Report - anonymfile.com/Y8V8/kur6996.rar

Report Overview

Submitted URL
anonymfile.com/Y8V8/kur6996.rar
IP
138.201.48.112
ASN
#24940 Hetzner Online GmbH
Submitted
2022-10-07 12:07:56
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
anonymfile.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.8 kB	288 kB	138.201.48.112
tzegilo.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	344 B	826 B	104.21.84.149
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
bedrapiona.com	34930	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	405 B	7.5 kB	139.45.197.234
offerimage.com	304078	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	406 B	12 kB	104.22.32.172
nanouwho.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	5.6 kB	139.45.197.242
onmarshtompor.com	24517	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	949 B	2.6 kB	139.45.197.243
interstitial-07.com	36198	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.6 kB	74 kB	139.45.197.152
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	162 kB	104.17.24.14
cdn.jsdelivr.net	439	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	357 B	19 kB	151.101.85.229
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	356 B	1.9 kB	104.18.20.226
unpkg.com	11693	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	151 kB	104.16.123.175
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	656 B	1.9 kB	104.18.32.68
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	931 B	1.5 kB	139.45.195.8
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	33 kB	34.120.237.76
unphionetor.com	54035	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	2.1 kB	139.45.197.236
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	54.230.111.65
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	8.9 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	44.242.32.27
propu.sh	86429	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	56 kB	139.45.197.250
betotodilea.com	52465	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	15 kB	139.45.197.237

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-07	medium	propu.sh/pfe/current/tag.min.js?z=5307590	Phishing
2022-10-07	medium	propu.sh/pfe/current/universal.min.js?v=3.1.396	Phishing
2022-10-07	medium	propu.sh/custom	Phishing
2022-10-07	medium	propu.sh/custom	Phishing
2022-10-07	medium	propu.sh/custom	Phishing
2022-10-07	medium	propu.sh/custom	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-10-07	medium	unphionetor.com	Sinkholed
2022-10-07	medium	unphionetor.com	Sinkholed
2022-10-07	medium	unphionetor.com	Sinkholed

JavaScript (28)

	URL	Size	First Seen	Last Seen
	anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js	12 kB	2023-03-07	2024-04-04
Pretty URL anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-04 06:40:42 Times Seen473 Hash 2387078eae8410f7e540e3866bcb2fda 324d38dcb7f7bcb16b355b6afdbbc87bd089422d 59dbda86041a5f394b83391ffe0b939341aabb817fa60a6ea78c80f5835596b5 Loading...

	http:text/javascript,window.pagespeed.psatemp%3D0%3B	27 B	2023-03-07	2024-04-04
Pretty URL http:text/javascript,window.pagespeed.psatemp%3D0%3B IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-04 06:40:42 Times Seen258 Hash f86030401d659579ca9f2dca91d7d691 bc05f88ca4d9dce8d78d6d39a3eed592ed714998 6d190c985949e8a0962ca2cede3c214de8085dc9d11c726af6c00c1ae5bb7ba9 Loading...

	cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js	11 kB	2023-03-07	2024-04-21
Pretty URL cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:42 Last Seen2024-04-21 00:54:15 Times Seen706 Hash 27784b7376dd992368c71b6c5559f358 f86d2ac408c4de0d5281cf91d6ddfb93e5e5d2ff 11be927cda59c8b6019ebbea838285c5beaf21183ea4b83dbd4e4fbf9413ce4a Loading...

	nanouwho.com/27/8895279539f8e7258627d3f113c8e00a	376 kB	2023-03-08	2023-03-08
Pretty URL nanouwho.com/27/8895279539f8e7258627d3f113c8e00a IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:17:10 Last Seen2023-03-08 12:45:55 Times Seen1 Hash cce4a0f0b9c805fb9dc66830a643d4e7 74fde84c8211861f7b58881418c7a1b15957eb36 ffdf868a37167c65b9776cad0ab0015866b822532e43c9155afa48740109bf92 Loading...

	anonymfile.com/Y8V8/kur6996.rar	102 B	2023-03-08	2023-03-08
Pretty URL anonymfile.com/Y8V8/kur6996.rar IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:19:12 Last Seen2023-03-08 08:19:12 Times Seen1 Hash 34cf5f8b72f0005e81b256f6bc6845ed b5ff574a55f97c6f3c2a049f0a12a7f409c9968b e7f3cb96e896bbbc223192ff79fea268742c815fa72999f05c03f93c0fcd65cb Loading...

	betotodilea.com/400/5307588	82 kB	2023-03-08	2023-03-08
Pretty URL betotodilea.com/400/5307588 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:19:12 Last Seen2023-03-08 08:19:12 Times Seen1 Hash ef59f390d0f46a2aeef06d8f48c9f24d 4d19a24d6a00cc4bbc64de75139f8b4dab789b76 248426edde2570b72fbd25ef96b4e2e8c119843e2975ef7dae3f14edfbd280d7 Loading...

	anonymfile.com/Y8V8/kur6996.rar	102 kB	2023-03-08	2023-03-08
Pretty URL anonymfile.com/Y8V8/kur6996.rar IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:31:55 Last Seen2023-03-08 13:48:56 Times Seen1 Hash d81397a5e000f17e2180d15b6520afb9 5613fa45aac39504cc6b2ba8a7c58417213e2bea bcbf8a19405ef6b4067be320a1a8ccbd4bd15efdd83705cd708e4c2ba0915d04 Loading...

	http:text/javascript,let%20mode%3D'light'%3Blet%20theme%3DlocalStorage.getItem(%22theme%22)%3Bif(theme%3D%3Dnull)%7Bif(mode%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7D%7Delse%7Bif(theme%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7Delse%7B%24('.theme').removeClass('dark')%3B%7D%7D	213 B	2023-03-07	2023-08-29
Pretty URL http:text/javascript,let%20mode%3D'light'%3Blet%20theme%3DlocalStorage.getItem(%22theme%22)%3Bif(theme%3D%3Dnull)%7Bif(mode%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7D%7Delse%7Bif(theme%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7Delse%7B%24('.theme').removeClass('dark')%3B%7D%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2023-08-29 21:14:02 Times Seen131 Hash ccea0e1846102f4f1ed17644f6c6baa6 e43c87b583bef9f3e325ab7bf9ccf4a1f80bc35a e84714cb230edad68ac36e473976e94ca40d378d53fc1b7b539c03879f7ab887 Loading...

	unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js	7.4 kB	2023-03-07	2024-02-08
Pretty URL unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js IP 104.16.123.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-02-08 07:46:02 Times Seen604 Hash 6170d2a086cb1d5769c6fd1f76edf99b d61c541caceb4e5deb35d8642702b89091a8bb42 6fc678b64782a17a266b5675e195be5956efd7513fd228143901b427983df928 Loading...

	anonymfile.com/js/site.js	9.4 kB	2023-03-07	2024-04-21
Pretty URL anonymfile.com/js/site.js IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:42 Last Seen2024-04-21 00:54:15 Times Seen432 Hash afecd65686f50e645b8e1ee3edade2c2 f038373fb9efa997f7aeba9f80a47fbc3d6bd634 524fcae3468beb724c12b61925a2c1dcdb482f37783cd9d3f7630ae8bafa3d2a Loading...

	cdn.jsdelivr.net/npm/sweetalert2@11	65 kB	2023-03-08	2024-03-04
Pretty URL cdn.jsdelivr.net/npm/sweetalert2@11 IP 151.101.85.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:19:12 Last Seen2024-03-04 16:51:37 Times Seen2 Hash f5d762cc3f2040d2bd597466229e2925 e1c372ad4965b4850b5d6949cfda022ed62f574b 07f27013d0d59ae97a823f54fdcb2be47d7f82031c3b00f971ad40f6e06a7d8d Loading...

	inklinkor.com/tag.min.js	72 kB	2023-03-08	2023-03-08
Pretty URL inklinkor.com/tag.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:19:12 Last Seen2023-03-08 12:31:52 Times Seen1 Hash 944ed8775edacd9959ae6401222db078 58d7ac3f40decb7cf0cfb0885874251bd10c2ac0 02e266e33e78d40a56ec16f1493f408e1bf2b7d4696681887b3e3b29fc70af93 Loading...

	nanouwho.com/42/38?z=5307589	0 B	2023-03-07	2024-04-23
Pretty URL nanouwho.com/42/38?z=5307589 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-23 08:34:28 Times Seen37018077 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unphionetor.com/fv.js?t=72747&cb=817323766	5.2 kB	2023-03-07	2024-04-19
Pretty URL unphionetor.com/fv.js?t=72747&cb=817323766 IP 139.45.197.236 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-19 12:42:09 Times Seen2354 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	interstitial-07.com/?l=5KiJw7BDBzgssAn&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3667347890%26z%3D5307589%26b%3D14505326%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D8AyS_PO5ZVcrPjYVgEbqovhwQiZucN0BwK-DfYFsJfF8wJoamE4d3P6oz2MBM0DDJzlvFIAKcO2t_8aOj7GhjAlpHTRBDJYqPIzLeYMUlQ4nQ8XP_FY4qqQE2-W_6ML_lNG5DFAxN01jtFOE8ittJ1qlLOoV7DUa-JjpSxLxYxBsl0a4L04ruJcoAf08s-Fb4lkIFPJ9mwlRlMGomNKzWMqiqTLnIWgZK919sUCLBU2aTtLIKzlDzCX1bA5BwTPS_VbMom7E8xLwZZUNbyM6o0f_F8X0_Sa9966HxklpRjMsoLpI2WnBWWPVwz8SyAn7eUqYkxjusHfmZNFABm7gJ3_frQRKcqeFeS71eIldxJg0D5SBcFSz-um1GM6DWi19MYCYHqvBidv7yFYjXT93HJKUGUrUBkUptxZmvcGeBJU7OQsj2rDffEQ0QFdf34gSoEk2ig7eEsngQ4u3zAD78_6z3Wda5AaEcYJzlivx8phjAnQ8lZPqr4_WRCHBfBOlanwpzcb2AvKnEa3pGSElyXyF2YdcgfQXQFrA4P6Mr5R4lvy3Q6WgoiXlET4zInTD-TpnuS7RX_U7nHAlbRCn5ccDQ_HpoGn0W4MHdPzd_sYR2tWpEID6-AqwlDLx9czveWmEGQL_DF6hfW55%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3D66ac233f-7e1d-4499-9431-48da8cea3465%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FY8V8%252Fkur6996.rar%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0	1.4 kB	2023-03-08	2023-03-08
Pretty URL interstitial-07.com/?l=5KiJw7BDBzgssAn&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3667347890%26z%3D5307589%26b%3D14505326%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D8AyS_PO5ZVcrPjYVgEbqovhwQiZucN0BwK-DfYFsJfF8wJoamE4d3P6oz2MBM0DDJzlvFIAKcO2t_8aOj7GhjAlpHTRBDJYqPIzLeYMUlQ4nQ8XP_FY4qqQE2-W_6ML_lNG5DFAxN01jtFOE8ittJ1qlLOoV7DUa-JjpSxLxYxBsl0a4L04ruJcoAf08s-Fb4lkIFPJ9mwlRlMGomNKzWMqiqTLnIWgZK919sUCLBU2aTtLIKzlDzCX1bA5BwTPS_VbMom7E8xLwZZUNbyM6o0f_F8X0_Sa9966HxklpRjMsoLpI2WnBWWPVwz8SyAn7eUqYkxjusHfmZNFABm7gJ3_frQRKcqeFeS71eIldxJg0D5SBcFSz-um1GM6DWi19MYCYHqvBidv7yFYjXT93HJKUGUrUBkUptxZmvcGeBJU7OQsj2rDffEQ0QFdf34gSoEk2ig7eEsngQ4u3zAD78_6z3Wda5AaEcYJzlivx8phjAnQ8lZPqr4_WRCHBfBOlanwpzcb2AvKnEa3pGSElyXyF2YdcgfQXQFrA4P6Mr5R4lvy3Q6WgoiXlET4zInTD-TpnuS7RX_U7nHAlbRCn5ccDQ_HpoGn0W4MHdPzd_sYR2tWpEID6-AqwlDLx9czveWmEGQL_DF6hfW55%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3D66ac233f-7e1d-4499-9431-48da8cea3465%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FY8V8%252Fkur6996.rar%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 IP 139.45.197.152 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:19:12 Last Seen2023-03-08 08:19:12 Times Seen1 Hash 9f9aca303f59597442fce174f5d03ef3 f1ea4fe6d92aa409e791fe6d9d509450e8385174 52b65152433cb6f063199685b347725c3a947611cc2c9e676edc66ae7b90b959 Loading...

	cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js	59 kB	2023-03-07	2024-04-22
Pretty URL cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-22 08:03:57 Times Seen3268 Hash 259e416ef6833be43801b8b68a93b008 19080c3b817985336aab5e1ce6925c99803f2efd 70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce Loading...

	unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js	6.8 kB	2023-03-07	2023-03-17
Pretty URL unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js IP 104.16.123.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2023-03-17 12:45:31 Times Seen1 Hash 504ad616f6fd714ea19cb18c5f002ec0 51fa2aebcca15418f3deb887e700062570f8d295 3f530043897758190014c6b777195dad6846a4f579ff416cf24829b5c702f33b Loading...

	propu.sh/pfe/current/tag.min.js?z=5307590	15 kB	2023-03-08	2023-03-08
Pretty URL propu.sh/pfe/current/tag.min.js?z=5307590 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:31:55 Last Seen2023-03-08 13:48:56 Times Seen1 Hash 545d28a9a21c095f1433971c9ed69bb4 680c5b3b704ecbd02620b93adff1fbfd89ae8ae3 c8a0fb0320831047a2276f2759bd6650de39079719e9f0486329532239236d3a Loading...

	nanouwho.com/1?z=5307589	8.7 kB	2023-03-08	2023-03-08
Pretty URL nanouwho.com/1?z=5307589 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:19:12 Last Seen2023-03-08 08:19:12 Times Seen1 Hash 5047b35c1ee6b7575f19a400983448ff f90b90226b35393f4b6456b4a738cff27531a92e f4ff0f130c3d40c5ba8d87bd558d7c446b4fee0226aafc4b14ac94946f2db878 Loading...

	tzegilo.com/stattag.js	33 kB	2023-03-07	2023-03-17
Pretty URL tzegilo.com/stattag.js IP 104.21.84.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:13:21 Last Seen2023-03-17 12:47:57 Times Seen1 Hash df875929410d71d763e9fa10b830bb2a b0711a8d2bf6ad4ffa4640534588b423f2ef7fec 0be796b658c6cee0d55aa164994d0d83f9ec7aa7ecf1eb41c1ddf208bba9e3b1 Loading...

	http:text/javascript,var%20sTime%3Dnew%20Date().getTime()%3Bvar%20countDown%3D10%3Bfunction%20UpdateCountDownTime()%7Bvar%20cTime%3Dnew%20Date().getTime()%3Bvar%20diff%3DcTime-sTime%3Bvar%20timeStr%3D''%3Bvar%20seconds%3DcountDown-Math.floor(diff%2F1000)%3Bif(seconds%3E%3D0)%7Bvar%20hours%3DMath.floor(seconds%2F3600)%3Bvar%20minutes%3DMath.floor((seconds-(hours3600))%2F60)%3Bseconds-%3D(minutes60)%3Bif(seconds%3CcountDown)%7BtimeStr%3DtimeStr%2B%22%22%2Bseconds%3B%7Delse%7BtimeStr%3DtimeStr%2B%22%22%2Bseconds%3B%7Ddocument.getElementById(%22download%22).innerHTML%3D'%3Cbutton%20id%3D%22download_file%22%20class%3D%22download_file%20btn%20btn-secondary%20btn%20disabled%22%3EPlease%20wait%20%3Cstrong%3E'%2BtimeStr%2B'%3C%2Fstrong%3E%20seconds%3C%2Fbutton%3E'%3B%7Delse%7B%24('.download_file').remove()%3B%24('%23download').append('%3Ca%20href%3D%22https%3A%2F%2Fanonymfile.com%2Ff%2Fa50dd333-970b-48c4-83a1-2898637e4b3a%22%20download%3D%22Kur6996.rar%22%20class%3D%22btn%20btn-warning%22%3EDownload%20(20.16%20MB)%3C%2Fa%3E')%3BclearInterval(counter)%3B%7D%7DUpdateCountDownTime()%3Bvar%20counter%3DsetInterval(UpdateCountDownTime%2C500)%3Bconst%20swalWithBootstrapButtons%3DSwal.mixin(%7BcustomClass%3A%7BconfirmButton%3A'btn%20btn-falcon-info%20m-1'%2CcancelButton%3A'btn%20btn-falcon-danger%20m-1'%2Cinput%3A'text-dark'%7D%2CbuttonsStyling%3Afalse%7D)%0A%24(document).on('click'%2C'.qrcode'%2Cfunction(e)%7Be.preventDefault()%3Bvar%20link%3D%24(this).data('link')%3BswalWithBootstrapButtons.fire(%7BimageUrl%3Alink%2CshowCancelButton%3Afalse%2Cbackground%3A'%23121e2d'%2C%7D)%3B%7D)%3B	1.2 kB	2023-03-08	2023-03-08
Pretty URL http:text/javascript,var%20sTime%3Dnew%20Date().getTime()%3Bvar%20countDown%3D10%3Bfunction%20UpdateCountDownTime()%7Bvar%20cTime%3Dnew%20Date().getTime()%3Bvar%20diff%3DcTime-sTime%3Bvar%20timeStr%3D''%3Bvar%20seconds%3DcountDown-Math.floor(diff%2F1000)%3Bif(seconds%3E%3D0)%7Bvar%20hours%3DMath.floor(seconds%2F3600)%3Bvar%20minutes%3DMath.floor((seconds-(hours3600))%2F60)%3Bseconds-%3D(minutes60)%3Bif(seconds%3CcountDown)%7BtimeStr%3DtimeStr%2B%22%22%2Bseconds%3B%7Delse%7BtimeStr%3DtimeStr%2B%22%22%2Bseconds%3B%7Ddocument.getElementById(%22download%22).innerHTML%3D'%3Cbutton%20id%3D%22download_file%22%20class%3D%22download_file%20btn%20btn-secondary%20btn%20disabled%22%3EPlease%20wait%20%3Cstrong%3E'%2BtimeStr%2B'%3C%2Fstrong%3E%20seconds%3C%2Fbutton%3E'%3B%7Delse%7B%24('.download_file').remove()%3B%24('%23download').append('%3Ca%20href%3D%22https%3A%2F%2Fanonymfile.com%2Ff%2Fa50dd333-970b-48c4-83a1-2898637e4b3a%22%20download%3D%22Kur6996.rar%22%20class%3D%22btn%20btn-warning%22%3EDownload%20(20.16%20MB)%3C%2Fa%3E')%3BclearInterval(counter)%3B%7D%7DUpdateCountDownTime()%3Bvar%20counter%3DsetInterval(UpdateCountDownTime%2C500)%3Bconst%20swalWithBootstrapButtons%3DSwal.mixin(%7BcustomClass%3A%7BconfirmButton%3A'btn%20btn-falcon-info%20m-1'%2CcancelButton%3A'btn%20btn-falcon-danger%20m-1'%2Cinput%3A'text-dark'%7D%2CbuttonsStyling%3Afalse%7D)%0A%24(document).on('click'%2C'.qrcode'%2Cfunction(e)%7Be.preventDefault()%3Bvar%20link%3D%24(this).data('link')%3BswalWithBootstrapButtons.fire(%7BimageUrl%3Alink%2CshowCancelButton%3Afalse%2Cbackground%3A'%23121e2d'%2C%7D)%3B%7D)%3B IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:19:12 Last Seen2023-03-08 08:19:12 Times Seen1 Hash 926c3e454abd743868623d77b0f41dd3 e6c4be2ddefdfdb781700f232f326d4e1193d49b c51384a82ae89030bcccb863ec1c51d50fb24952f398ce1378d08829d4d3660e Loading...

	http:text/javascript,document.write(new%20Date().getFullYear())	40 B	2023-03-07	2024-04-23
Pretty URL http:text/javascript,document.write(new%20Date().getFullYear()) IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:07 Last Seen2024-04-23 08:12:38 Times Seen4669 Hash 6bd43cf0ae158526c6ab93dc3be79f28 15c289e342bd3fdf5b1e95f7abf25a2bc78bf357 7a13d5ae0755d86c09084ec300c4a0f1a0a06921f74d9980eba9d966ff17ad38 Loading...

	cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js	118 kB	2023-03-07	2024-04-21
Pretty URL cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-21 00:54:15 Times Seen1058 Hash 516f35ea42aa797b3b106a8f108edb88 9b1313b221c5d59835c31da0327f4273a2647174 9677264de392aeedd3b391fe53578415c87835405d14068380f9bf3970a48286 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-23
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-23 07:58:04 Times Seen260522 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js	19 kB	2023-03-07	2024-04-22
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-22 08:03:57 Times Seen2341 Hash 541aecc95a7faeef0fc27558070f3647 0ec7ca4778ba3ccb4d1b1688094720834fbe9ed3 f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd Loading...

	http:text/javascript,(function(s%2Cu%2Cz%2Cp)%7Bs.src%3Du%2Cs.setAttribute('data-zone'%2Cz)%2Cp.appendChild(s)%3B%7D)(document.createElement('script')%2C'https%3A%2F%2Finklinkor.com%2Ftag.min.js'%2C5307591%2Cdocument.body%7C%7Cdocument.documentElement)	193 B	2023-03-07	2024-01-15
Pretty URL http:text/javascript,(function(s%2Cu%2Cz%2Cp)%7Bs.src%3Du%2Cs.setAttribute('data-zone'%2Cz)%2Cp.appendChild(s)%3B%7D)(document.createElement('script')%2C'https%3A%2F%2Finklinkor.com%2Ftag.min.js'%2C5307591%2Cdocument.body%7C%7Cdocument.documentElement) IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-01-15 22:34:31 Times Seen141 Hash 4b7b08e36b07601453ef10bef59afe1e 1f0003567c5e86d6fc129bbf62384e04ca2a1a2f f54132e87f4227d9e6ccf534bb92ff7746c7fb734ab9eb7197c0810ea6b52c52 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 56cec86d2062369c1181696d8e57079d	42 B	2023-03-07	2023-12-17
Pretty Observations First Seen2023-03-07 01:23:52 Last Seen2023-12-17 23:38:32 Times Seen150 Hash 56cec86d2062369c1181696d8e57079d a829bc3ec7acab468fc649127853881751b2e61d 2477b814b8ad1a91f87132c07e73e884d9448987538b5be15f5292327cbbca6f Loading...

	#2 Eval - 0aaf38d1d5b53c8b41daf27366080494	79 B	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 08:19:12 Last Seen2023-03-08 08:19:12 Times Seen1 Hash 0aaf38d1d5b53c8b41daf27366080494 3091bad8eebe04e00086c3086db64d48d89dd076 ea543601af5cdc50d40e44711e0e45c80e5364ba4bef37875a70556605369d73 Loading...

HTTP Transactions (71)

URL IP Response Size

anonymfile.com/Y8V8/kur6996.rar

138.201.48.112

301 Moved Permanently

162 B

URL HTTP/1.1
anonymfile.com/Y8V8/kur6996.rar
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /Y8V8/kur6996.rar HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 07 Oct 2022 12:07:45 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://anonymfile.com/Y8V8/kur6996.rar
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/

54.230.111.65

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
54.230.111.65:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: arq8K57x78ahIIPJus-OAhR5rKUUrcTryaW7kxo50bPIkj-3hYoTgg==
Age: 159627

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1273d41c84b2b39f78a8033130d00282
556757697b70e019ed502585fcc888e2403f3229
ee3c03cc0a659fbc43d34feaa79a8ad6627b9c525d675956cdb434c1590db89e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EE3C03CC0A659FBC43D34FEAA79A8AD6627B9C525D675956CDB434C1590DB89E"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9241
Expires: Fri, 07 Oct 2022 14:41:46 GMT
Date: Fri, 07 Oct 2022 12:07:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
94a09d62ab3057cda67a091c8d7478f5
b1c9d223a951d0bc9f17c9f3b84501266a552b58
582364f9f6014520c269f1f794e7c34027bd2697b53e5d02fad43e74a735e471

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "582364F9F6014520C269F1F794E7C34027BD2697B53E5D02FAD43E74A735E471"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15151
Expires: Fri, 07 Oct 2022 16:20:16 GMT
Date: Fri, 07 Oct 2022 12:07:45 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: JdAoQu4SVJ2rngNX3E9azhwgBXicDYfczeINg008z6szT7NDRmOkJOhGZE0G6DjqTR4UXCLFm5U=
x-amz-request-id: ZAY29RZD9E9TG936
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 07 Oct 2022 11:59:10 GMT
age: 515
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:45 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

anonymfile.com/img/logo-anon-warning.webp

138.201.48.112

200 OK

15 kB

URL HTTP/2
anonymfile.com/img/logo-anon-warning.webp
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
RIFF (little-endian) data, Web/P image\012- data
Size
15 kB (15344 bytes)
Hash
7b596f481388ac5ef6d74a15a351f6c3
6756e88c0b46cc981b7bbbdaf2ead77bd258a472
cd830cff1dfb9af2181dfe61645addbe21981954713fba54d5875a038e673972

HTTP Headers

GET /img/logo-anon-warning.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/Y8V8/kur6996.rar
Cookie: XSRF-TOKEN=eyJpdiI6Ik9GdUs1UjVjTS9lV0t1b1BPUHUrTkE9PSIsInZhbHVlIjoiK2w0WWVZWkhwR3paL0NXTDAvUXBFYm5CVThqTDlwczZEVzVLMEJ0aWYxZU9PdVJTaTJoN1pXOUNCUWRBYWg1ckhuUGZBbEx6aUF0SDdCTU00anJOK0ozbUpvWVB5UVBpOXBPZ1Y5UCtjQ2FHblg0cUs1ZkM3cFZBanRzUGxlL2siLCJtYWMiOiJjZDdmYWJmYmRmZDM5YTU5ODU3MzZmOGZmZWEyZjgwZTg0NWU0ZjNkOTE3ZTMzMGQ3YmZkZjFhZTBiY2M5ZTczIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6ImZyYjRwTEljV25Gbi9lZWVxWG8rNVE9PSIsInZhbHVlIjoiQmpIR3NydEtuVEhqYVBUWlFGUjdrQlhWVUQ3SkRGMXUxcjUvV3JjOUhEb0Eydjg0SmRRT1lHaUgzTjU5UDZBZHhsNGVGTzRocy9sUG8vN0gzQTN5c2MwNloycDd6eS9XS1JNMUhzKytxRXdncVJiNE9NUWlGL2VqRnFzT1RBNFgiLCJtYWMiOiIwOTI2N2Y1YTk4ZTc3YjYwYjkwOWY3ZWJlNzY4MWMyMWUxZjNmMDYyZmFiMWUzMTBjMzhhMmFkYzJhMTM1ZTQ5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:45 GMT
content-type: image/webp
content-length: 15344
last-modified: Sat, 30 Oct 2021 12:14:11 GMT
vary: Accept-Encoding
etag: "617d3713-3bf0"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: s-maxage=10
accept-ranges: bytes
X-Firefox-Spdy: h2

anonymfile.com/img/main/footer.webp

138.201.48.112

200 OK

178 kB

URL HTTP/2
anonymfile.com/img/main/footer.webp
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
RIFF (little-endian) data, Web/P image\012- data
Size
178 kB (178070 bytes)
Hash
79ccb3a1b78412a1a530284f45ea7056
626d0494e1bd871e67ecffad44d04ac2343fb7e5
3d4e83b59664d7a779fa777d4ee0e17a1bc09302f9b9cde60815a3142256d8b8

HTTP Headers

GET /img/main/footer.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/Y8V8/kur6996.rar
Cookie: XSRF-TOKEN=eyJpdiI6Ik9GdUs1UjVjTS9lV0t1b1BPUHUrTkE9PSIsInZhbHVlIjoiK2w0WWVZWkhwR3paL0NXTDAvUXBFYm5CVThqTDlwczZEVzVLMEJ0aWYxZU9PdVJTaTJoN1pXOUNCUWRBYWg1ckhuUGZBbEx6aUF0SDdCTU00anJOK0ozbUpvWVB5UVBpOXBPZ1Y5UCtjQ2FHblg0cUs1ZkM3cFZBanRzUGxlL2siLCJtYWMiOiJjZDdmYWJmYmRmZDM5YTU5ODU3MzZmOGZmZWEyZjgwZTg0NWU0ZjNkOTE3ZTMzMGQ3YmZkZjFhZTBiY2M5ZTczIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6ImZyYjRwTEljV25Gbi9lZWVxWG8rNVE9PSIsInZhbHVlIjoiQmpIR3NydEtuVEhqYVBUWlFGUjdrQlhWVUQ3SkRGMXUxcjUvV3JjOUhEb0Eydjg0SmRRT1lHaUgzTjU5UDZBZHhsNGVGTzRocy9sUG8vN0gzQTN5c2MwNloycDd6eS9XS1JNMUhzKytxRXdncVJiNE9NUWlGL2VqRnFzT1RBNFgiLCJtYWMiOiIwOTI2N2Y1YTk4ZTc3YjYwYjkwOWY3ZWJlNzY4MWMyMWUxZjNmMDYyZmFiMWUzMTBjMzhhMmFkYzJhMTM1ZTQ5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:45 GMT
content-type: image/webp
content-length: 178070
last-modified: Wed, 10 Aug 2022 07:17:48 GMT
vary: Accept-Encoding
etag: "62f35b9c-2b796"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: s-maxage=10
accept-ranges: bytes
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

54.230.111.65

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
54.230.111.65:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Fri, 07 Oct 2022 11:29:41 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 07 Oct 2022 12:06:51 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BFz2ZnTF-k_5EeDj1HVEx60EM67PgFBnC9VV66C23TYhstM34HtXDw==
Age: 2285

cdnjs.cloudflare.com/ajax/libs/filepond/4.29.1/filepond.min.css

104.17.24.14

200 OK

2.9 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/filepond/4.29.1/filepond.min.css
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
assembler source, ASCII text, with very long lines (17282)
Size
2.9 kB (2934 bytes)
Hash
78aabb09e30a9eb6f833cbb1b48bdb2e
e876ff16b6c511bc217973e51202aaaf23a4e936
8d76a29a92bc268043a7bd4d0b8f171fffd6c6c3c8e18aa314d6dac1aeb542ae

HTTP Headers

GET /ajax/libs/filepond/4.29.1/filepond.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 07 Oct 2022 12:07:46 GMT
content-type: text/css; charset=utf-8
content-length: 2934
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "613afc53-b76"
last-modified: Fri, 10 Sep 2021 06:33:55 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 758222
expires: Wed, 27 Sep 2023 12:07:46 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fY7rcM47QpOJSJJz9OQg1Scs%2Bi%2BSyxK4mrQAicoLBfjKF3x1iLmAeIJLxqY7s1hlEpPGBJ1u019NDVF%2ByKan8F8Btw5dtQYrRSgyTBCF9DuTavQ%2BkY0BCCI8cjKTDBnG1%2BwioGh%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 756684b18a99fac8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css

104.17.24.14

200 OK

14 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65345)
Size
14 kB (14374 bytes)
Hash
642445b86596bdeaa98e92faa2064fc6
6c5539660bf533d34e37b917973c941d1c963374
4a5a39e9f325c5578dccd880c1d516eae190ee39f7539f4a6c6c52d2eee4cbdf

HTTP Headers

GET /ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 07 Oct 2022 12:07:46 GMT
content-type: text/css; charset=utf-8
content-length: 14374
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61498362-3826"
last-modified: Tue, 21 Sep 2021 07:01:54 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 6024384
expires: Wed, 27 Sep 2023 12:07:46 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KPLEZEzF5iVY7f62vizBqVTNmAblKVCDy5BQTpk9ltJh0Exp2h7Yj8gH7C6AP34d6lJVd6aRg3IyUJ5YqwFc%2B3jccGY%2BL59NdxXJyRGWOYzI5Hdi%2BnODI4NXcCqG79ke0fRsVCs8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 756684b18e56b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

anonymfile.com/img/logo-anon-warning.png

138.201.48.112

200 OK

41 kB

URL HTTP/2
anonymfile.com/img/logo-anon-warning.png
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced\012- data
Size
41 kB (40729 bytes)
Hash
d52ea6ebcd0b10dcf112a9d6c43ceee0
641e5277e2e079f0e88e2899879fda8882e58d28
77cb73f16f049b51c0a81c12ed878e11efe3b9a71c632a3bdb647d963059532e

HTTP Headers

GET /img/logo-anon-warning.png HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/Y8V8/kur6996.rar
Cookie: XSRF-TOKEN=eyJpdiI6Ik9GdUs1UjVjTS9lV0t1b1BPUHUrTkE9PSIsInZhbHVlIjoiK2w0WWVZWkhwR3paL0NXTDAvUXBFYm5CVThqTDlwczZEVzVLMEJ0aWYxZU9PdVJTaTJoN1pXOUNCUWRBYWg1ckhuUGZBbEx6aUF0SDdCTU00anJOK0ozbUpvWVB5UVBpOXBPZ1Y5UCtjQ2FHblg0cUs1ZkM3cFZBanRzUGxlL2siLCJtYWMiOiJjZDdmYWJmYmRmZDM5YTU5ODU3MzZmOGZmZWEyZjgwZTg0NWU0ZjNkOTE3ZTMzMGQ3YmZkZjFhZTBiY2M5ZTczIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6ImZyYjRwTEljV25Gbi9lZWVxWG8rNVE9PSIsInZhbHVlIjoiQmpIR3NydEtuVEhqYVBUWlFGUjdrQlhWVUQ3SkRGMXUxcjUvV3JjOUhEb0Eydjg0SmRRT1lHaUgzTjU5UDZBZHhsNGVGTzRocy9sUG8vN0gzQTN5c2MwNloycDd6eS9XS1JNMUhzKytxRXdncVJiNE9NUWlGL2VqRnFzT1RBNFgiLCJtYWMiOiIwOTI2N2Y1YTk4ZTc3YjYwYjkwOWY3ZWJlNzY4MWMyMWUxZjNmMDYyZmFiMWUzMTBjMzhhMmFkYzJhMTM1ZTQ5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:46 GMT
content-type: image/png
content-length: 40729
last-modified: Fri, 29 Oct 2021 10:50:56 GMT
vary: Accept-Encoding
etag: "617bd210-9f19"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: s-maxage=10
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/sweetalert2@11

151.101.85.229

200 OK

19 kB

URL HTTP/2
cdn.jsdelivr.net/npm/sweetalert2@11
IP
151.101.85.229:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (43506)
Size
19 kB (18596 bytes)
Hash
831e2511caebc66168030ce212f2c4b4
f86d66f8238d1e3e73790fdb2224d216c0b7118d
30e1df45d19ba9ecd70b3edc712d3e2ff9e0c34b351a83331f01ce5c316b5ead

HTTP Headers

GET /npm/sweetalert2@11 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.4.38
x-jsd-version-type: version
etag: W/"ff42-4cNyrUlltIULXWlJz9oCLtYvV0s"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 07 Oct 2022 12:07:46 GMT
age: 12734
x-served-by: cache-fra19153-FRA, cache-bma1670-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18596
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d6c404502c7987174a84d8f0a3efab23
fc3a3f6d63acab3f659fb3536b65fd8564ec8628
94b5693df873bd923ffbf31f576fff01d2628e5796af4c6b91306a743e27d19b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5280
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 12:07:46 GMT
Last-Modified: Fri, 07 Oct 2022 10:39:46 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
54771337376134563d46c38220a0036b
e6a6dedae6ed11fcfe410df65f8fbe64984bbce6
9fc866a87e2e1c411b2c15e7300eb382b845c1d096b0876b7fae547d4d197fee

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 12:07:46 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "E4885DCFBEB1369D0EB9006A73A090BE93855B2A"
Expires: Fri, 07 Oct 2022 23:00:00 GMT
Last-Modified: Fri, 07 Oct 2022 11:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 274
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 756684b2ce2f0b31-OSL

anonymfile.com/sw.js

138.201.48.112

404 Not Found

33 kB

URL HTTP/2
anonymfile.com/sw.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4320)
Size
33 kB (32891 bytes)
Hash
bd02e3422d706b6b227247f0c6232aac
345009832213519e5f593c780ad4ed13b63cb94e
2296686dfc3a00db20db0662bef0f9743b637f6bcf42317a2fcf5d8225e98c85

HTTP Headers

GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/Y8V8/kur6996.rar
Cookie: XSRF-TOKEN=eyJpdiI6Ik9GdUs1UjVjTS9lV0t1b1BPUHUrTkE9PSIsInZhbHVlIjoiK2w0WWVZWkhwR3paL0NXTDAvUXBFYm5CVThqTDlwczZEVzVLMEJ0aWYxZU9PdVJTaTJoN1pXOUNCUWRBYWg1ckhuUGZBbEx6aUF0SDdCTU00anJOK0ozbUpvWVB5UVBpOXBPZ1Y5UCtjQ2FHblg0cUs1ZkM3cFZBanRzUGxlL2siLCJtYWMiOiJjZDdmYWJmYmRmZDM5YTU5ODU3MzZmOGZmZWEyZjgwZTg0NWU0ZjNkOTE3ZTMzMGQ3YmZkZjFhZTBiY2M5ZTczIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6ImZyYjRwTEljV25Gbi9lZWVxWG8rNVE9PSIsInZhbHVlIjoiQmpIR3NydEtuVEhqYVBUWlFGUjdrQlhWVUQ3SkRGMXUxcjUvV3JjOUhEb0Eydjg0SmRRT1lHaUgzTjU5UDZBZHhsNGVGTzRocy9sUG8vN0gzQTN5c2MwNloycDd6eS9XS1JNMUhzKytxRXdncVJiNE9NUWlGL2VqRnFzT1RBNFgiLCJtYWMiOiIwOTI2N2Y1YTk4ZTc3YjYwYjkwOWY3ZWJlNzY4MWMyMWUxZjNmMDYyZmFiMWUzMTBjMzhhMmFkYzJhMTM1ZTQ5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Fri, 07 Oct 2022 12:07:46 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js

104.17.24.14

200 OK

6.0 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (18706)
Size
6.0 kB (6037 bytes)
Hash
3773d4bd82b03cdfd02c9fd691f80d78
c4d89a2de179c90944835571b45877048f3c1424
5d05303e3777fd4f588b7167d0a22cd5ca499c238f78ec0cecbb3a8786de332d

HTTP Headers

GET /ajax/libs/popper.js/2.10.2/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 07 Oct 2022 12:07:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 6037
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6155af49-1795"
last-modified: Thu, 30 Sep 2021 12:36:25 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 8187275
expires: Wed, 27 Sep 2023 12:07:46 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3tBNp%2B%2FrrjNc4aFVTVPqoCb7SY6lLIKEVDI0hRhyloWWr%2BXGODe2kd9ZM%2FKeLq1ORXXdPnz0UVhwyT081TTFxelmZlF%2B%2FdvlSV3quq%2FeFd21ALffYcJ8re%2FmJ18VNtdK8KbCw9N2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 756684b37bf6fac8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

unpkg.com/filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js

104.16.123.175

200 OK

17 kB

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js
IP
104.16.123.175:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
17 kB (16995 bytes)
Hash
20b22f0a5ed26c20b0759684da6cba56
cd5d39fce7d6e8ccb0b74d1a2ee5a9ece5694a57
a3dfcf3b4b3573a477daf38e6aa25df53882b53bfd7196fc169dd12a98157fdf

HTTP Headers

GET /filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 07 Oct 2022 12:07:46 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1d07-1hxUHKzrTl3rNdhkJwK4kJGou0I"
via: 1.1 fly.io
fly-request-id: 01G2PJZCDRWWWP671QTKZ7W61J-fra
cf-cache-status: HIT
age: 12971418
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 756684b32c04fac0-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js

104.17.24.14

200 OK

3.0 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (10584)
Size
3.0 kB (3000 bytes)
Hash
e34a4db0b42ca907e0b7a56cd4b145ec
2dc36a7dcdfc42d122b23ef91483d27865c4285f
4b2a908e8d2c23d19da5e9ef4c6c77e7c6e8823b7aeb93233723f366ff6d217a

HTTP Headers

GET /ajax/libs/clipboard.js/2.0.8/clipboard.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 07 Oct 2022 12:07:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 3000
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6049431e-29b4"
last-modified: Wed, 10 Mar 2021 22:07:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1533414
expires: Wed, 27 Sep 2023 12:07:46 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GT5%2FdvMNyKvNRtQXdlxWaMoiRIiKJiSN1NRFZGbMvqG6uJHxBFQ9xpHaJy%2BbrFBBcucIivYSFF1b4T8ENXdYBt%2FrktfFJAL4dr6FKCIfdQbP8lw%2FJTOfJFx6AFzAV400LdrdMVeE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 756684b3ec57fac8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

push.services.mozilla.com/

44.242.32.27

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.242.32.27:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: M8jQZ4w8z8z5XNTShzaQbA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: qkQWFeZly/0nqwzavKfd5KIvIYU=

unpkg.com/filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js

104.16.123.175

200 OK

124 kB

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js
IP
104.16.123.175:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
124 kB (124421 bytes)
Hash
14df58e678a5674251601cb2a6c68ceb
6714958d994978c6f14bbd318163201246547428
330c8e622de32bdbdd46ee7295c3a217e443b9961c23153853fed991c9321a65

HTTP Headers

GET /filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 07 Oct 2022 12:07:46 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1a7f-Ufoq68yhVBjz3riH5wAGJXD40pU"
via: 1.1 fly.io
fly-request-id: 01G7558XE30T0T2M6RDRBFG7JV-fra
cf-cache-status: HIT
age: 8187710
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 756684b32c02fac0-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/webfonts/fa-regular-400.woff2

104.17.24.14

200 OK

24 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/webfonts/fa-regular-400.woff2
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 23456, version 768.66\012- data
Size
24 kB (23456 bytes)
Hash
e3e5eef95eb3652d939b8c86ecb47fac
ff36e7b2a956a05de0b94dbe7b1bf7e2d6d44cb2
445189de22489c06a549b75c8f8e95cc56639d4128cd72e76896b4d2a7c40ce2

HTTP Headers

GET /ajax/libs/font-awesome/6.0.0-beta2/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 07 Oct 2022 12:07:46 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 23456
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "61498362-5ba0"
last-modified: Tue, 21 Sep 2021 07:01:54 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2487289
expires: Wed, 27 Sep 2023 12:07:46 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=030gqjRXkcpQeESLPB45P5qWAO2dl3w0DGvfQF5bhi2YO8o6TGVxKIXePw%2FPPzNOZZ0IzZcDueTfHPdWE%2Fpa72x%2FijpY3a0XEYEo37zA89yRN9hGWzoz%2FkM%2BpESMkK191PRhM9EE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 756684b59d8bfac8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/webfonts/fa-brands-400.woff2

104.17.24.14

200 OK

105 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/webfonts/fa-brands-400.woff2
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 105264, version 768.66\012- data
Size
105 kB (105264 bytes)
Hash
ef9332780500ea981e97dff51cc30669
4020ed1a099b98c421f09ceb9a92f4a1d8d5d9c8
ec372177b8e8df39d755e16551dfbbddcc53938ca52765fd730d0925885c964e

HTTP Headers

GET /ajax/libs/font-awesome/6.0.0-beta2/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 07 Oct 2022 12:07:46 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 105264
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "61498362-19b30"
last-modified: Tue, 21 Sep 2021 07:01:54 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 763404
expires: Wed, 27 Sep 2023 12:07:46 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o6QEjQ6qr%2BDx1FKALH5pQO5K2fUtZ%2BHTHPI0PtJ17jES6e60F6j0RuqX%2FeS0v7541lldSlfOcCFj2D1VpD702ajWVKXivCzT6dl%2FqHg2AGP2I5M9KYwawZ39VCj9CxRJepIaD4DX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 756684b59d8dfac8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
077b75b03b4c1204aceed65970a7bd0e
f75016eb787ea2a5f610ab44311bd99a39705745
bdae6610e6ff268e4098f6f813bc60acd3eb9a40d43a00ef59f27d2296985504

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDAE6610E6FF268E4098F6F813BC60ACD3EB9A40D43A00EF59F27D2296985504"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4771
Expires: Fri, 07 Oct 2022 13:27:17 GMT
Date: Fri, 07 Oct 2022 12:07:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1a8a2e1d1e029d0dd8b54669b498df2d
d7e373a9c05fb410b9a427195b3a0784db47935c
34d8e1febe39e8264b646c9f615c37f4bcffa012823c2f6de1c175231cf6bb6f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "34D8E1FEBE39E8264B646C9F615C37F4BCFFA012823C2F6DE1C175231CF6BB6F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6547
Expires: Fri, 07 Oct 2022 13:56:54 GMT
Date: Fri, 07 Oct 2022 12:07:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ef826a3bf68b25509c4b7cc93679250b
a0d2b336fb4d04fd3048f696452e1084e79acb92
7badef76d91c05bf8fd75254d0c263fd01dd84e50509ec8de547d37dc8cf00b1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7BADEF76D91C05BF8FD75254D0C263FD01DD84E50509EC8DE547D37DC8CF00B1"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18136
Expires: Fri, 07 Oct 2022 17:10:03 GMT
Date: Fri, 07 Oct 2022 12:07:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fc6e32a9394f5288feb5e12812de6d7c
601260fd4644bca742ddcd19a910a4854280cf58
5ef06c31a9f400bc900b49e50d16f581891f9cf89ef86d93b0f8859ecf62febe

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EF06C31A9F400BC900B49E50D16F581891F9CF89EF86D93B0F8859ECF62FEBE"
Last-Modified: Thu, 06 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12388
Expires: Fri, 07 Oct 2022 15:34:15 GMT
Date: Fri, 07 Oct 2022 12:07:47 GMT
Connection: keep-alive

propu.sh/pfe/current/tag.min.js?z=5307590

139.45.197.250

200 OK

6.7 kB

URL HTTP/2
propu.sh/pfe/current/tag.min.js?z=5307590
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
data
Size
6.7 kB (6692 bytes)
Hash
e6e72f99d1e912ef15cf4ac65119a253
30cbef0e691cf48ef36a1d1741ffed0c15fd7230
5bc41848da603ffd69dd3d6d647c60c89050ce8b88d9021413630a4041305577

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /pfe/current/tag.min.js?z=5307590 HTTP/1.1
Host: propu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-39be"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5690c00c386c753af6de22646db06434
aa5b0574bf8aa58bc5608d593e7dcba23100b454
741af8ab8cb30aac3a08fe0ae823577cb602c717416f9bcd52cef5b830b5fb0e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 12:07:47 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 18:25:20 GMT
Expires: Thu, 13 Oct 2022 18:25:19 GMT
Etag: "aa5b0574bf8aa58bc5608d593e7dcba23100b454"
Cache-Control: max-age=540451,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 756684b6ec281bfe-OSL

my.rtmark.net/gid.js?userId=1e1c9e6699e346e281f971cf13ea2aa0

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?userId=1e1c9e6699e346e281f971cf13ea2aa0
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
1936da198ba2261be6d3ee46c6cb0a8c
08a0571d95f8ba5263d236903373fd256ac1ce95
d190bf1cdbf7decd8eea135a9eb3ea9b77b5951814e0f52c2a2c580954a07e4e

HTTP Headers

GET /gid.js?userId=1e1c9e6699e346e281f971cf13ea2aa0 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=1e1c9e6699e346e281f971cf13ea2aa0; expires=Sat, 07 Oct 2023 12:07:47 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

nanouwho.com/42/38?z=5307589

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/42/38?z=5307589
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /42/38?z=5307589 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=bbee866dadbe4a2689d2982bba0b905d; oaidts=1665144467
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 5668599803fb69066326f6f699ceceb0
access-control-expose-headers: X-Sc
set-cookie: OAID=bbee866dadbe4a2689d2982bba0b905d; expires=Sat, 07 Oct 2023 12:07:47 GMT; secure; SameSite=None
oaidts=1665144467; expires=Sat, 07 Oct 2023 12:07:47 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

propu.sh/pfe/current/universal.min.js?v=3.1.396

139.45.197.250

200 OK

47 kB

URL HTTP/2
propu.sh/pfe/current/universal.min.js?v=3.1.396
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
data
Size
47 kB (47228 bytes)
Hash
665e5db3fdd28bd1af0c3224fae54738
b37799537be869d7723a4c81979b812a5e79e49f
9ff7c9a0c6de303b4d53fed9486b3404823877e129887ad11ac34231ea913ffa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.396 HTTP/1.1
Host: propu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-1fafa"
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

propu.sh/custom

139.45.197.250

200 OK

0 B

URL HTTP/2
propu.sh/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: propu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

propu.sh/custom

139.45.197.250

200 OK

0 B

URL HTTP/2
propu.sh/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: propu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

propu.sh/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
propu.sh/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /custom HTTP/1.1
Host: propu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 381
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: d8a5daeb803b2857a893811b3d2a3c37
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

propu.sh/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
propu.sh/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /custom HTTP/1.1
Host: propu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 742
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: de78978d7f96ab3607d2cff47ea6bb96
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

nanouwho.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=1e1c9e6699e346e281f971cf13ea2aa0

139.45.197.242

204 No Content

0 B

URL HTTP/2
nanouwho.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=1e1c9e6699e346e281f971cf13ea2aa0
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=1e1c9e6699e346e281f971cf13ea2aa0 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

139.45.197.242

200 OK

2.6 kB

URL HTTP/2
nanouwho.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=1e1c9e6699e346e281f971cf13ea2aa0
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (6343), with no line terminators
Size
2.6 kB (2644 bytes)
Hash
791562e138c41937b63c319fda6305c1
98dd941c1e553a3b1541d52a33875bdc7559ac08
647da0649a79beea8e67bcc41c5b20cca9abfe805b225b8619d4e4e19d2cebf8

HTTP Headers

POST /9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=1e1c9e6699e346e281f971cf13ea2aa0 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 105
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=bbee866dadbe4a2689d2982bba0b905d; oaidts=1665144467
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: cec33fa1abe4de59e022ac68054eed22
access-control-expose-headers: X-Sc
set-cookie: OAID=1e1c9e6699e346e281f971cf13ea2aa0; expires=Sat, 07 Oct 2023 12:07:47 GMT; secure; SameSite=None
oaidts=1665144467; expires=Sat, 07 Oct 2023 12:07:47 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

onmarshtompor.com/?rb=_SYFH6GHY1MALzls5lZOsa3V_9XjgI_y1_yjZz4UpH3wAIU3mAZidgAk2f2e0ayMiJ16jV6qFIHdKWV4Wx40zzLf8JcjbzCJg06mwa3cbcwxlYVKe4eb3dgKmYaT3G8DHTis5GULOc1Z9FGiEAOeBsHqjsL5R07vulsWmHIL1Gcs9ANGu__yC_k_LccC-B08kgAT2740WJBgDdDfY0q7gJc0B0I%3D&request_ab2=0&zoneid=5307591&js_build=iclick-v1.434.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.434.0&bs=5d8e4f5d-9d93-469e-8ccb-f3bb18ee2dca&userId=1e1c9e6699e346e281f971cf13ea2aa0&m=link

139.45.197.243

200 OK

1.6 kB

URL HTTP/2
onmarshtompor.com/?rb=_SYFH6GHY1MALzls5lZOsa3V_9XjgI_y1_yjZz4UpH3wAIU3mAZidgAk2f2e0ayMiJ16jV6qFIHdKWV4Wx40zzLf8JcjbzCJg06mwa3cbcwxlYVKe4eb3dgKmYaT3G8DHTis5GULOc1Z9FGiEAOeBsHqjsL5R07vulsWmHIL1Gcs9ANGu__yC_k_LccC-B08kgAT2740WJBgDdDfY0q7gJc0B0I%3D&request_ab2=0&zoneid=5307591&js_build=iclick-v1.434.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.434.0&bs=5d8e4f5d-9d93-469e-8ccb-f3bb18ee2dca&userId=1e1c9e6699e346e281f971cf13ea2aa0&m=link
IP
139.45.197.243:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (2166), with no line terminators
Size
1.6 kB (1641 bytes)
Hash
33324544d83b7a1bc72f1876cf9e401a
b180f9be2687bd3f88560a0373846042c68c73f9
39aa1011f43e4a5e4133f3903fdf1d5c3e86f1d690b255967fd27b047ed57451

HTTP Headers

GET /?rb=_SYFH6GHY1MALzls5lZOsa3V_9XjgI_y1_yjZz4UpH3wAIU3mAZidgAk2f2e0ayMiJ16jV6qFIHdKWV4Wx40zzLf8JcjbzCJg06mwa3cbcwxlYVKe4eb3dgKmYaT3G8DHTis5GULOc1Z9FGiEAOeBsHqjsL5R07vulsWmHIL1Gcs9ANGu__yC_k_LccC-B08kgAT2740WJBgDdDfY0q7gJc0B0I%3D&request_ab2=0&zoneid=5307591&js_build=iclick-v1.434.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.434.0&bs=5d8e4f5d-9d93-469e-8ccb-f3bb18ee2dca&userId=1e1c9e6699e346e281f971cf13ea2aa0&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: application/json
x-trace-id: 51ab5644274427594096fa59e302d5c7
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=1e1c9e6699e346e281f971cf13ea2aa0; expires=Sat, 07 Oct 2023 12:07:47 GMT; path=/; secure; SameSite=None
oaidts=1665144467; expires=Sat, 07 Oct 2023 12:07:47 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 14 Oct 2022 12:07:47 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
07b58090895dfc7a505802319ed4c9a0
da54d4035e6221fd508fccfb97f27731964cd4f8
0c3d237f835c758d953999053bc846a35a50df5f27c3ddee927e097889e7e0cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0C3D237F835C758D953999053BC846A35A50DF5F27C3DDEE927E097889E7E0CC"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5665
Expires: Fri, 07 Oct 2022 13:42:12 GMT
Date: Fri, 07 Oct 2022 12:07:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14903
Expires: Fri, 07 Oct 2022 16:16:10 GMT
Date: Fri, 07 Oct 2022 12:07:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14903
Expires: Fri, 07 Oct 2022 16:16:10 GMT
Date: Fri, 07 Oct 2022 12:07:47 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd58f1191-b279-4341-98b0-b5853ac04100.jpeg

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd58f1191-b279-4341-98b0-b5853ac04100.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8351 bytes)
Hash
90f323a3b73cab85abdce9b6631e8d93
36e42d12a193c90fbc03a7d13a1711f24bf6f2a2
259aecd4212d5c91c4eeb930d99e28ce420af50d987e93d99974f6db1127ff28

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd58f1191-b279-4341-98b0-b5853ac04100.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8351
x-amzn-requestid: 8e8e58e6-a6d5-41ef-8246-bb276b882852
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmihYGo2oAMFXYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4ad5-06b81112046a7b2b3b898a3d;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:38:29 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: kctKeNa9LqP47hiCMEj7tkJFZVjgLi0LEJD_gGsCTjJ5lF4RC-UvHA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 25b9a991f871f75614e7f92f97b136a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:07:00 GMT
age: 50447
etag: "36e42d12a193c90fbc03a7d13a1711f24bf6f2a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ecd6748-5460-43cc-84b5-f33deb7cf126.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6900 bytes)
Hash
6fb155a5d0fa0cebfa4cd03606f1f48c
c44cac382e2f2eb2b6ce35da6dfb37747d436d60
ca79a1bcc80f4e6fece82a0efb71a6c9af2b0b3d67b8f8c010a7f02ded6d2cfa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ecd6748-5460-43cc-84b5-f33deb7cf126.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6900
x-amzn-requestid: 9c86242f-70de-4484-90eb-ef6d9e7cde10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmpMaFCIoAMFYdw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f5582-79871c575f974721675e9cd2;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 22:24:02 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: dbKiRZRm7d978ZvK90nLjT8yFRQatSZvrjDdbCXtedMWi9DgMbhSjQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 3c974a460e97e56c6eb1e6a30797d9d6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 04:22:08 GMT
age: 27939
etag: "c44cac382e2f2eb2b6ce35da6dfb37747d436d60"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10987 bytes)
Hash
53b7ffdc3799e0ac7a225145242579ef
c47f0525fe5354ee13fe63c0ec31f0f826a58005
4bb518afc9b3e7bfb976d343e46b306155834adbe71fa35b0d6f509959f78aca

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10987
x-amzn-requestid: c2ab1012-1afd-4d74-8114-97977b43da24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZgCHwGdGoAMFvyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633cb097-3237927a0c1e081d22c902f7;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 22:15:51 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: JYDg0-KelCPr__4bKtpARLrwiE1CHGICcFI6I9_TFCMcmESbykNhXQ==
via: 1.1 3dde68f1f52282c9e1ee336d97233b0a.cloudfront.net (CloudFront), 1.1 27f6faf9790b5a2877fb528fa31f7922.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:08:50 GMT
age: 50337
etag: "c47f0525fe5354ee13fe63c0ec31f0f826a58005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2da6f7a-675a-45e2-af30-4afd851d825d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.5 kB (2478 bytes)
Hash
17df62c3e2ed48ba9c788f5e1b3b702f
854c326016059d67fae42cc34905d0feb58cb6fc
d0bee7a7e629f6594a79bad563bb91c71a17768c2f347fd4a366f7f0daf94fda

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2da6f7a-675a-45e2-af30-4afd851d825d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2478
x-amzn-requestid: ed2a2dca-5367-42c1-b982-07a39762063e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZmigWFvGIAMF9CQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4ace-6fabb7845e4d04613897a866;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:38:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: GFxAiO1AQfV1-pVy0NBmc9VoQoxBuBeOWsbPkVpOuT06D8Tw_YuZfA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:18:30 GMT
age: 49757
etag: "854c326016059d67fae42cc34905d0feb58cb6fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

anonymfile.com/js/site.js

138.201.48.112

200 OK

16 kB

URL HTTP/2
anonymfile.com/js/site.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (317)
Size
16 kB (15631 bytes)
Hash
dc6c3df1892530447aac2a35f7700828
67aad859ef0d14a3380969c6490d19a72a8e0716
53125768bb827adcc7125aef3f2239f224adad42f9c5a72084ba7ba97e65b3e8

HTTP Headers

GET /js/site.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/Y8V8/kur6996.rar
Cookie: XSRF-TOKEN=eyJpdiI6Ik9GdUs1UjVjTS9lV0t1b1BPUHUrTkE9PSIsInZhbHVlIjoiK2w0WWVZWkhwR3paL0NXTDAvUXBFYm5CVThqTDlwczZEVzVLMEJ0aWYxZU9PdVJTaTJoN1pXOUNCUWRBYWg1ckhuUGZBbEx6aUF0SDdCTU00anJOK0ozbUpvWVB5UVBpOXBPZ1Y5UCtjQ2FHblg0cUs1ZkM3cFZBanRzUGxlL2siLCJtYWMiOiJjZDdmYWJmYmRmZDM5YTU5ODU3MzZmOGZmZWEyZjgwZTg0NWU0ZjNkOTE3ZTMzMGQ3YmZkZjFhZTBiY2M5ZTczIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6ImZyYjRwTEljV25Gbi9lZWVxWG8rNVE9PSIsInZhbHVlIjoiQmpIR3NydEtuVEhqYVBUWlFGUjdrQlhWVUQ3SkRGMXUxcjUvV3JjOUhEb0Eydjg0SmRRT1lHaUgzTjU5UDZBZHhsNGVGTzRocy9sUG8vN0gzQTN5c2MwNloycDd6eS9XS1JNMUhzKytxRXdncVJiNE9NUWlGL2VqRnFzT1RBNFgiLCJtYWMiOiIwOTI2N2Y1YTk4ZTc3YjYwYjkwOWY3ZWJlNzY4MWMyMWUxZjNmMDYyZmFiMWUzMTBjMzhhMmFkYzJhMTM1ZTQ5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:46 GMT
content-type: application/javascript
last-modified: Wed, 20 Oct 2021 12:30:18 GMT
vary: Accept-Encoding
etag: W/"61700bda-2487"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
content-encoding: br
cache-control: s-maxage=10
X-Firefox-Spdy: h2

unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js

104.16.123.175

302 Found

7.4 kB

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js
IP
104.16.123.175:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
7.4 kB (7367 bytes)
Hash
91b7abb8055f744511c50cfd40c96024
aaf8ff543c14c83a47833aaf05a8334310080d32
e4c92e227170d02368c35a0c1ecfd1e0a3bfae114d0f6c5205680bd65c7a3d79

HTTP Headers

GET /filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Fri, 07 Oct 2022 12:07:46 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GES572ZPPQVZ867K1A5D8AHC-ams
cf-cache-status: HIT
age: 303
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 756684b22b28fac0-OSL
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
8f914c75d78aabd8f442473c89339139
65f9275088f83adaabf31e48c76de615ceaf238d
e609b19f355624c89679e3029f5f54f6c1b0398d8b13aae97c6d11b2598dee66

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 12:07:47 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 12:52:20 GMT
Expires: Thu, 13 Oct 2022 12:52:19 GMT
Etag: "65f9275088f83adaabf31e48c76de615ceaf238d"
Cache-Control: max-age=520471,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 756684ba9fd61bfe-OSL

bedrapiona.com/5/5307591/?oo=1&js_build=iclick-v1.434.0

139.45.197.234

200 OK

6.3 kB

URL HTTP/2
bedrapiona.com/5/5307591/?oo=1&js_build=iclick-v1.434.0
IP
139.45.197.234:0
ASN
#9002 RETN Limited

File type
data
Size
6.3 kB (6347 bytes)
Hash
49e2e4b13fafc73616808f71a299a238
3a9efd6798b252b185cfe44d34cdf023f65abf7c
91448919d1c62411a0e2670fa7ea0a048f5d0091082296467072225abc4e464e

HTTP Headers

GET /5/5307591/?oo=1&js_build=iclick-v1.434.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:46 GMT
content-type: application/json
x-trace-id: f4c90b01c11b09aa2238c6a18dde63ec
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=1e1c9e6699e346e281f971cf13ea2aa0; expires=Sat, 07 Oct 2023 12:07:46 GMT; path=/; secure; SameSite=None
oaidts=1665144466; expires=Sat, 07 Oct 2023 12:07:46 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

interstitial-07.com/contents/s/f5/33/c9/3ff5b28ce50b1e6b9a5843d9f4/0744334562399.jpeg

139.45.197.152

200 OK

20 kB

URL HTTP/2
interstitial-07.com/contents/s/f5/33/c9/3ff5b28ce50b1e6b9a5843d9f4/0744334562399.jpeg
IP
139.45.197.152:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Size
20 kB (20112 bytes)
Hash
f533c93ff5b28ce50b1e6b9a5843d9f4
5483d2e7294716667f86cb07ad337e7b54409484
8037f98d491aa24e53a11eadf7cdc588d4a134b289955acca1f298379702ce81

HTTP Headers

GET /contents/s/f5/33/c9/3ff5b28ce50b1e6b9a5843d9f4/0744334562399.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=5KiJw7BDBzgssAn&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3667347890%26z%3D5307589%26b%3D14505326%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D8AyS_PO5ZVcrPjYVgEbqovhwQiZucN0BwK-DfYFsJfF8wJoamE4d3P6oz2MBM0DDJzlvFIAKcO2t_8aOj7GhjAlpHTRBDJYqPIzLeYMUlQ4nQ8XP_FY4qqQE2-W_6ML_lNG5DFAxN01jtFOE8ittJ1qlLOoV7DUa-JjpSxLxYxBsl0a4L04ruJcoAf08s-Fb4lkIFPJ9mwlRlMGomNKzWMqiqTLnIWgZK919sUCLBU2aTtLIKzlDzCX1bA5BwTPS_VbMom7E8xLwZZUNbyM6o0f_F8X0_Sa9966HxklpRjMsoLpI2WnBWWPVwz8SyAn7eUqYkxjusHfmZNFABm7gJ3_frQRKcqeFeS71eIldxJg0D5SBcFSz-um1GM6DWi19MYCYHqvBidv7yFYjXT93HJKUGUrUBkUptxZmvcGeBJU7OQsj2rDffEQ0QFdf34gSoEk2ig7eEsngQ4u3zAD78_6z3Wda5AaEcYJzlivx8phjAnQ8lZPqr4_WRCHBfBOlanwpzcb2AvKnEa3pGSElyXyF2YdcgfQXQFrA4P6Mr5R4lvy3Q6WgoiXlET4zInTD-TpnuS7RX_U7nHAlbRCn5ccDQ_HpoGn0W4MHdPzd_sYR2tWpEID6-AqwlDLx9czveWmEGQL_DF6hfW55%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3D66ac233f-7e1d-4499-9431-48da8cea3465%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FY8V8%252Fkur6996.rar%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: image/jpeg
content-length: 20112
last-modified: Wed, 19 Jan 2022 15:54:56 GMT
etag: "61e83450-4e90"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

offerimage.com/www/images/5c6ddc14315ee1b70fed3f043eaa7c23.jpeg

104.22.32.172

200 OK

11 kB

URL HTTP/2
offerimage.com/www/images/5c6ddc14315ee1b70fed3f043eaa7c23.jpeg
IP
104.22.32.172:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
11 kB (11204 bytes)
Hash
5c6ddc14315ee1b70fed3f043eaa7c23
fc46074c2cf103e8079de316ba76ccb83cfc1c69
55ed4007016d0b47bd0f34f788ed711d5b437bfaf472e1c94feeceb7bde75aa6

HTTP Headers

GET /www/images/5c6ddc14315ee1b70fed3f043eaa7c23.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: image/jpeg
content-length: 11204
cache-control: max-age=86400
cf-bgj: h2pri
etag: "633d4897-2bc4"
expires: Sat, 08 Oct 2022 08:54:52 GMT
last-modified: Wed, 05 Oct 2022 09:04:23 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 11574
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 756684bc38fff142-ARN
X-Firefox-Spdy: h2

interstitial-07.com/contents/s/5e/9b/98/c047812bb48d9b12a9d78bb7ba/0865874287824.jpeg

139.45.197.152

200 OK

52 kB

URL HTTP/2
interstitial-07.com/contents/s/5e/9b/98/c047812bb48d9b12a9d78bb7ba/0865874287824.jpeg
IP
139.45.197.152:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Size
52 kB (51805 bytes)
Hash
5e9b98c047812bb48d9b12a9d78bb7ba
a55f54b8b3cc2cc1a76e9a13979e007961d59fa4
7410b691e0099ec4f7bf23af1234f23e6823b0fa973366ccb472844c4b782fdd

HTTP Headers

GET /contents/s/5e/9b/98/c047812bb48d9b12a9d78bb7ba/0865874287824.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=5KiJw7BDBzgssAn&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3667347890%26z%3D5307589%26b%3D14505326%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D8AyS_PO5ZVcrPjYVgEbqovhwQiZucN0BwK-DfYFsJfF8wJoamE4d3P6oz2MBM0DDJzlvFIAKcO2t_8aOj7GhjAlpHTRBDJYqPIzLeYMUlQ4nQ8XP_FY4qqQE2-W_6ML_lNG5DFAxN01jtFOE8ittJ1qlLOoV7DUa-JjpSxLxYxBsl0a4L04ruJcoAf08s-Fb4lkIFPJ9mwlRlMGomNKzWMqiqTLnIWgZK919sUCLBU2aTtLIKzlDzCX1bA5BwTPS_VbMom7E8xLwZZUNbyM6o0f_F8X0_Sa9966HxklpRjMsoLpI2WnBWWPVwz8SyAn7eUqYkxjusHfmZNFABm7gJ3_frQRKcqeFeS71eIldxJg0D5SBcFSz-um1GM6DWi19MYCYHqvBidv7yFYjXT93HJKUGUrUBkUptxZmvcGeBJU7OQsj2rDffEQ0QFdf34gSoEk2ig7eEsngQ4u3zAD78_6z3Wda5AaEcYJzlivx8phjAnQ8lZPqr4_WRCHBfBOlanwpzcb2AvKnEa3pGSElyXyF2YdcgfQXQFrA4P6Mr5R4lvy3Q6WgoiXlET4zInTD-TpnuS7RX_U7nHAlbRCn5ccDQ_HpoGn0W4MHdPzd_sYR2tWpEID6-AqwlDLx9czveWmEGQL_DF6hfW55%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3D66ac233f-7e1d-4499-9431-48da8cea3465%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FY8V8%252Fkur6996.rar%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: image/jpeg
content-length: 51805
last-modified: Wed, 19 Jan 2022 15:54:55 GMT
etag: "61e8344f-ca5d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
671e371ca656241a058e39f941f52b91
e2f8c597830dbf6798c6e67563b25f8f2c5b9761
c8cf9147235e2f68fb2a2aa6aaab3d8934bb8e1a2a19e94e8c9ef6310ffdf88a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8CF9147235E2F68FB2A2AA6AAAB3D8934BB8E1A2A19E94E8C9EF6310FFDF88A"
Last-Modified: Wed, 05 Oct 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18174
Expires: Fri, 07 Oct 2022 17:10:41 GMT
Date: Fri, 07 Oct 2022 12:07:47 GMT
Connection: keep-alive

unphionetor.com/vctx?t=72747

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vctx?t=72747
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 22752a19139ee56369dc36d93b95e95e
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 12:07:48 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 3e5298bf4be5790083764fd111c9d61c
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

betotodilea.com/impression/TVHt-g6xsNrK5PHukdGkvtsmWnTObW-o4Go8rgIt8Ik3SAZqSN9uq6vsm6It-b0z9HMrdZDkYjAzzVQqq08ZmUZjRsjpyiifuJdhpJddJwlzqv867Dq6F7lHtBLAveVu_p1r2L6vQEX2rkbluflv8mQUyqFCIbPeB57wyphsi3y2Wl3pzgttG8ChpArHj1oMIsf4pU4ejHIqxaHOjGcPu4qlIpqa3sksqN4bqgcCSlvmZZSqoFkN-gecOg44TfBxALo6ro2XFGt9_yl1WCkiHQWhvkaTG7iVKdSPWfaO6P7KMZeViD2E_zWh6x8wBMLTEUphXjZm8fDixAmLW1q1oBk_GXUjtEi6_eU9Xr3ZKFlNCuBiYnmI3pFyrzTvLYBqpuulDrr6XaEtU9i6YMcmgIyI9mntZS6EoaEuxwph04igWq1n9YspxtQXyJWSaUCW9--UNzfnxBItdIu0Lcql-0-qjHeWCZX5ab0mRx6myJtuuiQeU2G6mfVxuLkkJV7bYBFLtvdCvAMPrW-Ic_VMYnn2rWWx_nwXZ0DvPEndWXxjBvgJokgdU3z0KmaXlyDBZSdTt8gE0TbJye00eaddzMne146SPEeu?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

43 B

URL HTTP/2
betotodilea.com/impression/TVHt-g6xsNrK5PHukdGkvtsmWnTObW-o4Go8rgIt8Ik3SAZqSN9uq6vsm6It-b0z9HMrdZDkYjAzzVQqq08ZmUZjRsjpyiifuJdhpJddJwlzqv867Dq6F7lHtBLAveVu_p1r2L6vQEX2rkbluflv8mQUyqFCIbPeB57wyphsi3y2Wl3pzgttG8ChpArHj1oMIsf4pU4ejHIqxaHOjGcPu4qlIpqa3sksqN4bqgcCSlvmZZSqoFkN-gecOg44TfBxALo6ro2XFGt9_yl1WCkiHQWhvkaTG7iVKdSPWfaO6P7KMZeViD2E_zWh6x8wBMLTEUphXjZm8fDixAmLW1q1oBk_GXUjtEi6_eU9Xr3ZKFlNCuBiYnmI3pFyrzTvLYBqpuulDrr6XaEtU9i6YMcmgIyI9mntZS6EoaEuxwph04igWq1n9YspxtQXyJWSaUCW9--UNzfnxBItdIu0Lcql-0-qjHeWCZX5ab0mRx6myJtuuiQeU2G6mfVxuLkkJV7bYBFLtvdCvAMPrW-Ic_VMYnn2rWWx_nwXZ0DvPEndWXxjBvgJokgdU3z0KmaXlyDBZSdTt8gE0TbJye00eaddzMne146SPEeu?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/TVHt-g6xsNrK5PHukdGkvtsmWnTObW-o4Go8rgIt8Ik3SAZqSN9uq6vsm6It-b0z9HMrdZDkYjAzzVQqq08ZmUZjRsjpyiifuJdhpJddJwlzqv867Dq6F7lHtBLAveVu_p1r2L6vQEX2rkbluflv8mQUyqFCIbPeB57wyphsi3y2Wl3pzgttG8ChpArHj1oMIsf4pU4ejHIqxaHOjGcPu4qlIpqa3sksqN4bqgcCSlvmZZSqoFkN-gecOg44TfBxALo6ro2XFGt9_yl1WCkiHQWhvkaTG7iVKdSPWfaO6P7KMZeViD2E_zWh6x8wBMLTEUphXjZm8fDixAmLW1q1oBk_GXUjtEi6_eU9Xr3ZKFlNCuBiYnmI3pFyrzTvLYBqpuulDrr6XaEtU9i6YMcmgIyI9mntZS6EoaEuxwph04igWq1n9YspxtQXyJWSaUCW9--UNzfnxBItdIu0Lcql-0-qjHeWCZX5ab0mRx6myJtuuiQeU2G6mfVxuLkkJV7bYBFLtvdCvAMPrW-Ic_VMYnn2rWWx_nwXZ0DvPEndWXxjBvgJokgdU3z0KmaXlyDBZSdTt8gE0TbJye00eaddzMne146SPEeu?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=1e1c9e6699e346e281f971cf13ea2aa0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:52 GMT
content-type: image/gif
content-length: 43
x-trace-id: 0e676d863fedccf85c44a554bfea31e3
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

betotodilea.com/500/5307588?excludes=15091650&oaid=1e1c9e6699e346e281f971cf13ea2aa0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5307588?excludes=15091650&oaid=1e1c9e6699e346e281f971cf13ea2aa0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/5307588?excludes=15091650&oaid=1e1c9e6699e346e281f971cf13ea2aa0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:52 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

139.45.197.237

200 OK

12 kB

URL HTTP/2
betotodilea.com/500/5307588?excludes=15091650&oaid=1e1c9e6699e346e281f971cf13ea2aa0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
12 kB (11905 bytes)
Hash
116b0074e8699efa180cc3ab7e670954
719e3710782e984692521686a742d85981510dec
ee153d83c32731d5c84bf90478d4c537b1fc4324040bd8cd06e98acf01216569

HTTP Headers

GET /500/5307588?excludes=15091650&oaid=1e1c9e6699e346e281f971cf13ea2aa0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=1e1c9e6699e346e281f971cf13ea2aa0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:52 GMT
content-type: application/javascript
x-trace-id: 98bbdecaa9a12e7bea2dc06b956f696b
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=1e1c9e6699e346e281f971cf13ea2aa0; expires=Sat, 07 Oct 2023 12:07:52 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=0d3b6972914244e781449c8051686a15&zoneId=5307590&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?pub=0&userId=0d3b6972914244e781449c8051686a15&zoneId=5307590&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
1936da198ba2261be6d3ee46c6cb0a8c
08a0571d95f8ba5263d236903373fd256ac1ce95
d190bf1cdbf7decd8eea135a9eb3ea9b77b5951814e0f52c2a2c580954a07e4e

HTTP Headers

GET /gid.js?pub=0&userId=0d3b6972914244e781449c8051686a15&zoneId=5307590&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Cookie: ID=1e1c9e6699e346e281f971cf13ea2aa0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:54 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=1e1c9e6699e346e281f971cf13ea2aa0; expires=Sat, 07 Oct 2023 12:07:54 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

nanouwho.com/1?z=5307589

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/1?z=5307589
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /1?z=5307589 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 3e0d3956978facc3ccd3dcc9cdb618ba
access-control-expose-headers: X-Sc
x-sc: 272GdyICe5F0K_X13T1HApR6ww-5pUI27CRonpseCLIh_AdrzJ7p0d0lUfIK3dcxD63BnPv-ohdEOyQPUWqjvTjZQt4=
set-cookie: scm=1; expires=Sat, 07 Oct 2023 12:07:47 GMT; secure; SameSite=None
OAID=bbee866dadbe4a2689d2982bba0b905d; expires=Sat, 07 Oct 2023 12:07:47 GMT; secure; SameSite=None
oaidts=1665144467; expires=Sat, 07 Oct 2023 12:07:47 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

betotodilea.com/400/5307588

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/400/5307588
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /400/5307588 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: application/javascript
x-trace-id: f98f2526574c8f6201e3b31cc7740d81
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=2894f369e8d545d1972fbaf4f094a54e; expires=Sat, 07 Oct 2023 12:07:47 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

interstitial-07.com/?l=5KiJw7BDBzgssAn&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3667347890%26z%3D5307589%26b%3D14505326%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D8AyS_PO5ZVcrPjYVgEbqovhwQiZucN0BwK-DfYFsJfF8wJoamE4d3P6oz2MBM0DDJzlvFIAKcO2t_8aOj7GhjAlpHTRBDJYqPIzLeYMUlQ4nQ8XP_FY4qqQE2-W_6ML_lNG5DFAxN01jtFOE8ittJ1qlLOoV7DUa-JjpSxLxYxBsl0a4L04ruJcoAf08s-Fb4lkIFPJ9mwlRlMGomNKzWMqiqTLnIWgZK919sUCLBU2aTtLIKzlDzCX1bA5BwTPS_VbMom7E8xLwZZUNbyM6o0f_F8X0_Sa9966HxklpRjMsoLpI2WnBWWPVwz8SyAn7eUqYkxjusHfmZNFABm7gJ3_frQRKcqeFeS71eIldxJg0D5SBcFSz-um1GM6DWi19MYCYHqvBidv7yFYjXT93HJKUGUrUBkUptxZmvcGeBJU7OQsj2rDffEQ0QFdf34gSoEk2ig7eEsngQ4u3zAD78_6z3Wda5AaEcYJzlivx8phjAnQ8lZPqr4_WRCHBfBOlanwpzcb2AvKnEa3pGSElyXyF2YdcgfQXQFrA4P6Mr5R4lvy3Q6WgoiXlET4zInTD-TpnuS7RX_U7nHAlbRCn5ccDQ_HpoGn0W4MHdPzd_sYR2tWpEID6-AqwlDLx9czveWmEGQL_DF6hfW55%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3D66ac233f-7e1d-4499-9431-48da8cea3465%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FY8V8%252Fkur6996.rar%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0

139.45.197.152

200 OK

0 B

URL HTTP/2
interstitial-07.com/?l=5KiJw7BDBzgssAn&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3667347890%26z%3D5307589%26b%3D14505326%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D8AyS_PO5ZVcrPjYVgEbqovhwQiZucN0BwK-DfYFsJfF8wJoamE4d3P6oz2MBM0DDJzlvFIAKcO2t_8aOj7GhjAlpHTRBDJYqPIzLeYMUlQ4nQ8XP_FY4qqQE2-W_6ML_lNG5DFAxN01jtFOE8ittJ1qlLOoV7DUa-JjpSxLxYxBsl0a4L04ruJcoAf08s-Fb4lkIFPJ9mwlRlMGomNKzWMqiqTLnIWgZK919sUCLBU2aTtLIKzlDzCX1bA5BwTPS_VbMom7E8xLwZZUNbyM6o0f_F8X0_Sa9966HxklpRjMsoLpI2WnBWWPVwz8SyAn7eUqYkxjusHfmZNFABm7gJ3_frQRKcqeFeS71eIldxJg0D5SBcFSz-um1GM6DWi19MYCYHqvBidv7yFYjXT93HJKUGUrUBkUptxZmvcGeBJU7OQsj2rDffEQ0QFdf34gSoEk2ig7eEsngQ4u3zAD78_6z3Wda5AaEcYJzlivx8phjAnQ8lZPqr4_WRCHBfBOlanwpzcb2AvKnEa3pGSElyXyF2YdcgfQXQFrA4P6Mr5R4lvy3Q6WgoiXlET4zInTD-TpnuS7RX_U7nHAlbRCn5ccDQ_HpoGn0W4MHdPzd_sYR2tWpEID6-AqwlDLx9czveWmEGQL_DF6hfW55%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3D66ac233f-7e1d-4499-9431-48da8cea3465%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FY8V8%252Fkur6996.rar%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP
139.45.197.152:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?l=5KiJw7BDBzgssAn&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3667347890%26z%3D5307589%26b%3D14505326%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D8AyS_PO5ZVcrPjYVgEbqovhwQiZucN0BwK-DfYFsJfF8wJoamE4d3P6oz2MBM0DDJzlvFIAKcO2t_8aOj7GhjAlpHTRBDJYqPIzLeYMUlQ4nQ8XP_FY4qqQE2-W_6ML_lNG5DFAxN01jtFOE8ittJ1qlLOoV7DUa-JjpSxLxYxBsl0a4L04ruJcoAf08s-Fb4lkIFPJ9mwlRlMGomNKzWMqiqTLnIWgZK919sUCLBU2aTtLIKzlDzCX1bA5BwTPS_VbMom7E8xLwZZUNbyM6o0f_F8X0_Sa9966HxklpRjMsoLpI2WnBWWPVwz8SyAn7eUqYkxjusHfmZNFABm7gJ3_frQRKcqeFeS71eIldxJg0D5SBcFSz-um1GM6DWi19MYCYHqvBidv7yFYjXT93HJKUGUrUBkUptxZmvcGeBJU7OQsj2rDffEQ0QFdf34gSoEk2ig7eEsngQ4u3zAD78_6z3Wda5AaEcYJzlivx8phjAnQ8lZPqr4_WRCHBfBOlanwpzcb2AvKnEa3pGSElyXyF2YdcgfQXQFrA4P6Mr5R4lvy3Q6WgoiXlET4zInTD-TpnuS7RX_U7nHAlbRCn5ccDQ_HpoGn0W4MHdPzd_sYR2tWpEID6-AqwlDLx9czveWmEGQL_DF6hfW55%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3D66ac233f-7e1d-4499-9431-48da8cea3465%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FY8V8%252Fkur6996.rar%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.26
set-cookie: reverse=RnsDfcBlH9A8KNKTYfIwICrLZVEW6f3goNHautyKvBk; expires=Fri, 07-Oct-2022 13:07:47 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2

unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js

104.16.123.175

302 Found

0 B

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js
IP
104.16.123.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Fri, 07 Oct 2022 12:07:46 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GES53KKE0VYVCNFNW8FCWPSA-ams
cf-cache-status: HIT
age: 417
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 756684b22b2ffac0-OSL
X-Firefox-Spdy: h2

betotodilea.com/500/5307588?excludes=&oaid=1e1c9e6699e346e281f971cf13ea2aa0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5307588?excludes=&oaid=1e1c9e6699e346e281f971cf13ea2aa0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /500/5307588?excludes=&oaid=1e1c9e6699e346e281f971cf13ea2aa0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FY8V8%2Fkur6996.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=2894f369e8d545d1972fbaf4f094a54e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: application/javascript
x-trace-id: bcd1b41b05585eed561f54c06b68c448
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=1e1c9e6699e346e281f971cf13ea2aa0; expires=Sat, 07 Oct 2023 12:07:47 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

anonymfile.com/sw.js

138.201.48.112

404 Not Found

0 B

URL HTTP/2
anonymfile.com/sw.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/Y8V8/kur6996.rar
Cookie: XSRF-TOKEN=eyJpdiI6Ik9GdUs1UjVjTS9lV0t1b1BPUHUrTkE9PSIsInZhbHVlIjoiK2w0WWVZWkhwR3paL0NXTDAvUXBFYm5CVThqTDlwczZEVzVLMEJ0aWYxZU9PdVJTaTJoN1pXOUNCUWRBYWg1ckhuUGZBbEx6aUF0SDdCTU00anJOK0ozbUpvWVB5UVBpOXBPZ1Y5UCtjQ2FHblg0cUs1ZkM3cFZBanRzUGxlL2siLCJtYWMiOiJjZDdmYWJmYmRmZDM5YTU5ODU3MzZmOGZmZWEyZjgwZTg0NWU0ZjNkOTE3ZTMzMGQ3YmZkZjFhZTBiY2M5ZTczIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6ImZyYjRwTEljV25Gbi9lZWVxWG8rNVE9PSIsInZhbHVlIjoiQmpIR3NydEtuVEhqYVBUWlFGUjdrQlhWVUQ3SkRGMXUxcjUvV3JjOUhEb0Eydjg0SmRRT1lHaUgzTjU5UDZBZHhsNGVGTzRocy9sUG8vN0gzQTN5c2MwNloycDd6eS9XS1JNMUhzKytxRXdncVJiNE9NUWlGL2VqRnFzT1RBNFgiLCJtYWMiOiIwOTI2N2Y1YTk4ZTc3YjYwYjkwOWY3ZWJlNzY4MWMyMWUxZjNmMDYyZmFiMWUzMTBjMzhhMmFkYzJhMTM1ZTQ5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Fri, 07 Oct 2022 12:07:46 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2

unphionetor.com/fv.js?t=72747&cb=817323766

139.45.197.236

200 OK

0 B

URL HTTP/2
unphionetor.com/fv.js?t=72747&cb=817323766
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fv.js?t=72747&cb=817323766 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 99b4586979a9a959eff0ac2d4e7ba310
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

anonymfile.com/Y8V8/kur6996.rar

138.201.48.112

200 OK

0 B

URL HTTP/2
anonymfile.com/Y8V8/kur6996.rar
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /Y8V8/kur6996.rar HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: XSRF-TOKEN=eyJpdiI6Ik9GdUs1UjVjTS9lV0t1b1BPUHUrTkE9PSIsInZhbHVlIjoiK2w0WWVZWkhwR3paL0NXTDAvUXBFYm5CVThqTDlwczZEVzVLMEJ0aWYxZU9PdVJTaTJoN1pXOUNCUWRBYWg1ckhuUGZBbEx6aUF0SDdCTU00anJOK0ozbUpvWVB5UVBpOXBPZ1Y5UCtjQ2FHblg0cUs1ZkM3cFZBanRzUGxlL2siLCJtYWMiOiJjZDdmYWJmYmRmZDM5YTU5ODU3MzZmOGZmZWEyZjgwZTg0NWU0ZjNkOTE3ZTMzMGQ3YmZkZjFhZTBiY2M5ZTczIiwidGFnIjoiIn0%3D; expires=Fri, 07-Oct-2022 14:07:45 GMT; Max-Age=7200; path=/; samesite=lax
anonymfile_session=eyJpdiI6ImZyYjRwTEljV25Gbi9lZWVxWG8rNVE9PSIsInZhbHVlIjoiQmpIR3NydEtuVEhqYVBUWlFGUjdrQlhWVUQ3SkRGMXUxcjUvV3JjOUhEb0Eydjg0SmRRT1lHaUgzTjU5UDZBZHhsNGVGTzRocy9sUG8vN0gzQTN5c2MwNloycDd6eS9XS1JNMUhzKytxRXdncVJiNE9NUWlGL2VqRnFzT1RBNFgiLCJtYWMiOiIwOTI2N2Y1YTk4ZTc3YjYwYjkwOWY3ZWJlNzY4MWMyMWUxZjNmMDYyZmFiMWUzMTBjMzhhMmFkYzJhMTM1ZTQ5IiwidGFnIjoiIn0%3D; expires=Fri, 07-Oct-2022 14:07:45 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
date: Fri, 07 Oct 2022 12:07:45 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2

anonymfile.com/css/theme.min.css

138.201.48.112

200 OK

0 B

URL HTTP/2
anonymfile.com/css/theme.min.css
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/theme.min.css HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/Y8V8/kur6996.rar
Cookie: XSRF-TOKEN=eyJpdiI6Ik9GdUs1UjVjTS9lV0t1b1BPUHUrTkE9PSIsInZhbHVlIjoiK2w0WWVZWkhwR3paL0NXTDAvUXBFYm5CVThqTDlwczZEVzVLMEJ0aWYxZU9PdVJTaTJoN1pXOUNCUWRBYWg1ckhuUGZBbEx6aUF0SDdCTU00anJOK0ozbUpvWVB5UVBpOXBPZ1Y5UCtjQ2FHblg0cUs1ZkM3cFZBanRzUGxlL2siLCJtYWMiOiJjZDdmYWJmYmRmZDM5YTU5ODU3MzZmOGZmZWEyZjgwZTg0NWU0ZjNkOTE3ZTMzMGQ3YmZkZjFhZTBiY2M5ZTczIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6ImZyYjRwTEljV25Gbi9lZWVxWG8rNVE9PSIsInZhbHVlIjoiQmpIR3NydEtuVEhqYVBUWlFGUjdrQlhWVUQ3SkRGMXUxcjUvV3JjOUhEb0Eydjg0SmRRT1lHaUgzTjU5UDZBZHhsNGVGTzRocy9sUG8vN0gzQTN5c2MwNloycDd6eS9XS1JNMUhzKytxRXdncVJiNE9NUWlGL2VqRnFzT1RBNFgiLCJtYWMiOiIwOTI2N2Y1YTk4ZTc3YjYwYjkwOWY3ZWJlNzY4MWMyMWUxZjNmMDYyZmFiMWUzMTBjMzhhMmFkYzJhMTM1ZTQ5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 12:07:45 GMT
content-type: text/css
last-modified: Fri, 22 Oct 2021 08:15:50 GMT
vary: Accept-Encoding
etag: W/"61727336-921fb"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
content-encoding: br
cache-control: s-maxage=10
X-Firefox-Spdy: h2

anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js

138.201.48.112

200 OK

0 B

URL HTTP/2
anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pagespeed_static/js_defer.I4cHjq6EEP.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/Y8V8/kur6996.rar
Cookie: XSRF-TOKEN=eyJpdiI6Ik9GdUs1UjVjTS9lV0t1b1BPUHUrTkE9PSIsInZhbHVlIjoiK2w0WWVZWkhwR3paL0NXTDAvUXBFYm5CVThqTDlwczZEVzVLMEJ0aWYxZU9PdVJTaTJoN1pXOUNCUWRBYWg1ckhuUGZBbEx6aUF0SDdCTU00anJOK0ozbUpvWVB5UVBpOXBPZ1Y5UCtjQ2FHblg0cUs1ZkM3cFZBanRzUGxlL2siLCJtYWMiOiJjZDdmYWJmYmRmZDM5YTU5ODU3MzZmOGZmZWEyZjgwZTg0NWU0ZjNkOTE3ZTMzMGQ3YmZkZjFhZTBiY2M5ZTczIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6ImZyYjRwTEljV25Gbi9lZWVxWG8rNVE9PSIsInZhbHVlIjoiQmpIR3NydEtuVEhqYVBUWlFGUjdrQlhWVUQ3SkRGMXUxcjUvV3JjOUhEb0Eydjg0SmRRT1lHaUgzTjU5UDZBZHhsNGVGTzRocy9sUG8vN0gzQTN5c2MwNloycDd6eS9XS1JNMUhzKytxRXdncVJiNE9NUWlGL2VqRnFzT1RBNFgiLCJtYWMiOiIwOTI2N2Y1YTk4ZTc3YjYwYjkwOWY3ZWJlNzY4MWMyMWUxZjNmMDYyZmFiMWUzMTBjMzhhMmFkYzJhMTM1ZTQ5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
vary: Accept-Encoding
x-content-type-options: nosniff
date: Fri, 07 Oct 2022 12:07:45 GMT
last-modified: Fri, 07 Oct 2022 12:07:45 GMT
cache-control: max-age=31536000
etag: W/"0"
content-encoding: br
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

104.21.84.149

200 OK

0 B

URL HTTP/2
tzegilo.com/stattag.js
IP
104.21.84.149:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 07 Oct 2022 12:07:47 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 90
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j2EEiDwEFPut8zRvjvV7nCrjhWnZUWb%2FY7ndR%2FaTqzuxVTpdlvkD0K4wgBPvbw%2F5rTYrU6J7llg7RLrTTfdObPLrhiLHyTGEIux9vDOhlph65rutytyulPqoX46Rbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 756684b87991b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (28)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations