH9SRgVbf1-JTB1opCgRQDCAbUwcsdlVYBUw6Xkc	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-10-12	medium	houldthinkhi.buzz	Sinkholed
2022-10-12	medium	houldthinkhi.buzz	Sinkholed

HTTP Transactions (74)

URL IP Response Size

cdn-126.anonfiles.com/B3d2k6Cdy6/c784a56b-1665580400/Wallpaper%20Dumps.zip

195.96.151.78

301 Moved Permanently

162

URL HTTP/1.1

cdn-126.anonfiles.com/B3d2k6Cdy6/c784a56b-1665580400/Wallpaper%20Dumps.zip
IP

195.96.151.78:0
ASN

#41634 Svea Hosting AB

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

162
Hash

4f8e702cc244ec5d4de32740c0ecbd97

3adb1f02d5b6054de0046e367c1d687b6cdf7aff

9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

                                        GET /B3d2k6Cdy6/c784a56b-1665580400/Wallpaper%20Dumps.zip HTTP/1.1
Host: cdn-126.anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 12 Oct 2022 13:13:21 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://cdn-126.anonfiles.com/B3d2k6Cdy6/c784a56b-1665580400/Wallpaper%20Dumps.zip

firefox.settings.services.mozilla.com/v1/

54.230.111.65

200 OK

939

URL HTTP/1.1

firefox.settings.services.mozilla.com/v1/
IP

54.230.111.65:0
ASN

#16509 AMAZON-02

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

3f17af4e8a1739eda4a518039f4892f9

c3feba08ae7e8f57e0fe9bcd2ebedea6bda67cbb

c485b09cad08b5233fe8753682faf59219fe0d18fcc34d90dc88fb0971295f5f

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 12 Oct 2022 12:49:13 GMT
Expires: Wed, 12 Oct 2022 13:32:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 7chrTyWIMIkH7pIlJImzTcfcrWhq7nGMwcH59w7Vnn5i6ekx1RkRoA==
Age: 1448

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

e0602913f3d432ffbfaa654440972ee1

e5aaf31749e65875fd840091f9a3bba641de413d

5495ad212166703dcd1d17d7aa6ff4d1c40e73dfad703d24f00f60f35bc7d56c

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5495AD212166703DCD1D17D7AA6FF4D1C40E73DFAD703D24F00F60F35BC7D56C"
Last-Modified: Tue, 11 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3235
Expires: Wed, 12 Oct 2022 14:07:16 GMT
Date: Wed, 12 Oct 2022 13:13:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

ceb45134349ef6afcb5b4bb730678041

15dc3ecb18e30e77cd7c694dd237bff9be583e7a

a39e0827fa31257562bb681e312ec2944a862e9ad4e568a803f6e09e994a6018

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A39E0827FA31257562BB681E312EC2944A862E9AD4E568A803F6E09E994A6018"
Last-Modified: Tue, 11 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14359
Expires: Wed, 12 Oct 2022 17:12:40 GMT
Date: Wed, 12 Oct 2022 13:13:21 GMT
Connection: keep-alive

cdn-126.anonfiles.com/B3d2k6Cdy6/c784a56b-1665580400/Wallpaper%20Dumps.zip

195.96.151.78

301 Moved Permanently

URL HTTP/1.1

cdn-126.anonfiles.com/B3d2k6Cdy6/c784a56b-1665580400/Wallpaper%20Dumps.zip
IP

195.96.151.78:0
ASN

#41634 Svea Hosting AB

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /B3d2k6Cdy6/c784a56b-1665580400/Wallpaper%20Dumps.zip HTTP/1.1
Host: cdn-126.anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 12 Oct 2022 13:13:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://anonfiles.com/B3d2k6Cdy6
X-Cache-Host: filecache-03
X-Cache-Disk: nvme-01
Accept-Ranges: bytes

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

67d5a988edcda47bc3b3b3f65d32b4b6

d4f0e0da8b3690cc7da925026d3414b68c7d954f

55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: eNP/cCoW+k/aHkOnrnAUz5xR93n/JcTCFHHYlULz+XtT+d+08XgKdqQfLJ0Q7ccEDafDh80kuhA=
x-amz-request-id: Y5JM20SGBFR715P2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 12 Oct 2022 13:01:17 GMT
age: 724
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

fbdd7be8de9b13c60bc9a8c98ade82c2

c2f646b1a00e2c91838534f9c7e2b14ec756e05b

ff70ff7d4aa84c55a6d208193e4afe731238cb3d92cb9909722616a03db1fedd

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF70FF7D4AA84C55A6D208193E4AFE731238CB3D92CB9909722616A03DB1FEDD"
Last-Modified: Tue, 11 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10864
Expires: Wed, 12 Oct 2022 16:14:25 GMT
Date: Wed, 12 Oct 2022 13:13:21 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Wed, 12 Oct 2022 13:13:21 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

anonfiles.com/B3d2k6Cdy6

45.154.253.151

200 OK

2950

URL HTTP/1.1

anonfiles.com/B3d2k6Cdy6
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (515)

Size

2950
Hash

6882994d270ab8e0d7fc8108deb87174

ec45f61a75d43260e83e6f56dee1b88670b7cf77

e64744f203fc77ca38a4201df981a2a9ebad616010961ba4740572aeea77c1d7

HTTP Headers

                                        GET /B3d2k6Cdy6 HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdc: Yes
cache-control: public, max-age=60
x-oe: N
Content-Encoding: gzip

anonfiles.com/css/anonfiles.css?1663360421

45.154.253.151

200 OK

25261

URL HTTP/1.1

anonfiles.com/css/anonfiles.css?1663360421
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

ASCII text, with very long lines (65452)

Size

25261
Hash

bf84dfe5f6e6044aa4c1095a7a9a850e

e411fe5ea4f2b5ce7382dfe3079589f4817ad165

2af9a43ff27bbcad03007d87fa7d09bed286aa594a3a3d2e16f409319e782f60

HTTP Headers

                                        GET /css/anonfiles.css?1663360421 HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:21 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1168
Content-Encoding: gzip

anonfiles.com/sw_anonfiles.js

45.154.253.151

200 OK

15666

URL HTTP/1.1

anonfiles.com/sw_anonfiles.js
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

ASCII text, with very long lines (25712)

Size

15666
Hash

5e03f95322bfd924a10943354a145be8

149a1d27b2169791e547a074c3d40b279319d35b

27217ff2c97023ff148125e47bcc97af3fbc6307336f8b67689da13ffb14acaf

HTTP Headers

                                        GET /sw_anonfiles.js HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:22 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 34150
Content-Encoding: gzip

anonfiles.com/js/app.js?1663360421

45.154.253.151

200 OK

57886

URL HTTP/1.1

anonfiles.com/js/app.js?1663360421
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

ASCII text, with very long lines (63238)

Size

57886
Hash

ba67ff13fd07739a7037fbc27b2a1955

3e253f69b2f12659c541de122c6bce0ed82ba369

1cb363c41be4b3558b7b97b28bb7620cf532033c8a7a0035020831c104aaf818

HTTP Headers

                                        GET /js/app.js?1663360421 HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:22 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1110
Content-Encoding: gzip

anonfiles.com/img/flags/24/kr.png

45.154.253.151

200 OK

988

URL HTTP/1.1

anonfiles.com/img/flags/24/kr.png
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

988
Hash

cb22f00511d088a71e84f8c1c864caed

6599812ed106bda6017487287e12bc836570649f

09a03e08c73db3d8fb50241f004b69d673ec8ea90a6ca7252d66ce821d0b6db1

HTTP Headers

                                        GET /img/flags/24/kr.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:22 GMT
Content-Type: image/png
Content-Length: 988
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2456
accept-ranges: bytes

anonfiles.com/img/flags/24/br.png

45.154.253.151

200 OK

1115

URL HTTP/1.1

anonfiles.com/img/flags/24/br.png
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

1115
Hash

6a5938d2e7f7d6f4026d6eb1b4b4f2cd

7a038177fe4deec455d61d3e9c90019fa4727d40

0ab6c46e677fa7e49b6344fcde39c06ff6c014d9163571cdb36f8b5fc59c17eb

HTTP Headers

                                        GET /img/flags/24/br.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:22 GMT
Content-Type: image/png
Content-Length: 1115
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 201
accept-ranges: bytes

anonfiles.com/img/flags/24/fr.png

45.154.253.151

200 OK

536

URL HTTP/1.1

anonfiles.com/img/flags/24/fr.png
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

536
Hash

e81efecf1a1b1d3a17d00a904c5cc3c9

1203894dbfc8363302dc709d852c05a4dd8bf9dc

54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750

HTTP Headers

                                        GET /img/flags/24/fr.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:22 GMT
Content-Type: image/png
Content-Length: 536
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3577
accept-ranges: bytes

vjs.zencdn.net/7.3.0/video.min.js

151.101.86.217

200 OK

132230

URL HTTP/2

vjs.zencdn.net/7.3.0/video.min.js
IP

151.101.86.217:0
ASN

#54113 FASTLY

Magic

Unicode text, UTF-8 text, with very long lines (65141)

Size

132230
Hash

e296d874aca2a1550b409394be51efaa

c184c030e9aab3d03de27bc588919e249d5ccdf7

401c15b7916797f936e9d8443945ef22e0f93305655c057a92c8d9b80c327c9f

HTTP Headers

                                        GET /7.3.0/video.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "057f19acd50fc7e3ad917dd600889ee5"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Wed, 12 Oct 2022 13:13:22 GMT
x-served-by: cache-bma1640-BMA
x-cache: HIT
x-cache-hits: 6
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 132230
X-Firefox-Spdy: h2

vjs.zencdn.net/7.3.0/video-js.min.css

151.101.86.217

200 OK

9673

URL HTTP/2

vjs.zencdn.net/7.3.0/video-js.min.css
IP

151.101.86.217:0
ASN

#54113 FASTLY

Magic

ASCII text, with very long lines (35998), with no line terminators

Size

9673
Hash

3397ce943db8add2728dccd9a3b8b8bc

a57bbb7546a458fe57d72d06baab950125260cc9

5779043d07e39f23d64752c34c3113055eaaadf57fcd02f366cb028485e626ba

HTTP Headers

                                        GET /7.3.0/video-js.min.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "895e6b29db41953ef6197815c6be59d3"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Wed, 12 Oct 2022 13:13:22 GMT
x-served-by: cache-bma1640-BMA
x-cache: HIT
x-cache-hits: 3835
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 9673
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

54.230.111.65

200 OK

329

URL HTTP/1.1

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

54.230.111.65:0
ASN

#16509 AMAZON-02

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 12 Oct 2022 12:29:41 GMT
Expires: Wed, 12 Oct 2022 12:44:42 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: x7UnqoUVEqNj2Y9mbhkQujY9qKlGsdOY_zrHJKkpljdCPWhaN0S2_A==
Age: 2621

anonfiles.com/img/flags/24/jp.png

45.154.253.151

200 OK

599

URL HTTP/1.1

anonfiles.com/img/flags/24/jp.png
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

599
Hash

857f6f0e0886a3729b758b7241e42e61

a7be973a93c6ad51cf07a9f21a5dd72cc3e15680

8e7b1cd46120293756d1f21bac4de809d2895c7c26dc7586e3e2a09a0f7c1d64

HTTP Headers

                                        GET /img/flags/24/jp.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:22 GMT
Content-Type: image/png
Content-Length: 599
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2469
accept-ranges: bytes

anonfiles.com/img/flags/24/de.png

45.154.253.151

200 OK

483

URL HTTP/1.1

anonfiles.com/img/flags/24/de.png
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

483
Hash

9f8cc07c258bcd2de0c7900861e20ffc

fed97219e44693d4f3918fc4037b325732225d81

07cd5a4cad20604f77dced9c7d8a92ca9ae3321718e5a1935296e4d75f921a19

HTTP Headers

                                        GET /img/flags/24/de.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:22 GMT
Content-Type: image/png
Content-Length: 483
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2618
accept-ranges: bytes

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

63604bda613d148120c491e2f095255f

0fc63ecaff8a0f36dc2a82f3fb187725d0064d69

8478a84e8513fb9afb0d1c369b668bd37ca98943a624ac3a3a69165536bd1748

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3787
Cache-Control: max-age=158194
Content-Type: application/ocsp-response
Date: Wed, 12 Oct 2022 13:13:22 GMT
Etag: "63467599-1d7"
Expires: Fri, 14 Oct 2022 09:09:56 GMT
Last-Modified: Wed, 12 Oct 2022 08:06:49 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

anonfiles.com/img/flags/24/in.png

45.154.253.151

200 OK

593

URL HTTP/1.1

anonfiles.com/img/flags/24/in.png
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

593
Hash

ccaf96cfc341dc9a17e24b96bef223ff

8791d6db6628e0fb21b847ab94484f0c615e38ac

728e008d94e2e3bae2679d50a051562f1ccce1fd604196c7880a3d96f3070354

HTTP Headers

                                        GET /img/flags/24/in.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:22 GMT
Content-Type: image/png
Content-Length: 593
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3570
accept-ranges: bytes

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

0752306815ad563e9423134af1172468

770d55f581421a2f48b03a9aad124e4edd4514cb

3467102c7f39165ca8a27a701e0be1b6718ee4f7002fa7e333113aec91a234b2

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3467102C7F39165CA8A27A701E0BE1B6718EE4F7002FA7E333113AEC91A234B2"
Last-Modified: Tue, 11 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19917
Expires: Wed, 12 Oct 2022 18:45:19 GMT
Date: Wed, 12 Oct 2022 13:13:22 GMT
Connection: keep-alive

anonfiles.com/img/flags/24/se.png

45.154.253.151

200 OK

581

URL HTTP/1.1

anonfiles.com/img/flags/24/se.png
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

581
Hash

c9b1e40987c4411b4a7d13c07a8843aa

cfce93be3ba77e4e30033d25e2e5c6a37da1b27d

8c04b3b52d605637bb4c6a26449c45e5320a3f33f14e8c737ce599433bc19f14

HTTP Headers

                                        GET /img/flags/24/se.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:22 GMT
Content-Type: image/png
Content-Length: 581
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 230
accept-ranges: bytes

djv99sxoqpv11.cloudfront.net/?xsvjd=737329

54.230.245.59

200 OK

68607

URL HTTP/2

djv99sxoqpv11.cloudfront.net/?xsvjd=737329
IP

54.230.245.59:0
ASN

#16509 AMAZON-02

Magic

Unicode text, UTF-8 text, with very long lines (15945)

Size

68607
Hash

d681536509b4fb04573b989aafd609cb

e37204603a3b2cc3369c8a2f206ff51608e945d3

b148aa06b55936fcd0d70965e5a05cdfd0eb07f9ec8456b7f45eb4de25a672ab

HTTP Headers

                                        GET /?xsvjd=737329 HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-length: 68607
date: Wed, 12 Oct 2022 13:13:22 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7cdY0HktOl_eKCsZCfzCJG3kWqX0GIpz0iV8o5PO2IrNtzI4YBim8w==
X-Firefox-Spdy: h2

anonfiles.com/img/flags/24/pl.png

45.154.253.151

200 OK

347

URL HTTP/1.1

anonfiles.com/img/flags/24/pl.png
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

347
Hash

baf3aff7caef0be58f29b41f20a0e4db

11c840dfa1f1bd22a04aa1fa53fcac95f381b9a6

0a3a8803b7a137166a04369522ec2b31513dcd4c07e2120107c55d9a7f7b646f

HTTP Headers

                                        GET /img/flags/24/pl.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:22 GMT
Content-Type: image/png
Content-Length: 347
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3548
accept-ranges: bytes

push.services.mozilla.com/

35.81.125.88

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

35.81.125.88:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AzAGfz9wNZlavAH6aiWjxw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rQVx4IzRVAjAtjH2b6qjqQdNP3c=

anonfiles.com/img/flags/24/dk.png

45.154.253.151

200 OK

537

URL HTTP/1.1

anonfiles.com/img/flags/24/dk.png
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

537
Hash

b6ebe55a7d176720cd2b1003298187a8

930858408b9af1f79c430bbe15c185db555a7815

07575cf7a8d7d2b8edfbea80f8e8a228ecc56a03a567bc60c0ef4dc6ac0f328a

HTTP Headers

                                        GET /img/flags/24/dk.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:22 GMT
Content-Type: image/png
Content-Length: 537
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 4931
accept-ranges: bytes

houldthinkhi.buzz/QkdiQmtteAExVhc9Bi46Fw0LBgcAdgYVGAoSKgBaGCAkGghxBkQ2AiZ6VXFccXVbZBsrI19zTTEzAzYeMXpTZAIsIQ1/TTR6U2xYdmlQe0VyYRd/WmQzEiMMf3ZEMh82K19zXXRyV3pbdndQdF5z

172.67.146.18

204 No Content

URL HTTP/2

houldthinkhi.buzz/QkdiQmtteAExVhc9Bi46Fw0LBgcAdgYVGAoSKgBaGCAkGghxBkQ2AiZ6VXFccXVbZBsrI19zTTEzAzYeMXpTZAIsIQ1/TTR6U2xYdmlQe0VyYRd/WmQzEiMMf3ZEMh82K19zXXRyV3pbdndQdF5z
IP

172.67.146.18:0
ASN

#13335 CLOUDFLARENET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /QkdiQmtteAExVhc9Bi46Fw0LBgcAdgYVGAoSKgBaGCAkGghxBkQ2AiZ6VXFccXVbZBsrI19zTTEzAzYeMXpTZAIsIQ1/TTR6U2xYdmlQe0VyYRd/WmQzEiMMf3ZEMh82K19zXXRyV3pbdndQdF5z HTTP/1.1
Host: houldthinkhi.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 204 No Content
date: Wed, 12 Oct 2022 13:13:22 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bpU%2FhFfTMH53L0HcDb%2F0vYLYXJTCkE0l7%2FsKEYGBDjncsiDGL7cc0uVusoMIVpu%2B9tu0pOPQESondQ5cTmWHg1R%2FfFja0dS043adKO%2B2KvJXiTEluYrffYB5L5KLJt1dddUXuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 759017ad39a4b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

otireofhisl.one/d0xZdHkWLjoZRhZxO1IMBSBkUUsxaWsyHR06YE0KDyMoBA9GfXcXFRg5PRILGCItWhcSOHxGPwEbNBgtIAtpQTsdfHxGOyIlbTU3RRo4FS9CKzgYK08NIDVKNjUpITsOND8/SDIVFA5JEwgYJQM1HxhAMxl4Az04Rjk4MQpFDx1EXEUKDDwOOhwNACgWfGENKTZ1NywhIj8RICw0LjMDOjsOPkMwNhUjMQNCaWs2PjM4DCQTFBQUAyxSfh87LB8jFUYjRRQBTRsufxgiGEYkaxUATmlrMi5FAWk2PSYvEkdIES0xMgsVJhMHIS8WKzhKTi4ADRYVKmgbKi4aLUQuL2EpTSFFIxY6EwQLFyEBHwQ1TQggCxcbITA8ABAUBygJNTgfHAgHSDIUAwUyRQI/Ei4fABVFKx5qMwcWGTxkIA1FPWE/EicLPCMSHzYIAQ

54.230.111.44

200 OK

1180

URL HTTP/2

otireofhisl.one/d0xZdHkWLjoZRhZxO1IMBSBkUUsxaWsyHR06YE0KDyMoBA9GfXcXFRg5PRILGCItWhcSOHxGPwEbNBgtIAtpQTsdfHxGOyIlbTU3RRo4FS9CKzgYK08NIDVKNjUpITsOND8/SDIVFA5JEwgYJQM1HxhAMxl4Az04Rjk4MQpFDx1EXEUKDDwOOhwNACgWfGENKTZ1NywhIj8RICw0LjMDOjsOPkMwNhUjMQNCaWs2PjM4DCQTFBQUAyxSfh87LB8jFUYjRRQBTRsufxgiGEYkaxUATmlrMi5FAWk2PSYvEkdIES0xMgsVJhMHIS8WKzhKTi4ADRYVKmgbKi4aLUQuL2EpTSFFIxY6EwQLFyEBHwQ1TQggCxcbITA8ABAUBygJNTgfHAgHSDIUAwUyRQI/Ei4fABVFKx5qMwcWGTxkIA1FPWE/EicLPCMSHzYIAQ
IP

54.230.111.44:0
ASN

#16509 AMAZON-02

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3026), with no line terminators

Size

1180
Hash

c1b79594f3c2248111e3b86e83a3ff17

aa8bdf9c0d4881a85049ba88671a9ffaafefe984

b62b2180c9bee30b10f32d813294ff39f6aaaa21e296d15dda46bce2511a1643

HTTP Headers

                                        GET /d0xZdHkWLjoZRhZxO1IMBSBkUUsxaWsyHR06YE0KDyMoBA9GfXcXFRg5PRILGCItWhcSOHxGPwEbNBgtIAtpQTsdfHxGOyIlbTU3RRo4FS9CKzgYK08NIDVKNjUpITsOND8/SDIVFA5JEwgYJQM1HxhAMxl4Az04Rjk4MQpFDx1EXEUKDDwOOhwNACgWfGENKTZ1NywhIj8RICw0LjMDOjsOPkMwNhUjMQNCaWs2PjM4DCQTFBQUAyxSfh87LB8jFUYjRRQBTRsufxgiGEYkaxUATmlrMi5FAWk2PSYvEkdIES0xMgsVJhMHIS8WKzhKTi4ADRYVKmgbKi4aLUQuL2EpTSFFIxY6EwQLFyEBHwQ1TQggCxcbITA8ABAUBygJNTgfHAgHSDIUAwUyRQI/Ei4fABVFKx5qMwcWGTxkIA1FPWE/EicLPCMSHzYIAQ HTTP/1.1
Host: otireofhisl.one
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: text/html
content-length: 1180
date: Wed, 12 Oct 2022 13:13:22 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: F7S1KD7A_aPmxgsRGxE9FoW-6NSO5CqLK0BTTA2KErR-ZrXX9h1b3g==
X-Firefox-Spdy: h2

otireofhisl.one/alZvWDELNAw1DgtrDX5EGDpSfQMsc10eVQAgVmFCEjkeKEdbZ0E7XQUjCz5DBTgbdl8PIkpqd1w3BGFbDjw6EngrZj4bWV47LWhCKQE3MGA4BzkVezgXNQ9JGi8uGQRcHwEvRyseLjR2AyELPmQdYSgKeCMBAjNhLGccFlIBAzsPRgYvOjRzPxIGaVQ7PiI+fQZiDQ9ZKzsrIEE/AlxoXTsuGzlQBhAoEGMgc10aZAYbKBN2GgQ9NFouHz0Bfi8QB30DLBFfbHUkDgMAZB0PADldLBE9IEkbAys7fDIRKQxpEhQ2PkY7Ajk/dA0EBApLPR5WC2MNAA0+AEccOxoABSYsP2M7EiwZUz8hDCtVBgA2GmQdYDczUkw8HDdfGmsMIH4iZSMudCUDIDN5

54.230.111.44

200 OK

1155

URL HTTP/2

otireofhisl.one/alZvWDELNAw1DgtrDX5EGDpSfQMsc10eVQAgVmFCEjkeKEdbZ0E7XQUjCz5DBTgbdl8PIkpqd1w3BGFbDjw6EngrZj4bWV47LWhCKQE3MGA4BzkVezgXNQ9JGi8uGQRcHwEvRyseLjR2AyELPmQdYSgKeCMBAjNhLGccFlIBAzsPRgYvOjRzPxIGaVQ7PiI+fQZiDQ9ZKzsrIEE/AlxoXTsuGzlQBhAoEGMgc10aZAYbKBN2GgQ9NFouHz0Bfi8QB30DLBFfbHUkDgMAZB0PADldLBE9IEkbAys7fDIRKQxpEhQ2PkY7Ajk/dA0EBApLPR5WC2MNAA0+AEccOxoABSYsP2M7EiwZUz8hDCtVBgA2GmQdYDczUkw8HDdfGmsMIH4iZSMudCUDIDN5
IP

54.230.111.44:0
ASN

#16509 AMAZON-02

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2998), with no line terminators

Size

1155
Hash

1ab2a341665e6ab4435511910e9626cc

e55a42711ba59b39deef49418529368f9ed732c3

141993f629058839e7aa354e39e09abd6c072ee20b304b258aaf85acfe37d23a

HTTP Headers

                                        GET /alZvWDELNAw1DgtrDX5EGDpSfQMsc10eVQAgVmFCEjkeKEdbZ0E7XQUjCz5DBTgbdl8PIkpqd1w3BGFbDjw6EngrZj4bWV47LWhCKQE3MGA4BzkVezgXNQ9JGi8uGQRcHwEvRyseLjR2AyELPmQdYSgKeCMBAjNhLGccFlIBAzsPRgYvOjRzPxIGaVQ7PiI+fQZiDQ9ZKzsrIEE/AlxoXTsuGzlQBhAoEGMgc10aZAYbKBN2GgQ9NFouHz0Bfi8QB30DLBFfbHUkDgMAZB0PADldLBE9IEkbAys7fDIRKQxpEhQ2PkY7Ajk/dA0EBApLPR5WC2MNAA0+AEccOxoABSYsP2M7EiwZUz8hDCtVBgA2GmQdYDczUkw8HDdfGmsMIH4iZSMudCUDIDN5 HTTP/1.1
Host: otireofhisl.one
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: text/html
content-length: 1155
date: Wed, 12 Oct 2022 13:13:22 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wrp7cVf0FS2Nt6iAwiX1z0YStq3N2BZNRKf116mQRzk9FnR3QCumAA==
X-Firefox-Spdy: h2

houldthinkhi.buzz/VWZLcXp6WSgCRwIKIAkePwI7ECsTJAomDjokDhI1Nws8Mi4iL20FEzFbfEJNZlV7Vwo8AnZAQnMVPxAOIBV2QFw8CC0eR3MQdkBUZUh5X0pzE3ZAXCEWKhZHZEA7BQ45W3pHTGBTc0FOZVR9R04

172.67.146.18

204 No Content

URL HTTP/2

houldthinkhi.buzz/VWZLcXp6WSgCRwIKIAkePwI7ECsTJAomDjokDhI1Nws8Mi4iL20FEzFbfEJNZlV7Vwo8AnZAQnMVPxAOIBV2QFw8CC0eR3MQdkBUZUh5X0pzE3ZAXCEWKhZHZEA7BQ45W3pHTGBTc0FOZVR9R04
IP

172.67.146.18:0
ASN

#13335 CLOUDFLARENET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /VWZLcXp6WSgCRwIKIAkePwI7ECsTJAomDjokDhI1Nws8Mi4iL20FEzFbfEJNZlV7Vwo8AnZAQnMVPxAOIBV2QFw8CC0eR3MQdkBUZUh5X0pzE3ZAXCEWKhZHZEA7BQ45W3pHTGBTc0FOZVR9R04 HTTP/1.1
Host: houldthinkhi.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 204 No Content
date: Wed, 12 Oct 2022 13:13:22 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KHUUqmsOKr2g6ULycCbtbpHV8IczcMPBDgohLuWT4fM1eGRSeigALh%2BY3HAcKm4qZj3pFeyJsdtX8oph1AkGkz%2BCc5Z6Y7AZIyuihJDn6ZYz5aiEpXuqgnyb0PmKtWxNqRqUkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 759017ad59d9b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

anonfiles.com/static/logo.png

45.154.253.151

200 OK

18441

URL HTTP/1.1

anonfiles.com/static/logo.png
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 450 x 150, 8-bit/color RGBA, non-interlaced\012- data

Size

18441
Hash

f9fd716d30e220aa24bab0e94ebf0aa0

4af32d78655436173f272bb65159a232f1671b8d

5e937c4d8fd33714e43b400f238cf37630e6eaeefa105cca9d77760223a16e94

HTTP Headers

                                        GET /static/logo.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:22 GMT
Content-Type: image/png
Content-Length: 18441
Connection: keep-alive
last-modified: Thu, 13 Aug 2020 11:36:54 GMT
etag: "5f3525d6-4809"

eautumncam.one/utx?tid=737323&top=anonfiles.com&cb=eADmdy6vvEN2

54.230.111.105

204 No Content

URL HTTP/2

eautumncam.one/utx?tid=737323&top=anonfiles.com&cb=eADmdy6vvEN2
IP

54.230.111.105:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /utx?tid=737323&top=anonfiles.com&cb=eADmdy6vvEN2 HTTP/1.1
Host: eautumncam.one
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonfiles.com
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 204 No Content
date: Wed, 12 Oct 2022 13:13:22 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://anonfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 12 Oct 2022 13:14:22 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _9lNP8oJZ5zeCvUW4JFe4biYBH3sx7sozyqoVspi_0CqvyqWTe3uQA==
X-Firefox-Spdy: h2

djv99sxoqpv11.cloudfront.net/vWmlTWG05Bj0+Ui4AN2VaaV5galR8AyA3AypUByxfK1EYMz0dDAQzBSA4Jn4ZIA1uaEs2CD0/UHwMPTtQa08yPA9nXXUsHTUCbjwCLBg7IAYzEz5+GDtUPjcXMwU/OUhoL2Z2XX9bY3AVa1h2ay9/W2M0BDQcK31fahFrbjJsXXZrL39bYyobf1oSYVt0WX-p9X2oONjsGNUxhHl9qWGNoXGpYdmpdPAAhPQs1EXZqK2NffWhLL1Ri

54.230.245.59

200 OK

557

URL HTTP/2

djv99sxoqpv11.cloudfront.net/vWmlTWG05Bj0+Ui4AN2VaaV5galR8AyA3AypUByxfK1EYMz0dDAQzBSA4Jn4ZIA1uaEs2CD0/UHwMPTtQa08yPA9nXXUsHTUCbjwCLBg7IAYzEz5+GDtUPjcXMwU/OUhoL2Z2XX9bY3AVa1h2ay9/W2M0BDQcK31fahFrbjJsXXZrL39bYyobf1oSYVt0WX-p9X2oONjsGNUxhHl9qWGNoXGpYdmpdPAAhPQs1EXZqK2NffWhLL1Ri
IP

54.230.245.59:0
ASN

#16509 AMAZON-02

Magic

ASCII text, with very long lines (784), with no line terminators

Size

557
Hash

f348a6898c261b649508abaebcb37fe9

7c9c7e881875ee4c90611db3a4952585f50b8d89

d450e5abd347a1421f5726fa4b5c91438293e2a35206b4107e98edb3ee553cc4

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /vWmlTWG05Bj0+Ui4AN2VaaV5galR8AyA3AypUByxfK1EYMz0dDAQzBSA4Jn4ZIA1uaEs2CD0/UHwMPTtQa08yPA9nXXUsHTUCbjwCLBg7IAYzEz5+GDtUPjcXMwU/OUhoL2Z2XX9bY3AVa1h2ay9/W2M0BDQcK31fahFrbjJsXXZrL39bYyobf1oSYVt0WX-p9X2oONjsGNUxhHl9qWGNoXGpYdmpdPAAhPQs1EXZqK2NffWhLL1Ri HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://otireofhisl.one/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
content-length: 557
date: Wed, 12 Oct 2022 13:13:23 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dsQs4b4NS-Jp3x-wwk9Xvte7VuBvLXkdIfR_S8TkxVmlSzKmRbgJ9Q==
X-Firefox-Spdy: h2

anonfiles.com/img/file/filetypes/ext/zip.png?1663359761

45.154.253.151

200 OK

874

URL HTTP/1.1

anonfiles.com/img/file/filetypes/ext/zip.png?1663359761
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data

Size

874
Hash

c3cc26839c5afb066f3d34cc293bf8c9

6a8cd435ef460872a2862098c3d2e060c425b5db

fa774f82fa9b5df9f5223894fc678f9a62191fdaeaba1b2231ba83d44a105618

HTTP Headers

                                        GET /img/file/filetypes/ext/zip.png?1663359761 HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:23 GMT
Content-Type: image/png
Content-Length: 874
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 152
accept-ranges: bytes

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

11282957b6f954e19c7e410868b79759

01df9042a850d6692ff35387346f96cd92d2288a

fb05e9512fc1c3665301a8a934f8823787fb3178297b7c15315f96305f7e1036

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FB05E9512FC1C3665301A8A934F8823787FB3178297B7C15315F96305F7E1036"
Last-Modified: Tue, 11 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3362
Expires: Wed, 12 Oct 2022 14:09:25 GMT
Date: Wed, 12 Oct 2022 13:13:23 GMT
Connection: keep-alive

anonfiles.com/img/flags/24/us.png

45.154.253.151

200 OK

656

URL HTTP/1.1

anonfiles.com/img/flags/24/us.png
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

656
Hash

ae506a6c014bfeb8d8cbfdfbe94c14c9

f4e74440c4e79e71959b9b8f799f2e8a7e15b7ee

bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1

HTTP Headers

                                        GET /img/flags/24/us.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:23 GMT
Content-Type: image/png
Content-Length: 656
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 5187
accept-ranges: bytes

djv99sxoqpv11.cloudfront.net/6ak9jdjUJIA0QCh4mB0sCWXhQRQVMJRAZWxpyAA56InwvAHAlGiwdfUw7GRIIWmkPF1sNckUTWwlyUlBUDi1eQhMfLl4bWhAmDxpUT30lQxtaalFGHRJ+UlMGKGpRRlkDIRYOEFh/G04DNXlXUwYoalFGRxxqUDcMXGFTXxBYfwQTVgEgRkRzWH9SRgVbf1-JTB1opCgRQDCAbUwcsdlVYBUw6Xkc

54.230.245.59

200 OK

253

URL HTTP/2

djv99sxoqpv11.cloudfront.net/6ak9jdjUJIA0QCh4mB0sCWXhQRQVMJRAZWxpyAA56InwvAHAlGiwdfUw7GRIIWmkPF1sNckUTWwlyUlBUDi1eQhMfLl4bWhAmDxpUT30lQxtaalFGHRJ+UlMGKGpRRlkDIRYOEFh/G04DNXlXUwYoalFGRxxqUDcMXGFTXxBYfwQTVgEgRkRzWH9SRgVbf1-JTB1opCgRQDCAbUwcsdlVYBUw6Xkc
IP

54.230.245.59:0
ASN

#16509 AMAZON-02

Magic

ASCII text, with no line terminators

Size

253
Hash

144026e3d1298e0e27ffec7b2e9bdb86

bdf7f3c4c6fa5629517e50824a8997ed90415d55

0dc9211f401df5fa564aadf11a5204ec279eb77354ea0686c3ce971a45608291

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /6ak9jdjUJIA0QCh4mB0sCWXhQRQVMJRAZWxpyAA56InwvAHAlGiwdfUw7GRIIWmkPF1sNckUTWwlyUlBUDi1eQhMfLl4bWhAmDxpUT30lQxtaalFGHRJ+UlMGKGpRRlkDIRYOEFh/G04DNXlXUwYoalFGRxxqUDcMXGFTXxBYfwQTVgEgRkRzWH9SRgVbf1-JTB1opCgRQDCAbUwcsdlVYBUw6Xkc HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://otireofhisl.one/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
content-length: 253
date: Wed, 12 Oct 2022 13:13:23 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: to1FNOnGdD4PoS_MjMpLeOSJJ-d2hy1NT7WS3KEl0ZhsoDzuxFEtDg==
X-Firefox-Spdy: h2

swordhilte.buzz/

107.22.28.167

200 OK

URL HTTP/2

swordhilte.buzz/
IP

107.22.28.167:0
ASN

#14618 AMAZON-AES

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        POST / HTTP/1.1
Host: swordhilte.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 380
Origin: https://anonfiles.com
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2

anonfiles.com/img/flags/24/ru.png

45.154.253.151

200 OK

403

URL HTTP/1.1

anonfiles.com/img/flags/24/ru.png
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

403
Hash

d8df89b036e6afb48f72d2440831bad0

04abb4b29dae9c6f1ac0f1d8a507aabe26a3be35

2db4b55326c0ef7cd3caf53e835ae1f38629da1d1c2f5a127e0785165b16078c

HTTP Headers

                                        GET /img/flags/24/ru.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:23 GMT
Content-Type: image/png
Content-Length: 403
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 256
accept-ranges: bytes

anonfiles.com/img/flags/24/es.png

45.154.253.151

200 OK

666

URL HTTP/1.1

anonfiles.com/img/flags/24/es.png
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

666
Hash

5fa381a8eb16d9e673d32980e7fd1710

fc29fbbebe97109ef1d16a0d4a65637d6b725ac8

7b6f223153c8eda1b541326f9cd66aeb53a28801c58c4de751fd2f9f6f1d96ff

HTTP Headers

                                        GET /img/flags/24/es.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:23 GMT
Content-Type: image/png
Content-Length: 666
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3583
accept-ranges: bytes

anonfiles.com/img/flags/24/fi.png

45.154.253.151

200 OK

456

URL HTTP/1.1

anonfiles.com/img/flags/24/fi.png
IP

45.154.253.151:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

456
Hash

0ea9115d18d5210d4f1db520881faa3a

09829c2b7b5e4bae28d62b1dff90220f28c3bdf5

544fee9d1bff8bc83865ab87538924de207ebe4848787496c7308b91b539b6da

HTTP Headers

                                        GET /img/flags/24/fi.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/B3d2k6Cdy6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 12 Oct 2022 13:13:23 GMT
Content-Type: image/png
Content-Length: 456
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 279
accept-ranges: bytes

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

2b9045885902afb286eef41988716895

550fd256897d4f483d00768972f56cd8c35e09e8

c3a8ae68f7eece41a71cd344042b97c99a12c61c5a40b29117fc3f6a8aa9eabd

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3755
Cache-Control: max-age=105585
Content-Type: application/ocsp-response
Date: Wed, 12 Oct 2022 13:13:23 GMT
Etag: "6345a83a-1d7"
Expires: Thu, 13 Oct 2022 18:33:08 GMT
Last-Modified: Tue, 11 Oct 2022 17:30:34 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (12)

#1 JS:Script (size: 45243)

#2 JS:Script (size: 193275)

#3 JS:Script (size: 167)

#4 JS:Script (size: 471)

#5 JS:Script (size: 1770)

#6 JS:Script (size: 2927)

#7 JS:Script (size: 0)

#8 JS:Script (size: 160)

#9 JS:Script (size: 57601)

#10 JS:Script (size: 2955)

#11 JS:Script (size: 784)

#12 JS:Script (size: 297)

HTTP Transactions (74)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP