Report - anonzip.com/C4r/Windows.rar

Report Overview

Submitted URL
anonzip.com/C4r/Windows.rar
IP
135.181.248.190
ASN
#24940 Hetzner Online GmbH
Submitted
2024-05-04 10:19:10
Access
public
Website Title
Windows.rar - AnonZip.com
Final URL
anonzip.com/C4r/Windows.rar
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
58

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
lkbx.me	117868	2020-11-24	2020-12-14	2024-05-03	496 B	1.4 kB	47.89.248.255
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-03	418 B	102 kB	142.250.74.168
externalde.com	unknown	2024-02-28	2024-02-28	2024-05-03	653 B	21 kB	188.114.96.1
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-04	913 B	39 kB	142.250.74.106
tzegilo.com	unknown	2022-01-14	2022-01-14	2024-05-02	392 B	8.2 kB	172.67.193.52
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-05-03	486 B	640 B	139.45.197.250
securedpeacomm.com	unknown	2023-02-27	2023-02-27	2024-05-03	673 B	894 B	104.21.64.36
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-02	512 B	1.2 kB	35.244.181.201
alwingulla.com	unknown	2023-05-22	2023-05-22	2024-04-30	400 B	82 kB	172.67.152.114
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-04	4.9 kB	316 kB	216.58.207.227
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-03	455 B	740 B	139.45.195.8
fleraprt.com	unknown	2022-01-14	2022-01-14	2024-05-03	561 B	479 B	139.45.195.254
track.jefytrack.com	unknown	2023-07-04	2023-09-05	2024-05-02	744 B	2.2 kB	143.204.55.21
veepteero.com	unknown	2023-05-08	2023-05-09	2024-04-30	1.5 kB	11 kB	139.45.197.242
cameesse.net	unknown	2023-10-18	2023-10-18	2024-05-02	7.0 kB	439 kB	139.45.197.242
gishejuy.com	unknown	2023-10-25	2023-10-25	2024-05-03	5.1 kB	70 kB	139.45.197.242
moonoafy.net	unknown	2024-01-09	2024-01-09	2024-04-30	3.8 kB	109 kB	139.45.197.250
anonzip.com	unknown	2024-01-04	2024-02-18	2024-04-18	16 kB	1.2 MB	135.181.248.190
aistekso.net	unknown	2023-10-16	2023-10-16	2024-04-30	2.7 kB	52 kB	139.45.197.244
offerimage.com	304078	2019-06-10	2019-06-10	2024-05-02	1.8 kB	73 kB	104.22.32.172

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	veepteero.com	Sinkholed
2024-05-04	medium	cameesse.net	Sinkholed
2024-05-04	medium	fleraprt.com	Sinkholed
2024-05-04	medium	gishejuy.com	Sinkholed
2024-05-04	medium	aistekso.net	Sinkholed
2024-05-04	medium	aistekso.net	Sinkholed
2024-05-04	medium	cameesse.net	Sinkholed
2024-05-04	medium	cameesse.net	Sinkholed
2024-05-04	medium	gishejuy.com	Sinkholed
2024-05-04	medium	moonoafy.net	Sinkholed
2024-05-04	medium	cameesse.net	Sinkholed
2024-05-04	medium	cameesse.net	Sinkholed
2024-05-04	medium	moonoafy.net	Sinkholed
2024-05-04	medium	moonoafy.net	Sinkholed
2024-05-04	medium	moonoafy.net	Sinkholed
2024-05-04	medium	tzegilo.com	Sinkholed
2024-05-04	medium	moonoafy.net	Sinkholed
2024-05-04	medium	amunfezanttor.com	Sinkholed
2024-05-04	medium	gishejuy.com	Sinkholed
2024-05-04	medium	aistekso.net	Sinkholed
2024-05-04	medium	gishejuy.com	Sinkholed
2024-05-04	medium	gishejuy.com	Sinkholed
2024-05-04	medium	cameesse.net	Sinkholed
2024-05-04	medium	cameesse.net	Sinkholed
2024-05-04	medium	moonoafy.net	Sinkholed
2024-05-04	medium	moonoafy.net	Sinkholed
2024-05-04	medium	alwingulla.com	Sinkholed
2024-05-04	medium	moonoafy.net	Sinkholed
2024-05-04	medium	veepteero.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (25)

	URL	Size	First Seen	Last Seen
	moonoafy.net/pfe/current/tag.min.js?z=7406592	15 kB	2024-04-25	2024-05-14
Pretty URL moonoafy.net/pfe/current/tag.min.js?z=7406592 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:19:47 Last Seen2024-05-14 14:21:41 Times Seen215 Hash ffdd38e0a5a1a47cb341a116a3318e0e 2fd730feff506cf56e14c531e9d89cdea2cca424 7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c Loading...

	gishejuy.com/400/7406589	84 kB	2024-05-04	2024-05-04
Pretty URL gishejuy.com/400/7406589 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 12:19:12 Last Seen2024-05-04 12:19:12 Times Seen1 Hash a87770066525a7a432e8fdc06d0b3502 c4fab1a1ad3039ddce6a729ff10fff92e45aa007 164b5175aa3ae4190d6d38a911bd88b32094324e6158ec43bf16b7385a53f592 Loading...

	unknown	90 kB	2024-04-25	2024-05-14
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:19:47 Last Seen2024-05-14 14:21:41 Times Seen281 Hash 4caad44ecc6a13eba45b63ed7cf9e387 e67dfe90bebd5447495d8fe962d03e55f6d13071 66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00 Loading...

	alwingulla.com/88/tag.min.js	81 kB	2024-05-04	2024-05-05
Pretty URL alwingulla.com/88/tag.min.js IP 172.67.152.114 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 00:02:57 Last Seen2024-05-05 12:14:36 Times Seen29 Hash d8fe6d8977be78f78ee48c068b8c8686 e9c96bfc9bcd374f528f73c0441c2358d6d1d135 43423a879e310562ceed423aa563f4fac45713e6f59b0517d897e2c96a42993b Loading...

	lkbx.me/4KqY7?uid=wj23a03osa94r221je85hs2i	0 B	2023-03-07	2024-05-22
Pretty URL lkbx.me/4KqY7?uid=wj23a03osa94r221je85hs2i IP 47.89.248.255 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-22 17:03:59 Times Seen37976899 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cameesse.net/1?z=7406590	43 kB	2024-05-04	2024-05-04
Pretty URL cameesse.net/1?z=7406590 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 12:19:12 Last Seen2024-05-04 12:19:12 Times Seen1 Hash 34da00862612e138b624d9736d8ebf1d 038dd31102eb77beb2ddb0222370f554818fc965 3d6a4011334350c4601d62b8726ce3b08f4a63dc54dc77ad1c35f9cf48cd79b0 Loading...

	anonzip.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js	87 kB	2023-03-07	2024-05-22
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:28 Last Seen2024-05-22 11:08:39 Times Seen7700 Hash 5b5a269bd363e0886c17d855c2aab241 042dd055cd289215835a58507c9531f808e1648a 1cf30e59d21d4ae560af7143f5913efcc8222bcaa4fcc7508eb802b5faa9e94e Loading...

	anonzip.com/themes/spirit/assets/frontend/js/granim.min.js	11 kB	2023-03-07	2024-05-22
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/granim.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-22 00:04:19 Times Seen692 Hash 714368d20c70f8c91b0a596e128dac07 563954ec3a896fc129d014f01836245829f6d01d e70b27194b8793b68cccee28a6d8a1e39aae2ce5d28d5e71ac204d7a3ac164e3 Loading...

	anonzip.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js	6.0 kB	2023-03-07	2024-05-22
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-22 00:04:19 Times Seen591 Hash c9e3a210d83398f301b3a7049c259676 8e227bb40fe120841829a7fef0ffeb091d179a91 aeda362b1d693480453b895cbcf8b92629f58240c42ba8c643f0d5d338baf805 Loading...

	anonzip.com/C4r/Windows.rar	44 B	2023-03-07	2024-05-22
Pretty URL anonzip.com/C4r/Windows.rar IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-22 07:27:21 Times Seen3201 Hash 21d884540875fb4d2b8f280c541d092c 9f2a58bb4ff1897269b2df54e333ce35d4435b91 8f75c65a00382bae7799a76f3517023df9a72035e9b469e95469b028d4bd0d0a Loading...

	aistekso.net/401/7406591	91 kB	2024-05-04	2024-05-04
Pretty URL aistekso.net/401/7406591 IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 12:19:12 Last Seen2024-05-04 12:19:12 Times Seen1 Hash 9fc61c35740c4b438aef21dd78d97396 b36957901bdad789c3805b7467a77642f5c9bbe9 39bf2eec414564dd898ddc1d5e47605174f76b900e04c966a0f2376a7cdec003 Loading...

	cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a	413 kB	2024-04-11	2024-05-22
Pretty URL cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-11 13:26:00 Last Seen2024-05-22 13:07:09 Times Seen305 Hash 297cc248309ba835cf13a1f82fd3f938 1e6f51ce257a0ee53e25280dd44092ed33339847 b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7 Loading...

	anonzip.com/C4r/Windows.rar	926 B	2024-05-04	2024-05-04
Pretty URL anonzip.com/C4r/Windows.rar IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 12:19:12 Last Seen2024-05-04 12:19:12 Times Seen1 Hash 9fa7088c9d43cd99d13c06f5dde1430e 6957ebc512546a2380b3b12b1c66c2b4a4317662 f50f9174ce2784c94ebc92e14a021603327a75b4938ca8f8c7782435f097fe13 Loading...

	www.googletagmanager.com/gtag/js?id=G-GWR0PX9LQC	306 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-GWR0PX9LQC IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 12:19:12 Last Seen2024-05-04 12:19:12 Times Seen2 Hash aa9a11248d77dd21bba3adf175c4de36 33dd2cd46f475d590b86fbe8e45f01fe04414863 23d8af290ede4c125065d6f33d92130c9482715c022a5f8860944ae61893c288 Loading...

	tzegilo.com/stattag.js	19 kB	2024-02-10	2024-05-22
Pretty URL tzegilo.com/stattag.js IP 172.67.193.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-10 03:00:18 Last Seen2024-05-22 13:07:09 Times Seen1883 Hash 70ebd404c2e1e7bad13998538b56887c 86e57af8ba3cfc2c004da3311835f6b54ba6d848 d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f Loading...

	anonzip.com/themes/spirit/assets/frontend/js/flickity.min.js	54 kB	2023-03-07	2024-05-22
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/flickity.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-22 00:04:19 Times Seen686 Hash 8c1e666176ac7bdce67d58b45823ffac 75947e4316427ce0c5e33300aeb4dc4d7d54dd09 c0b706b9b1ca12b631496228a0eb0fe15ccb14f21ab554f6c4b4f20474e4d3a6 Loading...

	anonzip.com/themes/spirit/assets/frontend/js/typed.min.js	3.9 kB	2023-03-07	2024-05-22
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/typed.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-22 07:27:21 Times Seen6164 Hash 2f6185a8a32a50b2b3e04849f44359d4 0e5501588c5c0d1c9462f34b0d56c21abff5bfef 914df93a9770d8a0e132b6ce3e8f1cfba0e0fae8f3b9002a3f0eb47c3d0cc97b Loading...

	anonzip.com/themes/spirit/assets/frontend/js/datepicker.js	21 kB	2023-03-07	2024-05-22
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/datepicker.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-22 03:26:44 Times Seen6139 Hash 8cfe207a6a21c7495cfb751c761217a6 35d686a6c4ecc9946c35444ce93e110cb0e1611c 804e3c2608de23694fa71684178e2f9815115d56ee022ec770e1fcb208847acc Loading...

	anonzip.com/themes/spirit/assets/frontend/js/scripts.js	115 kB	2023-03-07	2024-05-22
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/scripts.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-22 00:04:19 Times Seen441 Hash ce260d2170faf98639ab8e0e3758f1e2 32eeb82a44bf0bce2df78eafae9f2e9ff8d72e1f ac331833ebf1c06b0f8565caaeb4760c2184bd89d1cb5574c3947a8d0b6dca1c Loading...

	anonzip.com/C4r/Windows.rar	292 B	2023-03-07	2024-05-22
Pretty URL anonzip.com/C4r/Windows.rar IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-22 07:27:21 Times Seen3306 Hash f6038f840321581380bcf8e68fbec2ed 9c64ca84baabd04b9994597b90882d8ec7158ba2 fc7d223cc022e6a00869dea89642667579b0ca033afb07bb0070c7b7a0fd23c3 Loading...

	anonzip.com/themes/spirit/assets/frontend/js/cookiealert.js	1.8 kB	2023-03-07	2024-05-22
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/cookiealert.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:47:38 Last Seen2024-05-22 00:04:19 Times Seen5582 Hash 81279e22c8ece9e1d0536a402484daa3 911797507fb12d4f451d5900e32db96ad697c401 5c6237178e88ab7f1c6e26c9e99547e58782450b8f2a182129448ff4d99e89ab Loading...

	anonzip.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js	70 kB	2023-03-07	2024-05-22
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-22 00:04:19 Times Seen692 Hash 6fda19caa29287e6f584f0557fdeb6d4 40f58160090cd1f022704ee1352b343adb9e73b9 8ef749c3869991924150dc932c48cd57bf69ac25a378bb2e14f8e1733c17406f Loading...

	anonzip.com/themes/spirit/assets/frontend/js/jquery.steps.min.js	14 kB	2023-03-07	2024-05-22
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/jquery.steps.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-22 00:04:19 Times Seen718 Hash 0eef6fe46d14f860d5666d2c7b13a564 7ab5f7deaca2f71efbc3bf9f5ba27b89d4697dbe 95a14a4473ff130eb29f3cc02e135978505655e3c931b6c3726dedd4f558f843 Loading...

	anonzip.com/themes/spirit/assets/frontend/js/countdown.min.js	5.4 kB	2023-03-07	2024-05-22
Pretty URL anonzip.com/themes/spirit/assets/frontend/js/countdown.min.js IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-05-22 07:50:50 Times Seen1116 Hash 76a923d3d69255c45cd24bf9b100244f eb3c96f9901692f1a03500ea632963a16afdb985 8f195573d6fa06641814b476fea2b92579c983cac46d683f356238207692c9f5 Loading...

	anonzip.com/C4r/Windows.rar	153 B	2024-04-27	2024-05-22
Pretty URL anonzip.com/C4r/Windows.rar IP 135.181.248.190 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-27 19:33:14 Last Seen2024-05-22 00:04:19 Times Seen61 Hash ebe6363c450e15741bfd266f056b7edd f27cab116d6ddcd32461aff593ac5dc540733b65 8a7acc7ff41204b7b271b201840225ed7ac744a12486add35ca7bbfc06baf9f6 Loading...

HTTP Transactions (82)

URL IP Response Size

anonzip.com/C4r/Windows.rar

135.181.248.190

200 OK

4.6 kB

URL User Request GET HTTP/1.1
anonzip.com/C4r/Windows.rar
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
4.6 kB (4639 bytes)
Hash
14cbab8ee0d7b7510dce29d37882c530
211b718a229fc44697bab2ce44467fcd868252e2
6f0a1ff56a833d282a3ff82ae8e6da478bf68b9fa4f875fbcc7ac69fcb55303f

HTTP Headers

GET /C4r/Windows.rar HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5; expires=Sun, 05-May-2024 10:18:43 GMT; Max-Age=86400; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, no-cache, private
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Encoding: gzip

anonzip.com/themes/spirit/assets/frontend/css/bootstrap.min.css

135.181.248.190

200 OK

77 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/bootstrap.min.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with very long lines (65319), with CRLF line terminators
Size
77 kB (76922 bytes)
Hash
9b67b9ffbfcbe226a8c413fa740fd91c
7837bd0c312897e46311aaf472947f3e23d75df2
2642f94894419d1cebdc4a010b9380a7403063dd6d28ea8a80bd5ebd01186732

HTTP Headers

GET /themes/spirit/assets/frontend/css/bootstrap.min.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Type: text/css
Content-Length: 76922
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-12c7a"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/stack-interface.css

135.181.248.190

200 OK

3.2 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/stack-interface.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
3.2 kB (3160 bytes)
Hash
4541b29b6040bc31b760f98e914fd1d7
0521a4f98cdf5e1fde3eeb9cae64fd39075cd9ba
6910b6609166588208a24355d3c3666140dd0d7fcb3884b31eedb72773e44794

HTTP Headers

GET /themes/spirit/assets/frontend/css/stack-interface.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Type: text/css
Content-Length: 3160
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-c58"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/socicon.css

135.181.248.190

200 OK

9.8 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/socicon.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with CRLF line terminators
Size
9.8 kB (9838 bytes)
Hash
910a42ce112991b31b30a735f1006a5f
6c8b4769270f1c86bb1c7a6b54325465395ba614
010e6ffb18715ededb10c4ae5a8518475c138fb63b83ec1c125d09b714ccdd8b

HTTP Headers

GET /themes/spirit/assets/frontend/css/socicon.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Type: text/css
Content-Length: 9838
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-266e"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/lightbox.min.css

135.181.248.190

200 OK

3.9 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/lightbox.min.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with CRLF line terminators
Size
3.9 kB (3889 bytes)
Hash
30265c8089a8f3e871d0873ef6a5b944
2804a2fe5a6a956626ce6a46adf6b1a0676ee13d
f9f33dca7f9a5a735a0a03502993e0a092df81d820beb1ed4071e4611a9630ed

HTTP Headers

GET /themes/spirit/assets/frontend/css/lightbox.min.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Type: text/css
Content-Length: 3889
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-f31"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/jquery.steps.css

135.181.248.190

200 OK

6.0 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/jquery.steps.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with CRLF line terminators
Size
6.0 kB (6019 bytes)
Hash
25cfe48e07622a00154b677afcbaeb47
23e3ae1bd04ad1d00d25d30e39815104ceeae52f
709debbdebf13d8d6c85571caee6e44629142518e9336ed1aa01d6e94ab4d056

HTTP Headers

GET /themes/spirit/assets/frontend/css/jquery.steps.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Type: text/css
Content-Length: 6019
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-1783"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/flickity.css

135.181.248.190

200 OK

2.5 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/flickity.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with CRLF line terminators
Size
2.5 kB (2521 bytes)
Hash
244d315064064270eabbbb7ac9f6c700
21ad53d3efbb40154293190173ee0c497ed7651c
ff5fe542e37297733305fb7e68a41b3269a681d64145945f2131a646044c016a

HTTP Headers

GET /themes/spirit/assets/frontend/css/flickity.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Type: text/css
Content-Length: 2521
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-9d9"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/cookiealert.css

135.181.248.190

200 OK

12 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/cookiealert.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with very long lines (11486), with CRLF line terminators
Size
12 kB (12369 bytes)
Hash
3d2946aeae3cc8f43e2acf82ea029bd4
c25a0bd445ff9e6034d34e8f388f5565515a2783
705d9fc8952ac3bf3d9300e3d9ea6753284cdd920c34be0213ec8bc862df7a28

HTTP Headers

GET /themes/spirit/assets/frontend/css/cookiealert.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Type: text/css
Content-Length: 12369
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-3051"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/font-awesome.min.css

135.181.248.190

200 OK

59 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/font-awesome.min.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with very long lines (58929), with CRLF line terminators
Size
59 kB (59119 bytes)
Hash
879812fc22af75aa3ae7b5666ca4f4b8
df27469a952b7ee36cc03db471c6198f577186a8
c5d7f0d9e646698b20734ce6dcc2c0a8ecf6ebe27b4b7625bfcf42c4416fb7ed

HTTP Headers

GET /themes/spirit/assets/frontend/css/font-awesome.min.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Type: text/css
Content-Length: 59119
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-e6ef"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/custom.css

135.181.248.190

200 OK

8.9 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/custom.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
8.9 kB (8936 bytes)
Hash
65417cde74809cb9b9e66d0ab4adc448
9729ccac013729aed790fdc25d71d858f50a137b
c8dee41785c1f45859a70f3bb9a65b3cba83d866dd46ca0096d07067fec9d280

HTTP Headers

GET /themes/spirit/assets/frontend/css/custom.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Type: text/css
Content-Length: 8936
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-22e8"
Accept-Ranges: bytes

www.googletagmanager.com/gtag/js?id=G-GWR0PX9LQC

142.250.74.168

200 OK

102 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-GWR0PX9LQC
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
102 kB (101604 bytes)
Hash
aa9a11248d77dd21bba3adf175c4de36
33dd2cd46f475d590b86fbe8e45f01fe04414863
23d8af290ede4c125065d6f33d92130c9482715c022a5f8860944ae61893c288

HTTP Headers

GET /gtag/js?id=G-GWR0PX9LQC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 10:18:43 GMT
expires: Sat, 04 May 2024 10:18:43 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 101604
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

anonzip.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js

135.181.248.190

200 OK

70 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/jquery.dataTables.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (768), with CRLF line terminators
Size
70 kB (69754 bytes)
Hash
6fda19caa29287e6f584f0557fdeb6d4
40f58160090cd1f022704ee1352b343adb9e73b9
8ef749c3869991924150dc932c48cd57bf69ac25a378bb2e14f8e1733c17406f

HTTP Headers

GET /themes/spirit/assets/frontend/js/jquery.dataTables.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Type: application/javascript
Content-Length: 69754
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-1107a"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js

135.181.248.190

200 OK

87 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (32030), with CRLF line terminators
Size
87 kB (86713 bytes)
Hash
5b5a269bd363e0886c17d855c2aab241
042dd055cd289215835a58507c9531f808e1648a
1cf30e59d21d4ae560af7143f5913efcc8222bcaa4fcc7508eb802b5faa9e94e

HTTP Headers

GET /themes/spirit/assets/frontend/js/jquery-3.1.1.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Type: application/javascript
Content-Length: 86713
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-152b9"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/theme.css

135.181.248.190

200 OK

206 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/theme.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
206 kB (206456 bytes)
Hash
e13b70f9d6654b3656aec5b1bd5ae02a
903010ac4b9034f6839847a20ecd0f5a728b2b96
8a10549eed29cff62aa0098311b5c1c37601577a11de64f72095aacb90715c8a

HTTP Headers

GET /themes/spirit/assets/frontend/css/theme.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Type: text/css
Content-Length: 206456
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-32678"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/typed.min.js

135.181.248.190

200 OK

3.9 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/typed.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (3949), with no line terminators
Size
3.9 kB (3949 bytes)
Hash
2f6185a8a32a50b2b3e04849f44359d4
0e5501588c5c0d1c9462f34b0d56c21abff5bfef
914df93a9770d8a0e132b6ce3e8f1cfba0e0fae8f3b9002a3f0eb47c3d0cc97b

HTTP Headers

GET /themes/spirit/assets/frontend/js/typed.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:44 GMT
Content-Type: application/javascript
Content-Length: 3949
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-f6d"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/flickity.min.js

135.181.248.190

200 OK

54 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/flickity.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (32032), with CRLF line terminators
Size
54 kB (53873 bytes)
Hash
8c1e666176ac7bdce67d58b45823ffac
75947e4316427ce0c5e33300aeb4dc4d7d54dd09
c0b706b9b1ca12b631496228a0eb0fe15ccb14f21ab554f6c4b4f20474e4d3a6

HTTP Headers

GET /themes/spirit/assets/frontend/js/flickity.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Type: application/javascript
Content-Length: 53873
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-d271"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/iconsmind.css

135.181.248.190

200 OK

103 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/iconsmind.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
ASCII text, with CRLF line terminators
Size
103 kB (102727 bytes)
Hash
c9b1c618a7b12bd7ecf6034164b29164
f7a4a8bbc3aab1d7bb44659c40a8702f3aa56c99
fc190f724340fc20fd1d175f49c70e70f4acfdd9303ae4f68d9765a2a5958d9b

HTTP Headers

GET /themes/spirit/assets/frontend/css/iconsmind.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Type: text/css
Content-Length: 102727
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-19147"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/jquery.steps.min.js

135.181.248.190

200 OK

14 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/jquery.steps.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (13686), with CRLF line terminators
Size
14 kB (13862 bytes)
Hash
0eef6fe46d14f860d5666d2c7b13a564
7ab5f7deaca2f71efbc3bf9f5ba27b89d4697dbe
95a14a4473ff130eb29f3cc02e135978505655e3c931b6c3726dedd4f558f843

HTTP Headers

GET /themes/spirit/assets/frontend/js/jquery.steps.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:44 GMT
Content-Type: application/javascript
Content-Length: 13862
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-3626"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/datepicker.js

135.181.248.190

200 OK

21 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/datepicker.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (12692), with CRLF line terminators
Size
21 kB (20975 bytes)
Hash
8cfe207a6a21c7495cfb751c761217a6
35d686a6c4ecc9946c35444ce93e110cb0e1611c
804e3c2608de23694fa71684178e2f9815115d56ee022ec770e1fcb208847acc

HTTP Headers

GET /themes/spirit/assets/frontend/js/datepicker.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:44 GMT
Content-Type: application/javascript
Content-Length: 20975
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-51ef"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/granim.min.js

135.181.248.190

200 OK

11 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/granim.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (10573), with CRLF line terminators
Size
11 kB (10635 bytes)
Hash
714368d20c70f8c91b0a596e128dac07
563954ec3a896fc129d014f01836245829f6d01d
e70b27194b8793b68cccee28a6d8a1e39aae2ce5d28d5e71ac204d7a3ac164e3

HTTP Headers

GET /themes/spirit/assets/frontend/js/granim.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:44 GMT
Content-Type: application/javascript
Content-Length: 10635
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-298b"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/css/theme/charcoal.css

135.181.248.190

200 OK

206 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/css/theme/charcoal.css
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
206 kB (206493 bytes)
Hash
08f6281c909985fb24a5e3ad2be6753a
3a2f1161f8aea5fab0f54b64f43f293d9f1316c3
dbe98b73866341078c596a42b87af67c03a79cf591d02467842939ce0848a55d

HTTP Headers

GET /themes/spirit/assets/frontend/css/theme/charcoal.css HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:43 GMT
Content-Type: text/css
Content-Length: 206493
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-3269d"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/countdown.min.js

135.181.248.190

200 OK

5.4 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/countdown.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (4136), with CRLF line terminators
Size
5.4 kB (5360 bytes)
Hash
76a923d3d69255c45cd24bf9b100244f
eb3c96f9901692f1a03500ea632963a16afdb985
8f195573d6fa06641814b476fea2b92579c983cac46d683f356238207692c9f5

HTTP Headers

GET /themes/spirit/assets/frontend/js/countdown.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:44 GMT
Content-Type: application/javascript
Content-Length: 5360
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-14f0"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js

135.181.248.190

200 OK

6.0 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/smooth-scroll.min.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (4887), with CRLF line terminators
Size
6.0 kB (6028 bytes)
Hash
c9e3a210d83398f301b3a7049c259676
8e227bb40fe120841829a7fef0ffeb091d179a91
aeda362b1d693480453b895cbcf8b92629f58240c42ba8c643f0d5d338baf805

HTTP Headers

GET /themes/spirit/assets/frontend/js/smooth-scroll.min.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:44 GMT
Content-Type: application/javascript
Content-Length: 6028
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-178c"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/scripts.js

135.181.248.190

200 OK

115 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/scripts.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (914), with CRLF line terminators
Size
115 kB (114862 bytes)
Hash
ce260d2170faf98639ab8e0e3758f1e2
32eeb82a44bf0bce2df78eafae9f2e9ff8d72e1f
ac331833ebf1c06b0f8565caaeb4760c2184bd89d1cb5574c3947a8d0b6dca1c

HTTP Headers

GET /themes/spirit/assets/frontend/js/scripts.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:44 GMT
Content-Type: application/javascript
Content-Length: 114862
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-1c0ae"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/js/cookiealert.js

135.181.248.190

200 OK

1.8 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/js/cookiealert.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
1.8 kB (1836 bytes)
Hash
81279e22c8ece9e1d0536a402484daa3
911797507fb12d4f451d5900e32db96ad697c401
5c6237178e88ab7f1c6e26c9e99547e58782450b8f2a182129448ff4d99e89ab

HTTP Headers

GET /themes/spirit/assets/frontend/js/cookiealert.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:44 GMT
Content-Type: application/javascript
Content-Length: 1836
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-72c"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/images/logo/logo-whitebg.png

135.181.248.190

200 OK

6.2 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/images/logo/logo-whitebg.png
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
PNG image data, 588 x 94, 8-bit colormap, non-interlaced
Size
6.2 kB (6221 bytes)
Hash
6c1e20bb65960360a6d1782e017c9314
d864c40dbd565e934fddeea36938456d6a26982c
fafe927a322a36285028582aa429b7c47877cad76d2783d2b6ba3155e66bf9c6

HTTP Headers

GET /themes/spirit/assets/images/logo/logo-whitebg.png HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:44 GMT
Content-Type: image/png
Content-Length: 6221
Last-Modified: Sun, 04 Feb 2024 12:00:04 GMT
Connection: keep-alive
ETag: "65bf7c44-184d"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/images/logo/logo.png

135.181.248.190

200 OK

6.2 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/images/logo/logo.png
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
PNG image data, 588 x 94, 8-bit colormap, non-interlaced
Size
6.2 kB (6204 bytes)
Hash
ecb7f5dbe1eee9fcc3d5839f7d2bb2fb
59c65d814622d7ea901cd367b4114cea05fdf1b9
d53d70c5ee49ccc36c86eca632815e1eb254786c4041b228196bb8c0cb635b20

HTTP Headers

GET /themes/spirit/assets/images/logo/logo.png HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:44 GMT
Content-Type: image/png
Content-Length: 6204
Last-Modified: Sun, 04 Feb 2024 11:52:58 GMT
Connection: keep-alive
ETag: "65bf7a9a-183c"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631

135.181.248.190

200 OK

4.3 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
Web Open Font Format (Version 2), TrueType, length 4292, version 1.0
Size
4.3 kB (4292 bytes)
Hash
ae072782b361d2afdbf43db08d3cfb73
f3db2e65b53d97491672f8631e21d6d05905cc88
31205df908aed9881f6d2d3ae7d38975252bf99e38268978b4236dc3c314754b

HTTP Headers

GET /themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631 HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/themes/spirit/assets/frontend/css/stack-interface.css
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:44 GMT
Content-Type: application/octet-stream
Content-Length: 4292
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-10c4"
Accept-Ranges: bytes

anonzip.com/themes/spirit/assets/frontend/fonts/font-awesome/fa-solid-900.woff2

135.181.248.190

200 OK

80 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/fonts/font-awesome/fa-solid-900.woff2
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
Web Open Font Format (Version 2), TrueType, length 80148, version 331.17301
Size
80 kB (80148 bytes)
Hash
c500da19d776384ba69573ae6fe274e7
6290834672aba86d5b6c1c73b30b57c9c53996f7
cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658

HTTP Headers

GET /themes/spirit/assets/frontend/fonts/font-awesome/fa-solid-900.woff2 HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/themes/spirit/assets/frontend/css/font-awesome.min.css
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:44 GMT
Content-Type: application/octet-stream
Content-Length: 80148
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-13914"
Accept-Ranges: bytes

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:35:00 GMT
expires: Fri, 02 May 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 200624
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:35:00 GMT
expires: Fri, 02 May 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 200624
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:35:00 GMT
expires: Fri, 02 May 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 200624
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:35:00 GMT
expires: Fri, 02 May 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 200624
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2

216.58.207.227

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19280, version 1.0
Size
19 kB (19280 bytes)
Hash
386fb59be54b2d819064af98e57cc226
9e2d14d736be97ec84bfca3513558450cd6e3249
b4855cc8ec721cbaf27f3c907345e101b1524858221c14faa79df34cb2f84991

HTTP Headers

GET /s/opensans/v40/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19280
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 02:32:40 GMT
expires: Sat, 03 May 2025 02:32:40 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:02:23 GMT
content-type: font/woff2
age: 114364
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:35:00 GMT
expires: Fri, 02 May 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 200624
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16516, version 1.0
Size
16 kB (16516 bytes)
Hash
02ea59496b25ec14db0cd442451bf9f7
4266d37e1db030954b04cd1cf3ec06591d75fcab
dc0387c80ff53df47ca7ec19db75224fdb90a230f6cb06605563590b9791bf95

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16516
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 19:16:47 GMT
expires: Fri, 02 May 2025 19:16:47 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:02:21 GMT
content-type: font/woff2
age: 140517
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

veepteero.com/88/61794

139.45.197.242

200 OK

6.5 kB

URL GET HTTP/2
veepteero.com/88/61794
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectveepteero.com
Fingerprint13:68:56:48:EC:67:A6:93:BE:E0:36:BC:FA:04:75:6D:6E:D2:C1:91
ValiditySat, 23 Mar 2024 05:18:36 GMT - Fri, 21 Jun 2024 05:18:35 GMT

File type
gzip compressed data, max speed, from Unix
Size
6.5 kB (6539 bytes)
Hash
907eeb1fb41518f48781d5f9f77b819c
edca06f3ed76e3721f062c33529e085d8c37672b
861b44ef1f218ca7553862d34be848b8dd9f5d8c6cf8c8ce835aa25dfca66b94

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /88/61794 HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:44 GMT
content-type: application/json
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

anonzip.com/themes/spirit/assets/frontend/img/favicon/favicon-16x16.png

135.181.248.190

200 OK

447 B

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/img/favicon/favicon-16x16.png
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
447 B (447 bytes)
Hash
f3d5da06fe8d5a2425d5d229285e5eea
01032b864f3c74bbf44771e2ba41eeb2251fad90
d11d596429d3543bfb07191a87a67a8c22e198113c6f3a109158a5a85bf82f26

HTTP Headers

GET /themes/spirit/assets/frontend/img/favicon/favicon-16x16.png HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5; _ga_GWR0PX9LQC=GS1.1.1714817924.1.0.1714817924.0.0.0; _ga=GA1.1.1715333093.1714817925
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:44 GMT
Content-Type: image/png
Content-Length: 447
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-1bf"
Accept-Ranges: bytes

my.rtmark.net/gid.js?userId=0080520728d84fcbfec3fd5764890f66

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=0080520728d84fcbfec3fd5764890f66
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
0981814bf929c532659c364bb76cdc65
2bae4a3751472042f3ed03ae6e55d8427de9cd11
587fc11e2436b4f2deca9164ecab340b5682ac7cc8a3ad931ef52a1cf702d1ba

HTTP Headers

GET /gid.js?userId=0080520728d84fcbfec3fd5764890f66 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:44 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080520728d84fcbfec3fd5764890f66; expires=Sun, 04 May 2025 10:18:44 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

cameesse.net/1?z=7406590

139.45.197.242

200 OK

17 kB

URL GET HTTP/2
cameesse.net/1?z=7406590
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
gzip compressed data, max speed, from Unix
Size
17 kB (16700 bytes)
Hash
ff2e6c9a05debf9451131c444aa1d1d9
cf979071e16165d71d83a32fa02a203587adc43b
2b3e7cd4a0560936351413c678fe3ae76f6884e30bdb2ae6ccc8d3f99bd318c0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=7406590 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:44 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 0ea67c260afbc0bbfb2812a76f20e616
access-control-expose-headers: X-Sc
x-sc: hIlAC6PAnUcDuRvbh43anddAagkvXJS0fz-LdbqjfEpQrBFh_wxT22v883Pt1q-ec-v46iuv_7Z9DT9P5GkiovmPcUM=
set-cookie: scm=1; expires=Sun, 04 May 2025 10:18:44 GMT; secure; SameSite=None
OAID=0400524015434624edbd6b9679267ca2; expires=Sun, 04 May 2025 10:18:44 GMT; secure; SameSite=None
oaidts=1714817924; expires=Sun, 04 May 2025 10:18:44 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=af784db1-2f96-46d2-b259-b2abc1a99259

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=af784db1-2f96-46d2-b259-b2abc1a99259
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint32:DB:C5:24:21:ED:1D:C3:40:C3:46:9F:CF:EE:98:4D:72:29:4C:3C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Mon, 13 Jan 2025 23:59:59 GMT

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=af784db1-2f96-46d2-b259-b2abc1a99259 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1745
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 04 May 2024 10:18:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://anonzip.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

gishejuy.com/400/7406589

139.45.197.242

200 OK

66 kB

URL GET HTTP/2
gishejuy.com/400/7406589
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
gzip compressed data, max speed, from Unix
Size
66 kB (66513 bytes)
Hash
f955b07556925002fe70d5dc94527dfa
125a13aee5367e24b00174eb3021160cbd690960
43ddac1e741cb34af5d83407cdfcbe49023e508aeaaffff6bdfa2016efea783f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/7406589 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:44 GMT
content-type: application/javascript
x-trace-id: 5ea5cb19027e2db01128512971a29d4c
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=0300528165ff4a08e711aae7b65d1d94; expires=Sun, 04 May 2025 10:18:44 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

aistekso.net/500/7406591?excludes=&oaid=0080520728d84fcbfec3fd5764890f66&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.244

200 OK

0 B

URL OPTIONS HTTP/2
aistekso.net/500/7406591?excludes=&oaid=0080520728d84fcbfec3fd5764890f66&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/7406591?excludes=&oaid=0080520728d84fcbfec3fd5764890f66&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:45 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

aistekso.net/401/7406591

139.45.197.244

200 OK

50 kB

URL GET HTTP/2
aistekso.net/401/7406591
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT

File type
gzip compressed data, max speed, from Unix
Size
50 kB (49997 bytes)
Hash
64a22d7c263ea5742e299e69e5eaa38b
cd8a9298a82612f6819afc51ed692cc5172dced2
6e7d7e920cd010f699aa001263c0e9ca20dd660e00d4930668795a746f6962d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /401/7406591 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:44 GMT
content-type: application/javascript
x-trace-id: eba7170947f702c02186ebf597749b20
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=030052f0b5024d3cf9ffbc09875c4caa; expires=Sun, 04 May 2025 10:18:44 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

cameesse.net/9?z=7406590&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080520728d84fcbfec3fd5764890f66

139.45.197.242

204 No Content

0 B

URL OPTIONS HTTP/2
cameesse.net/9?z=7406590&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080520728d84fcbfec3fd5764890f66
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /9?z=7406590&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080520728d84fcbfec3fd5764890f66 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 04 May 2024 10:18:45 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

cameesse.net/11?rnd=853350186&z=7406590&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=A8PIuGD4qzu0TIfTTQGZ7XnMvpaOfu_7b92TyV6EEJXe71dmeD0IyOGzv3rGRnk5K1x81_y4Fn3n_ztCmL8WwRPKPSFzaKD2fkr8vb683Yy7CbwAEfRAug3sV9k8HPtHDKoX5apkCf59yujk5yRu9l3toU3K4SiNj8Nqil1Qa6w2LDt60DjAhqKp-glbYkGrXCLg4aoQLcYuqfQZx77dy9HAUlQBs3TjxOoZvBJfzw7mcFjKUr_d-B2FzcIz2TxrNyRXK0Jcph80XJpm9zbalsYBoM0zcz3ocIt51zbTgtjINNZ_BRXE0cJ5Wws7L3kpfJ5kuSKXJ_f-VeSJLlmL0U2kDe49Lw14U-nLKUzloLHoIrE2yAPDmHvBd6bWUHdCIOsuciK0oJhNTGebUW-b9FtOoLV3r65Jiw4sTqwsSpcqBvKeiAf95V1lTtQ0dkHU4jPXyHvJy93NcUZjnw1tmXH_V4skuGZsE0KmAgz3gTwPd_pNz4_SA2F2B74IrZaMpWTGXrU802PVnr5jzJiUNAihgWm-QjHWnlZNn_AokMHGFypMYoKXD7Xyx9hLEOZE2p6F4R2ZKdPyJDNueepmXMoKw7OcQDxcQ8ppZnENyFeEKqiE&ruid=326db0e4-96b8-4ece-ad96-13b981804c4e&subid=810567735617531904&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=140

139.45.197.242

200 OK

0 B

URL GET HTTP/2
cameesse.net/11?rnd=853350186&z=7406590&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=A8PIuGD4qzu0TIfTTQGZ7XnMvpaOfu_7b92TyV6EEJXe71dmeD0IyOGzv3rGRnk5K1x81_y4Fn3n_ztCmL8WwRPKPSFzaKD2fkr8vb683Yy7CbwAEfRAug3sV9k8HPtHDKoX5apkCf59yujk5yRu9l3toU3K4SiNj8Nqil1Qa6w2LDt60DjAhqKp-glbYkGrXCLg4aoQLcYuqfQZx77dy9HAUlQBs3TjxOoZvBJfzw7mcFjKUr_d-B2FzcIz2TxrNyRXK0Jcph80XJpm9zbalsYBoM0zcz3ocIt51zbTgtjINNZ_BRXE0cJ5Wws7L3kpfJ5kuSKXJ_f-VeSJLlmL0U2kDe49Lw14U-nLKUzloLHoIrE2yAPDmHvBd6bWUHdCIOsuciK0oJhNTGebUW-b9FtOoLV3r65Jiw4sTqwsSpcqBvKeiAf95V1lTtQ0dkHU4jPXyHvJy93NcUZjnw1tmXH_V4skuGZsE0KmAgz3gTwPd_pNz4_SA2F2B74IrZaMpWTGXrU802PVnr5jzJiUNAihgWm-QjHWnlZNn_AokMHGFypMYoKXD7Xyx9hLEOZE2p6F4R2ZKdPyJDNueepmXMoKw7OcQDxcQ8ppZnENyFeEKqiE&ruid=326db0e4-96b8-4ece-ad96-13b981804c4e&subid=810567735617531904&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=140
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=853350186&z=7406590&b=20830638&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=A8PIuGD4qzu0TIfTTQGZ7XnMvpaOfu_7b92TyV6EEJXe71dmeD0IyOGzv3rGRnk5K1x81_y4Fn3n_ztCmL8WwRPKPSFzaKD2fkr8vb683Yy7CbwAEfRAug3sV9k8HPtHDKoX5apkCf59yujk5yRu9l3toU3K4SiNj8Nqil1Qa6w2LDt60DjAhqKp-glbYkGrXCLg4aoQLcYuqfQZx77dy9HAUlQBs3TjxOoZvBJfzw7mcFjKUr_d-B2FzcIz2TxrNyRXK0Jcph80XJpm9zbalsYBoM0zcz3ocIt51zbTgtjINNZ_BRXE0cJ5Wws7L3kpfJ5kuSKXJ_f-VeSJLlmL0U2kDe49Lw14U-nLKUzloLHoIrE2yAPDmHvBd6bWUHdCIOsuciK0oJhNTGebUW-b9FtOoLV3r65Jiw4sTqwsSpcqBvKeiAf95V1lTtQ0dkHU4jPXyHvJy93NcUZjnw1tmXH_V4skuGZsE0KmAgz3gTwPd_pNz4_SA2F2B74IrZaMpWTGXrU802PVnr5jzJiUNAihgWm-QjHWnlZNn_AokMHGFypMYoKXD7Xyx9hLEOZE2p6F4R2ZKdPyJDNueepmXMoKw7OcQDxcQ8ppZnENyFeEKqiE&ruid=326db0e4-96b8-4ece-ad96-13b981804c4e&subid=810567735617531904&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=140 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Cookie: scm=1; OAID=0080520728d84fcbfec3fd5764890f66; oaidts=1714817924
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:45 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: d97f90224babd76a971a1b9c01314467
access-control-expose-headers: X-Sc
set-cookie: OAID=0080520728d84fcbfec3fd5764890f66; expires=Sun, 04 May 2025 10:18:45 GMT; secure; SameSite=None
oaidts=1714817924; expires=Sun, 04 May 2025 10:18:45 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg

104.22.32.172

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
17 kB (17173 bytes)
Hash
9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906

HTTP Headers

GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 10:18:45 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Sat, 04 May 2024 20:06:53 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 51109
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7bfa4deb510b1-CPH
X-Firefox-Spdy: h2

gishejuy.com/500/7406589?excludes=&oaid=0080520728d84fcbfec3fd5764890f66&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

0 B

URL OPTIONS HTTP/2
gishejuy.com/500/7406589?excludes=&oaid=0080520728d84fcbfec3fd5764890f66&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/7406589?excludes=&oaid=0080520728d84fcbfec3fd5764890f66&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:45 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:45 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

139.45.197.242

204 No Content

2.7 kB

URL OPTIONS HTTP/2
cameesse.net/9?z=7406590&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080520728d84fcbfec3fd5764890f66
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
JSON text data
Size
2.7 kB (2697 bytes)
Hash
6f0a885c7b256d621b3263f832c2d87b
d08ecfc935ae20320ea7bebf4e16871adcde05ea
cfc44e101cda75310b34a0f6969e84f50ae80c28cebd7dca32fa4d8f5e459aa3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /9?z=7406590&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=0080520728d84fcbfec3fd5764890f66 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 106
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Cookie: scm=1; OAID=0400524015434624edbd6b9679267ca2; oaidts=1714817924
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:45 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 8aa9418ce08f60e685600a8cfcff5c5c
access-control-expose-headers: X-Sc
set-cookie: OAID=0080520728d84fcbfec3fd5764890f66; expires=Sun, 04 May 2025 10:18:45 GMT; secure; SameSite=None
oaidts=1714817924; expires=Sun, 04 May 2025 10:18:45 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

anonzip.com/sw.js

135.181.248.190

200 OK

5.2 kB

URL GET HTTP/1.1
anonzip.com/sw.js
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
JavaScript source, ASCII text, with very long lines (5235)
Size
5.2 kB (5236 bytes)
Hash
f3da3a180b9fcc93796c2e0064f80439
d3155e90b8bb0ccd2db019fa66beebf3f28d9116
2cfd12766505422ce33dad30985158e425f686a6a4e18d8a44e67b7c1af9451f

HTTP Headers

GET /sw.js HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/C4r/Windows.rar
DNT: 1
Connection: keep-alive
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5; _ga_GWR0PX9LQC=GS1.1.1714817924.1.0.1714817924.0.0.0; _ga=GA1.1.1715333093.1714817925; prefetchAd_7406588=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:45 GMT
Content-Type: application/javascript
Content-Length: 5236
Last-Modified: Sun, 28 Apr 2024 12:25:27 GMT
Connection: keep-alive
ETag: "662e4037-1474"
Accept-Ranges: bytes

cameesse.net/121?rnd=2993975909&z=7406590&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D7406590%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D810567735617531904&cln={CELL_NUMBER}&btp=7&rb=A8PIuGD4qzu0TIfTTQGZ7XnMvpaOfu_7b92TyV6EEJXe71dmeD0IyOGzv3rGRnk5K1x81_y4Fn3n_ztCmL8WwRPKPSFzaKD2fkr8vb683Yy7CbwAEfRAug3sV9k8HPtHDKoX5apkCf59yujk5yRu9l3toU3K4SiNj8Nqil1Qa6w2LDt60DjAhqKp-glbYkGrXCLg4aoQLcYuqfQZx77dy9HAUlQBs3TjxOoZvBJfzw7mcFjKUr_d-B2FzcIz2TxrNyRXK0Jcph80XJpm9zbalsYBoM0zcz3ocIt51zbTgtjINNZ_BRXE0cJ5Wws7L3kpfJ5kuSKXJ_f-VeSJLlmL0U2kDe49Lw14U-nLKUzloLHoIrE2yAPDmHvBd6bWUHdCIOsuciK0oJhNTGebUW-b9FtOoLV3r65Jiw4sTqwsSpcqBvKeiAf95V1lTtQ0dkHU4jPXyHvJy93NcUZjnw1tmXH_V4skuGZsE0KmAgz3gTwPd_pNz4_SA2F2B74IrZaMpWTGXrU802PVnr5jzJiUNAihgWm-QjHWnlZNn_AokMHGFypMYoKXD7Xyx9hLEOZE2p6F4R2ZKdPyJDNueepmXMoKw7OcQDxcQ8ppZnENyFeEKqiE&bag=ydU9kaAfa6I=&ruid=326db0e4-96b8-4ece-ad96-13b981804c4e&subid=810567735617531904

139.45.197.242

302 Found

0 B

URL GET HTTP/2
cameesse.net/121?rnd=2993975909&z=7406590&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D7406590%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D810567735617531904&cln={CELL_NUMBER}&btp=7&rb=A8PIuGD4qzu0TIfTTQGZ7XnMvpaOfu_7b92TyV6EEJXe71dmeD0IyOGzv3rGRnk5K1x81_y4Fn3n_ztCmL8WwRPKPSFzaKD2fkr8vb683Yy7CbwAEfRAug3sV9k8HPtHDKoX5apkCf59yujk5yRu9l3toU3K4SiNj8Nqil1Qa6w2LDt60DjAhqKp-glbYkGrXCLg4aoQLcYuqfQZx77dy9HAUlQBs3TjxOoZvBJfzw7mcFjKUr_d-B2FzcIz2TxrNyRXK0Jcph80XJpm9zbalsYBoM0zcz3ocIt51zbTgtjINNZ_BRXE0cJ5Wws7L3kpfJ5kuSKXJ_f-VeSJLlmL0U2kDe49Lw14U-nLKUzloLHoIrE2yAPDmHvBd6bWUHdCIOsuciK0oJhNTGebUW-b9FtOoLV3r65Jiw4sTqwsSpcqBvKeiAf95V1lTtQ0dkHU4jPXyHvJy93NcUZjnw1tmXH_V4skuGZsE0KmAgz3gTwPd_pNz4_SA2F2B74IrZaMpWTGXrU802PVnr5jzJiUNAihgWm-QjHWnlZNn_AokMHGFypMYoKXD7Xyx9hLEOZE2p6F4R2ZKdPyJDNueepmXMoKw7OcQDxcQ8ppZnENyFeEKqiE&bag=ydU9kaAfa6I=&ruid=326db0e4-96b8-4ece-ad96-13b981804c4e&subid=810567735617531904
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /121?rnd=2993975909&z=7406590&b=20830638&c=8121703&var=&varid=0&d=https%3A%2F%2Fsecuredpeacomm.com%2Fin%2F%3Ftg%3Dhttps%3A%2F%2Ftrack.jefytrack.com%2F145f6684-c379-407a-a2eb-922622a713e1%26zoneid%3D7406590%26campaignid%3D8121703%26carrier%3D%7Bcarrier%7D%26connectiontype%3D%7Bconnection.type%7D%26isp%3D%7Bisp%7D%26cost%3D%7Bcost%7D%26visitor_id%3D810567735617531904&cln={CELL_NUMBER}&btp=7&rb=A8PIuGD4qzu0TIfTTQGZ7XnMvpaOfu_7b92TyV6EEJXe71dmeD0IyOGzv3rGRnk5K1x81_y4Fn3n_ztCmL8WwRPKPSFzaKD2fkr8vb683Yy7CbwAEfRAug3sV9k8HPtHDKoX5apkCf59yujk5yRu9l3toU3K4SiNj8Nqil1Qa6w2LDt60DjAhqKp-glbYkGrXCLg4aoQLcYuqfQZx77dy9HAUlQBs3TjxOoZvBJfzw7mcFjKUr_d-B2FzcIz2TxrNyRXK0Jcph80XJpm9zbalsYBoM0zcz3ocIt51zbTgtjINNZ_BRXE0cJ5Wws7L3kpfJ5kuSKXJ_f-VeSJLlmL0U2kDe49Lw14U-nLKUzloLHoIrE2yAPDmHvBd6bWUHdCIOsuciK0oJhNTGebUW-b9FtOoLV3r65Jiw4sTqwsSpcqBvKeiAf95V1lTtQ0dkHU4jPXyHvJy93NcUZjnw1tmXH_V4skuGZsE0KmAgz3gTwPd_pNz4_SA2F2B74IrZaMpWTGXrU802PVnr5jzJiUNAihgWm-QjHWnlZNn_AokMHGFypMYoKXD7Xyx9hLEOZE2p6F4R2ZKdPyJDNueepmXMoKw7OcQDxcQ8ppZnENyFeEKqiE&bag=ydU9kaAfa6I=&ruid=326db0e4-96b8-4ece-ad96-13b981804c4e&subid=810567735617531904 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: scm=1; OAID=0080520728d84fcbfec3fd5764890f66; oaidts=1714817924
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Sat, 04 May 2024 10:18:45 GMT
content-length: 0
location: https://securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=7406590&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=810567735617531904
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: c7fac7e170fc8c74f5d01a5958f14b17
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/
Content-Type: application/json
Content-Length: 374
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:45 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: c42726f8aa440cbd5d0a955277babd9c
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/
Content-Type: application/json
Content-Length: 753
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:45 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: e0af34eb7a172a184d69cfb511d8aa1a
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:46 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

172.67.193.52

200 OK

7.4 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
172.67.193.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint28:2E:D0:DF:04:78:60:5A:D2:5B:1F:EA:59:80:9C:2F:89:C1:9D:D1
ValiditySat, 30 Mar 2024 15:54:48 GMT - Fri, 28 Jun 2024 15:54:47 GMT

File type
JavaScript source, ASCII text, with very long lines (18486)
Size
7.4 kB (7439 bytes)
Hash
70ebd404c2e1e7bad13998538b56887c
86e57af8ba3cfc2c004da3311835f6b54ba6d848
d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 10:18:45 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 365
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QzNdu2YmAXLI3rMpknuXGeDCER47sI6bVkRzTljEy6jVnqYHdxjs0Uh08QBxTS13tJUeSMxGhTAGXD7krwhaOBl7X5IF6tw3iPvqVJ5bwnpLQmk4scruElOqi7kk%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7bfa0dcb65695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/
Content-Type: application/json
Content-Length: 383
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:46 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 5b748f557d468fa2c7d7a21cc3a5f5e4
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
580b2eed58315b50da84c11470ce0542
55b8e33669ba303f4fdfb23616e6547daa662097
d6d13fd186321951050848593f5ebc6bac26eebad99cc6a2106517cf6ac5d465

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/
Content-Type: application/json
Content-Length: 511
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:46 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=7406590&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=810567735617531904

104.21.64.36

302 Found

0 B

URL GET HTTP/2
securedpeacomm.com/in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=7406590&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=810567735617531904
IP
104.21.64.36:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectsecuredpeacomm.com
FingerprintE2:58:9B:FC:54:26:CA:CC:89:05:0D:28:D6:2E:28:9E:39:7E:5F:D6
ValidityMon, 15 Apr 2024 19:27:34 GMT - Sun, 14 Jul 2024 19:27:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/?tg=https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1&zoneid=7406590&campaignid=8121703&carrier={carrier}&connectiontype={connection.type}&isp={isp}&cost=&visitor_id=810567735617531904 HTTP/1.1
Host: securedpeacomm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 04 May 2024 10:18:46 GMT
content-type: text/html; charset=UTF-8
location: https://track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=7406590&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=810567735617531904&ctrl_fetch_dest=iframe&ctrl_id=66360b8664273351898631&ctrl_ts=1714817926.4102&ctrl_ab=burp
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8NoUGGIFnM8Ppv5i4lzMYgWyVjGCurMRs6jkB%2BWbCSIHSfkPEHYJUWcX31uNVdHU9%2B3Ej3XC4ozju%2BjxtqNTQTt4%2BjBqZ5jq7kwhtkvtbE%2FQztmcM1FYr5Utm2mCxOUltWiTn5A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7bfa5ba535690-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

gishejuy.com/impression/FvkZWIF3m-upjdA0lBH-FWqACPolNdgtWENl9urdMcAcRmYQioJg6fz8Di-Y6mJV0Tfid-L90Y7LOTmkLvUP2RwrdAOTHSkavntr9NByX45D4Ryzrjc-sqN2iNhBabbL_vAD4Pz-cChaXzHCiJd1Rnwc5dRbvkPtyxEhvcIaAStRdRvoTQ9kpY0Z-gv_0o12zLEZxHc4SkA9DuSJPDeUzCdUTRTxUaaExSsbIJPS4yUsRYGYwIRkY4qCSmsm0SAFyxcjFvjF8X9JGQ-1VWb0dAq8uR4kmYc519DL8hFPffN-Rh-e1E5fz05Cc2GFlTntDCtWh69DiHUpqPNdb1hv5_2P1mx9NndqZBHc7AFzMNd9jPS9mFOkWMw4OWcLA8h0_RYFh2ZfAr8KKdcOjxYxgFDiLtoP6Xpb_pYyn0hJaTScHUnieKaj-5H5qaWfBd5Bui8ZPyDMA06Hw-pwDHG4CD9M6krI4VATpn0gspApoe3xfYcFk-ryDgwlEy3o6Z86v-PPR-8gCHChFfW9BrCTatsVTZtyvWCJnAXa0ZJ9QXAomrejpp1TUQ_K1ZqzOLds5S41XMT4GBqMF3F6du2iwiDIYm1CVwP9zi4gO-DWelVaFtjxittKs00sLXVaZI9749ITrjyp3FKqL3s4INZqZOlDC6EhKgrT6W6tktq0gQjQUD1nHj6M_d0xEHCB_r-H22VzIQ7CZiqIBOQzjuF5uXUolPVgwRkb9UC4xrFq6M--Hhv-YIAIH_qpteUXynP12BJFrCIK5JKaShKLwhK5e4nWY2Wh1Luj0So9Z7vxScEDuZ6a0KGx5ccivZU=?_z=7406589&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/FvkZWIF3m-upjdA0lBH-FWqACPolNdgtWENl9urdMcAcRmYQioJg6fz8Di-Y6mJV0Tfid-L90Y7LOTmkLvUP2RwrdAOTHSkavntr9NByX45D4Ryzrjc-sqN2iNhBabbL_vAD4Pz-cChaXzHCiJd1Rnwc5dRbvkPtyxEhvcIaAStRdRvoTQ9kpY0Z-gv_0o12zLEZxHc4SkA9DuSJPDeUzCdUTRTxUaaExSsbIJPS4yUsRYGYwIRkY4qCSmsm0SAFyxcjFvjF8X9JGQ-1VWb0dAq8uR4kmYc519DL8hFPffN-Rh-e1E5fz05Cc2GFlTntDCtWh69DiHUpqPNdb1hv5_2P1mx9NndqZBHc7AFzMNd9jPS9mFOkWMw4OWcLA8h0_RYFh2ZfAr8KKdcOjxYxgFDiLtoP6Xpb_pYyn0hJaTScHUnieKaj-5H5qaWfBd5Bui8ZPyDMA06Hw-pwDHG4CD9M6krI4VATpn0gspApoe3xfYcFk-ryDgwlEy3o6Z86v-PPR-8gCHChFfW9BrCTatsVTZtyvWCJnAXa0ZJ9QXAomrejpp1TUQ_K1ZqzOLds5S41XMT4GBqMF3F6du2iwiDIYm1CVwP9zi4gO-DWelVaFtjxittKs00sLXVaZI9749ITrjyp3FKqL3s4INZqZOlDC6EhKgrT6W6tktq0gQjQUD1nHj6M_d0xEHCB_r-H22VzIQ7CZiqIBOQzjuF5uXUolPVgwRkb9UC4xrFq6M--Hhv-YIAIH_qpteUXynP12BJFrCIK5JKaShKLwhK5e4nWY2Wh1Luj0So9Z7vxScEDuZ6a0KGx5ccivZU=?_z=7406589&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/FvkZWIF3m-upjdA0lBH-FWqACPolNdgtWENl9urdMcAcRmYQioJg6fz8Di-Y6mJV0Tfid-L90Y7LOTmkLvUP2RwrdAOTHSkavntr9NByX45D4Ryzrjc-sqN2iNhBabbL_vAD4Pz-cChaXzHCiJd1Rnwc5dRbvkPtyxEhvcIaAStRdRvoTQ9kpY0Z-gv_0o12zLEZxHc4SkA9DuSJPDeUzCdUTRTxUaaExSsbIJPS4yUsRYGYwIRkY4qCSmsm0SAFyxcjFvjF8X9JGQ-1VWb0dAq8uR4kmYc519DL8hFPffN-Rh-e1E5fz05Cc2GFlTntDCtWh69DiHUpqPNdb1hv5_2P1mx9NndqZBHc7AFzMNd9jPS9mFOkWMw4OWcLA8h0_RYFh2ZfAr8KKdcOjxYxgFDiLtoP6Xpb_pYyn0hJaTScHUnieKaj-5H5qaWfBd5Bui8ZPyDMA06Hw-pwDHG4CD9M6krI4VATpn0gspApoe3xfYcFk-ryDgwlEy3o6Z86v-PPR-8gCHChFfW9BrCTatsVTZtyvWCJnAXa0ZJ9QXAomrejpp1TUQ_K1ZqzOLds5S41XMT4GBqMF3F6du2iwiDIYm1CVwP9zi4gO-DWelVaFtjxittKs00sLXVaZI9749ITrjyp3FKqL3s4INZqZOlDC6EhKgrT6W6tktq0gQjQUD1nHj6M_d0xEHCB_r-H22VzIQ7CZiqIBOQzjuF5uXUolPVgwRkb9UC4xrFq6M--Hhv-YIAIH_qpteUXynP12BJFrCIK5JKaShKLwhK5e4nWY2Wh1Luj0So9Z7vxScEDuZ6a0KGx5ccivZU=?_z=7406589&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Cookie: OAID=0080520728d84fcbfec3fd5764890f66
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:50 GMT
content-type: image/gif
content-length: 43
x-trace-id: 42567a6e0d49fd5082149fd40af643d0
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

aistekso.net/impression/JdfdOMKPMGctQMxl9IoIiLiMBJ03CRsyoIyMQ1BoVEiGzdUJlYj77eOYYzFb78tdKaJSc1c7NVLCPuiABStvzmLM-qTVR2kb7TRy6QRnbX8IOukfgkP6Zw3RCiJ2Mrpn6tYzWVpsLKr7bYrM0YZ3_L9PHcQ6jFpmnHEyyItT8_ULxgOQMaBQkdaosm8EUN0kUxkyvWnoONUNZcEoIdU2Fjn8sED1hzlh0021YdAcD7cKGQ40vAmcnOU6mtBjmklQdwC1RKBEXuGy-arcOTRFbeyrK3Mlu0HmJl8ORqiNClGzWnFulpylGZzNLQwLBJAx8fQpVYeXTv183UN42dR-X7qQanAMLPgsXZa3uRXcaDs9cw-3J_Dtuw_JY2bB7pKhnwNUvBzRpKQsOHIwXlcW1Jmh_eWnE8-JiicLfW1laDnnMbVTl_tLI4mCp7_qNMVz3fYUQZc_xAPitzUAeCX4v0E8vhLIJxJJqizxSO6iFXfucuGReFp3SRB52dQGnP0aACrQWh3UoFLShFgydGR9Y8xFdO0KaWGhyElJATa2dXn9Hex97xGzzsDluYIqElXo8FyRCQ7tlLvhJbK90s98oDLrhBDQKmtiQIvDyuQqgbA88m6tnknP4imbwXdckMMDdF-2yZFtqgXxEKKgkhcdH57-T-qOoUsqNiIRwHMguXGXliul3mcmASe5o8sKGsq8UvaMGkC1Tz-rxUMbVk_Tqa6bPUG6EJHSi5bio3gKKmsdrGdBK9SKKzmDfTf_8X40J7zJSpNcTTUQ0LlXb-dmQ-TZGr5kQj8OBWBuBYbl5Mqzy8Ue8XcXcXN_8Tw=?_z=7406591&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.244

200 OK

43 B

URL GET HTTP/2
aistekso.net/impression/JdfdOMKPMGctQMxl9IoIiLiMBJ03CRsyoIyMQ1BoVEiGzdUJlYj77eOYYzFb78tdKaJSc1c7NVLCPuiABStvzmLM-qTVR2kb7TRy6QRnbX8IOukfgkP6Zw3RCiJ2Mrpn6tYzWVpsLKr7bYrM0YZ3_L9PHcQ6jFpmnHEyyItT8_ULxgOQMaBQkdaosm8EUN0kUxkyvWnoONUNZcEoIdU2Fjn8sED1hzlh0021YdAcD7cKGQ40vAmcnOU6mtBjmklQdwC1RKBEXuGy-arcOTRFbeyrK3Mlu0HmJl8ORqiNClGzWnFulpylGZzNLQwLBJAx8fQpVYeXTv183UN42dR-X7qQanAMLPgsXZa3uRXcaDs9cw-3J_Dtuw_JY2bB7pKhnwNUvBzRpKQsOHIwXlcW1Jmh_eWnE8-JiicLfW1laDnnMbVTl_tLI4mCp7_qNMVz3fYUQZc_xAPitzUAeCX4v0E8vhLIJxJJqizxSO6iFXfucuGReFp3SRB52dQGnP0aACrQWh3UoFLShFgydGR9Y8xFdO0KaWGhyElJATa2dXn9Hex97xGzzsDluYIqElXo8FyRCQ7tlLvhJbK90s98oDLrhBDQKmtiQIvDyuQqgbA88m6tnknP4imbwXdckMMDdF-2yZFtqgXxEKKgkhcdH57-T-qOoUsqNiIRwHMguXGXliul3mcmASe5o8sKGsq8UvaMGkC1Tz-rxUMbVk_Tqa6bPUG6EJHSi5bio3gKKmsdrGdBK9SKKzmDfTf_8X40J7zJSpNcTTUQ0LlXb-dmQ-TZGr5kQj8OBWBuBYbl5Mqzy8Ue8XcXcXN_8Tw=?_z=7406591&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/JdfdOMKPMGctQMxl9IoIiLiMBJ03CRsyoIyMQ1BoVEiGzdUJlYj77eOYYzFb78tdKaJSc1c7NVLCPuiABStvzmLM-qTVR2kb7TRy6QRnbX8IOukfgkP6Zw3RCiJ2Mrpn6tYzWVpsLKr7bYrM0YZ3_L9PHcQ6jFpmnHEyyItT8_ULxgOQMaBQkdaosm8EUN0kUxkyvWnoONUNZcEoIdU2Fjn8sED1hzlh0021YdAcD7cKGQ40vAmcnOU6mtBjmklQdwC1RKBEXuGy-arcOTRFbeyrK3Mlu0HmJl8ORqiNClGzWnFulpylGZzNLQwLBJAx8fQpVYeXTv183UN42dR-X7qQanAMLPgsXZa3uRXcaDs9cw-3J_Dtuw_JY2bB7pKhnwNUvBzRpKQsOHIwXlcW1Jmh_eWnE8-JiicLfW1laDnnMbVTl_tLI4mCp7_qNMVz3fYUQZc_xAPitzUAeCX4v0E8vhLIJxJJqizxSO6iFXfucuGReFp3SRB52dQGnP0aACrQWh3UoFLShFgydGR9Y8xFdO0KaWGhyElJATa2dXn9Hex97xGzzsDluYIqElXo8FyRCQ7tlLvhJbK90s98oDLrhBDQKmtiQIvDyuQqgbA88m6tnknP4imbwXdckMMDdF-2yZFtqgXxEKKgkhcdH57-T-qOoUsqNiIRwHMguXGXliul3mcmASe5o8sKGsq8UvaMGkC1Tz-rxUMbVk_Tqa6bPUG6EJHSi5bio3gKKmsdrGdBK9SKKzmDfTf_8X40J7zJSpNcTTUQ0LlXb-dmQ-TZGr5kQj8OBWBuBYbl5Mqzy8Ue8XcXcXN_8Tw=?_z=7406591&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Cookie: OAID=0080520728d84fcbfec3fd5764890f66
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:50 GMT
content-type: image/gif
content-length: 43
x-trace-id: f6f3801948f5ca7a307909e36f64f383
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg

104.22.32.172

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
17 kB (17173 bytes)
Hash
9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906

HTTP Headers

GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 10:18:50 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Sat, 04 May 2024 20:06:53 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 51114
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7bfc08b4510b1-CPH
X-Firefox-Spdy: h2

gishejuy.com/500/7406589?excludes=19845928&oaid=0080520728d84fcbfec3fd5764890f66&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

0 B

URL OPTIONS HTTP/2
gishejuy.com/500/7406589?excludes=19845928&oaid=0080520728d84fcbfec3fd5764890f66&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/7406589?excludes=19845928&oaid=0080520728d84fcbfec3fd5764890f66&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:50 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

externalde.com/out/xyhkxckud/?ctrl_id=66360b8664273351898631&ctrl_ab=burp&ctrl_ts=1714817926.4102&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wj23a03osa94r221je85hs2i

188.114.96.1

302 Found

21 kB

URL GET HTTP/2
externalde.com/out/xyhkxckud/?ctrl_id=66360b8664273351898631&ctrl_ab=burp&ctrl_ts=1714817926.4102&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wj23a03osa94r221je85hs2i
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectexternalde.com
Fingerprint0D:2A:5D:DC:29:15:BD:05:1C:8E:F1:C5:82:D4:C0:5C:D6:A5:AB:58
ValiditySat, 27 Apr 2024 14:00:09 GMT - Fri, 26 Jul 2024 14:00:08 GMT

File type
gzip compressed data, max speed, from Unix
Size
21 kB (20650 bytes)
Hash
826d23716d611fc6ad47b58b18a3dd24
71d01a6edbc7ddf6976cbd9fab89ea3d918c506b
a8072c55ff50d5623b1a2c5ae46edc3d2773e5fe4e51dd9068ba0a601287c136

HTTP Headers

GET /out/xyhkxckud/?ctrl_id=66360b8664273351898631&ctrl_ab=burp&ctrl_ts=1714817926.4102&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wj23a03osa94r221je85hs2i HTTP/1.1
Host: externalde.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 04 May 2024 10:18:46 GMT
content-type: text/html; charset=UTF-8
location: https://lkbx.me/4KqY7?uid=wj23a03osa94r221je85hs2i
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XbSSFJE92qkVnkp%2BzXmErdx14X1XEG7Szb8r52LhP6wlGMP6fiXGXHMp8OgMF81btfAnMjFMErIbCL6Fk8cWjCZi8rlgWtsO0BXn24awd3hz4O6qhjWp5FcqsM2g9QNmSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7bfa97a6db529-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg

104.22.32.172

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
17 kB (17173 bytes)
Hash
9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906

HTTP Headers

GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 10:18:50 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Sat, 04 May 2024 20:06:53 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 51114
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7bfc3af9d10b1-CPH
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 3013
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 203030
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

gishejuy.com/impression/FfKDp0q7B7sXgfbTWLxZtXCQmH5aTvdmssQn4YsCdSYEg7_1dUk73cnO_b27JlxOXa6z2LGryPkevlPHjG4sA6JVGQJtRV6h26TWLyfZxd0LqABkqwmYAm2LdmuQ3iPzfsRgfJeGipoZNZSnBtDI3Qpf0UuQpkkOHXqt4UMJU2l5_4DmPB3HUMtL5xdP1msgBEcexgp3hNGxC9c64Y6ZVeOIlTGA4Wn_9eEBztWgi4AjrZZnTxBknx9Lyage_PiRDj5GdeyWsKEvMEjdfOzoujIxhBdBNeSlAdKF_KxJRHd8v0DcIl2japBBlhkHQBsS2dVfagxTkMjohm1EnrjmJP-gg5wMbxPf_eN1SwQnYWmyOUsX7GcUkB3JVAREW_M00RjPWQRLfbUhIrNfXP2cSdsXqXrhGrG4IP4ndwBY6BGBG5yh1wrPhnzrh-EV7BY2m9vs8M8kjc_jJzeOcButhwZoC9DdbAqcKegjWy7f5w1Z6pCkeaH8frfLOoVKzZVWjUAUn6FA7uBmw2azZB1sxIH8BAEmdnY2iu5luvDd0Y0de6ErintLcEPsc9lnfjh6z34yilM8K_D8t7O3KEyv_h4S1jjjni8cTEVje2YsQvmvJofyTBciNYZwL7pVINxVVyL4j6fqfLj_zyS9QgLRT2tPWtCYuH1AQ26ueHAdSoVe776umGJPBb4uiMpQlNo3wGWPxY28FwrmvgWpoUC6bhD7WCP5PrV7DUiwiemznYm4GYZM6k2GV5iS24eM3HjC19rC7iMz13xyMLi9Xqe_FAl7S_phCPEDFHIw2kLd4GUaL7jiHXc0UQljLz0=?_z=7406589&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/FfKDp0q7B7sXgfbTWLxZtXCQmH5aTvdmssQn4YsCdSYEg7_1dUk73cnO_b27JlxOXa6z2LGryPkevlPHjG4sA6JVGQJtRV6h26TWLyfZxd0LqABkqwmYAm2LdmuQ3iPzfsRgfJeGipoZNZSnBtDI3Qpf0UuQpkkOHXqt4UMJU2l5_4DmPB3HUMtL5xdP1msgBEcexgp3hNGxC9c64Y6ZVeOIlTGA4Wn_9eEBztWgi4AjrZZnTxBknx9Lyage_PiRDj5GdeyWsKEvMEjdfOzoujIxhBdBNeSlAdKF_KxJRHd8v0DcIl2japBBlhkHQBsS2dVfagxTkMjohm1EnrjmJP-gg5wMbxPf_eN1SwQnYWmyOUsX7GcUkB3JVAREW_M00RjPWQRLfbUhIrNfXP2cSdsXqXrhGrG4IP4ndwBY6BGBG5yh1wrPhnzrh-EV7BY2m9vs8M8kjc_jJzeOcButhwZoC9DdbAqcKegjWy7f5w1Z6pCkeaH8frfLOoVKzZVWjUAUn6FA7uBmw2azZB1sxIH8BAEmdnY2iu5luvDd0Y0de6ErintLcEPsc9lnfjh6z34yilM8K_D8t7O3KEyv_h4S1jjjni8cTEVje2YsQvmvJofyTBciNYZwL7pVINxVVyL4j6fqfLj_zyS9QgLRT2tPWtCYuH1AQ26ueHAdSoVe776umGJPBb4uiMpQlNo3wGWPxY28FwrmvgWpoUC6bhD7WCP5PrV7DUiwiemznYm4GYZM6k2GV5iS24eM3HjC19rC7iMz13xyMLi9Xqe_FAl7S_phCPEDFHIw2kLd4GUaL7jiHXc0UQljLz0=?_z=7406589&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/FfKDp0q7B7sXgfbTWLxZtXCQmH5aTvdmssQn4YsCdSYEg7_1dUk73cnO_b27JlxOXa6z2LGryPkevlPHjG4sA6JVGQJtRV6h26TWLyfZxd0LqABkqwmYAm2LdmuQ3iPzfsRgfJeGipoZNZSnBtDI3Qpf0UuQpkkOHXqt4UMJU2l5_4DmPB3HUMtL5xdP1msgBEcexgp3hNGxC9c64Y6ZVeOIlTGA4Wn_9eEBztWgi4AjrZZnTxBknx9Lyage_PiRDj5GdeyWsKEvMEjdfOzoujIxhBdBNeSlAdKF_KxJRHd8v0DcIl2japBBlhkHQBsS2dVfagxTkMjohm1EnrjmJP-gg5wMbxPf_eN1SwQnYWmyOUsX7GcUkB3JVAREW_M00RjPWQRLfbUhIrNfXP2cSdsXqXrhGrG4IP4ndwBY6BGBG5yh1wrPhnzrh-EV7BY2m9vs8M8kjc_jJzeOcButhwZoC9DdbAqcKegjWy7f5w1Z6pCkeaH8frfLOoVKzZVWjUAUn6FA7uBmw2azZB1sxIH8BAEmdnY2iu5luvDd0Y0de6ErintLcEPsc9lnfjh6z34yilM8K_D8t7O3KEyv_h4S1jjjni8cTEVje2YsQvmvJofyTBciNYZwL7pVINxVVyL4j6fqfLj_zyS9QgLRT2tPWtCYuH1AQ26ueHAdSoVe776umGJPBb4uiMpQlNo3wGWPxY28FwrmvgWpoUC6bhD7WCP5PrV7DUiwiemznYm4GYZM6k2GV5iS24eM3HjC19rC7iMz13xyMLi9Xqe_FAl7S_phCPEDFHIw2kLd4GUaL7jiHXc0UQljLz0=?_z=7406589&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Cookie: OAID=0080520728d84fcbfec3fd5764890f66
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:53 GMT
content-type: image/gif
content-length: 43
x-trace-id: 09bdba115b98ed243a653f79adea319d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=k7XJJ5EoxyK2NvOZ5BP8tErYVE4U4xQoXqNyYyUM_qWoheAHBmAyu3FgaIil9icNCaWqIJLvTnuoHAMHgGB6KWjs4G92NM1sENsvMctj0eqyVPVZSa5Tno3iOByOFMn5
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Sat, 04 May 2024 10:18:25 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 36
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

cameesse.net/11?rnd=853350186&z=7406590&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=A8PIuGD4qzu0TIfTTQGZ7XnMvpaOfu_7b92TyV6EEJXe71dmeD0IyOGzv3rGRnk5K1x81_y4Fn3n_ztCmL8WwRPKPSFzaKD2fkr8vb683Yy7CbwAEfRAug3sV9k8HPtHDKoX5apkCf59yujk5yRu9l3toU3K4SiNj8Nqil1Qa6w2LDt60DjAhqKp-glbYkGrXCLg4aoQLcYuqfQZx77dy9HAUlQBs3TjxOoZvBJfzw7mcFjKUr_d-B2FzcIz2TxrNyRXK0Jcph80XJpm9zbalsYBoM0zcz3ocIt51zbTgtjINNZ_BRXE0cJ5Wws7L3kpfJ5kuSKXJ_f-VeSJLlmL0U2kDe49Lw14U-nLKUzloLHoIrE2yAPDmHvBd6bWUHdCIOsuciK0oJhNTGebUW-b9FtOoLV3r65Jiw4sTqwsSpcqBvKeiAf95V1lTtQ0dkHU4jPXyHvJy93NcUZjnw1tmXH_V4skuGZsE0KmAgz3gTwPd_pNz4_SA2F2B74IrZaMpWTGXrU802PVnr5jzJiUNAihgWm-QjHWnlZNn_AokMHGFypMYoKXD7Xyx9hLEOZE2p6F4R2ZKdPyJDNueepmXMoKw7OcQDxcQ8ppZnENyFeEKqiE&ruid=326db0e4-96b8-4ece-ad96-13b981804c4e&subid=810567735617531904&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1

139.45.197.242

0 B

URL
cameesse.net/11?rnd=853350186&z=7406590&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=A8PIuGD4qzu0TIfTTQGZ7XnMvpaOfu_7b92TyV6EEJXe71dmeD0IyOGzv3rGRnk5K1x81_y4Fn3n_ztCmL8WwRPKPSFzaKD2fkr8vb683Yy7CbwAEfRAug3sV9k8HPtHDKoX5apkCf59yujk5yRu9l3toU3K4SiNj8Nqil1Qa6w2LDt60DjAhqKp-glbYkGrXCLg4aoQLcYuqfQZx77dy9HAUlQBs3TjxOoZvBJfzw7mcFjKUr_d-B2FzcIz2TxrNyRXK0Jcph80XJpm9zbalsYBoM0zcz3ocIt51zbTgtjINNZ_BRXE0cJ5Wws7L3kpfJ5kuSKXJ_f-VeSJLlmL0U2kDe49Lw14U-nLKUzloLHoIrE2yAPDmHvBd6bWUHdCIOsuciK0oJhNTGebUW-b9FtOoLV3r65Jiw4sTqwsSpcqBvKeiAf95V1lTtQ0dkHU4jPXyHvJy93NcUZjnw1tmXH_V4skuGZsE0KmAgz3gTwPd_pNz4_SA2F2B74IrZaMpWTGXrU802PVnr5jzJiUNAihgWm-QjHWnlZNn_AokMHGFypMYoKXD7Xyx9hLEOZE2p6F4R2ZKdPyJDNueepmXMoKw7OcQDxcQ8ppZnENyFeEKqiE&ruid=326db0e4-96b8-4ece-ad96-13b981804c4e&subid=810567735617531904&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP
139.45.197.242:0
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=853350186&z=7406590&b=20830638&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=A8PIuGD4qzu0TIfTTQGZ7XnMvpaOfu_7b92TyV6EEJXe71dmeD0IyOGzv3rGRnk5K1x81_y4Fn3n_ztCmL8WwRPKPSFzaKD2fkr8vb683Yy7CbwAEfRAug3sV9k8HPtHDKoX5apkCf59yujk5yRu9l3toU3K4SiNj8Nqil1Qa6w2LDt60DjAhqKp-glbYkGrXCLg4aoQLcYuqfQZx77dy9HAUlQBs3TjxOoZvBJfzw7mcFjKUr_d-B2FzcIz2TxrNyRXK0Jcph80XJpm9zbalsYBoM0zcz3ocIt51zbTgtjINNZ_BRXE0cJ5Wws7L3kpfJ5kuSKXJ_f-VeSJLlmL0U2kDe49Lw14U-nLKUzloLHoIrE2yAPDmHvBd6bWUHdCIOsuciK0oJhNTGebUW-b9FtOoLV3r65Jiw4sTqwsSpcqBvKeiAf95V1lTtQ0dkHU4jPXyHvJy93NcUZjnw1tmXH_V4skuGZsE0KmAgz3gTwPd_pNz4_SA2F2B74IrZaMpWTGXrU802PVnr5jzJiUNAihgWm-QjHWnlZNn_AokMHGFypMYoKXD7Xyx9hLEOZE2p6F4R2ZKdPyJDNueepmXMoKw7OcQDxcQ8ppZnENyFeEKqiE&ruid=326db0e4-96b8-4ece-ad96-13b981804c4e&subid=810567735617531904&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Cookie: scm=1; OAID=0080520728d84fcbfec3fd5764890f66; oaidts=1714817924
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:19:05 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://anonzip.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 38fb2b259bf32d6d731d91121a7d6089
access-control-expose-headers: X-Sc
set-cookie: OAID=0080520728d84fcbfec3fd5764890f66; expires=Sun, 04 May 2025 10:19:05 GMT; secure; SameSite=None
oaidts=1714817924; expires=Sun, 04 May 2025 10:19:05 GMT; secure; SameSite=None
oaidvc=1; expires=Sun, 04 May 2025 10:19:05 GMT; secure; SameSite=None
CNT=1_v1_rtk9AQEAAACHTQAA; expires=Sat, 04 May 2024 11:19:05 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

anonzip.com/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png

135.181.248.190

200 OK

5.0 kB

URL GET HTTP/1.1
anonzip.com/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png
IP
135.181.248.190:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectanonzip.com
Fingerprint05:1A:C5:B8:46:2C:D7:57:A3:34:1F:79:EC:24:CC:61:ED:36:1E:7E
ValiditySat, 30 Mar 2024 19:16:56 GMT - Fri, 28 Jun 2024 19:16:55 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
5.0 kB (5016 bytes)
Hash
a9a8c24cea41bed7ef78ed1d12d48291
cd86d71e15b97ab602e0e39bb6e9bbaf6779f4d7
3b379c83d1c0b117cec88debed9390723daffc2fb99cf51cc2175c47169d190e

HTTP Headers

GET /themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png HTTP/1.1
Host: anonzip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/C4r/Windows.rar
Cookie: filehosting=9o9149r5put2gvlgmdgdtr1rf5; _ga_GWR0PX9LQC=GS1.1.1714817924.1.0.1714817924.0.0.0; _ga=GA1.1.1715333093.1714817925
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 10:18:44 GMT
Content-Type: image/png
Content-Length: 5016
Last-Modified: Fri, 15 Apr 2022 11:04:01 GMT
Connection: keep-alive
ETag: "62595121-1398"
Accept-Ranges: bytes

cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a

139.45.197.242

200 OK

413 kB

URL GET HTTP/2
cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
JavaScript source, ASCII text, with very long lines (65523)
Size
413 kB (413423 bytes)
Hash
297cc248309ba835cf13a1f82fd3f938
1e6f51ce257a0ee53e25280dd44092ed33339847
b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27/7552beb94fc0bdff7bbb33cad3d1ab0a HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Cookie: scm=1; OAID=0400524015434624edbd6b9679267ca2; oaidts=1714817924
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:45 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 53bf075f88aeb35274ff9df3e2bcc930
cache-control: max-age:290304000, public
last-modified: Tue, 09 Apr 2024 03:16:58 GMT
expires: Tue, 09 May 2084 03:16:58 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/universal.min.js?v=3.1.504

139.45.197.250

200 OK

90 kB

URL GET HTTP/2
moonoafy.net/pfe/current/universal.min.js?v=3.1.504
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (89850 bytes)
Hash
4caad44ecc6a13eba45b63ed7cf9e387
e67dfe90bebd5447495d8fe962d03e55f6d13071
66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:45 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:51 GMT
etag: W/"662a3513-15efa"
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

565 B

URL GET HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (588), with no line terminators
Size
565 B (565 bytes)
Hash
959a533a3dc02649e0cc3f8f67d942af
34db49ff64aed8b51beaba5b9928ad504a4df335
24864ed3ee6fab66640980d4c24640e579e5583764a8ee8c4f09decf27977247

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 10:18:44 GMT
date: Sat, 04 May 2024 10:18:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

moonoafy.net/zone?pub=0&zone_id=7406592&is_mobile=false&domain=anonzip.com&var=&ymid=&var_3=&tg=0&sw=3.1.504

139.45.197.250

200 OK

880 B

URL GET HTTP/2
moonoafy.net/zone?pub=0&zone_id=7406592&is_mobile=false&domain=anonzip.com&var=&ymid=&var_3=&tg=0&sw=3.1.504
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (977), with no line terminators
Size
880 B (880 bytes)
Hash
7db549bd97c2cf19c1a7b302563a42e4
9f3ff7d955b0ff41824a7094761659688b20088e
5bd403e962c03e25fe7f98492e5a381c5df1a49c1921132aeb92dcc2368b5697

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zone?pub=0&zone_id=7406592&is_mobile=false&domain=anonzip.com&var=&ymid=&var_3=&tg=0&sw=3.1.504 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:45 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: 4d1265a4014ace075cf9a8a7c03cdf41
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=7406590&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=810567735617531904&ctrl_fetch_dest=iframe&ctrl_id=66360b8664273351898631&ctrl_ts=1714817926.4102&ctrl_ab=burp

143.204.55.21

302 Found

1.1 kB

URL GET HTTP/2
track.jefytrack.com/145f6684-c379-407a-a2eb-922622a713e1?zoneid=7406590&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=810567735617531904&ctrl_fetch_dest=iframe&ctrl_id=66360b8664273351898631&ctrl_ts=1714817926.4102&ctrl_ab=burp
IP
143.204.55.21:443
ASN
#16509 AMAZON-02

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerAmazon
Subjecttrack.jefytrack.com
FingerprintD9:FC:91:D1:FD:F0:F4:2D:48:E9:47:EE:31:A0:1C:23:D3:9A:29:D8
ValiditySun, 21 Apr 2024 00:00:00 GMT - Tue, 20 May 2025 23:59:59 GMT

File type

Size
1.1 kB (1073 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /145f6684-c379-407a-a2eb-922622a713e1?zoneid=7406590&campaignid=8121703&carrier=%7Bcarrier%7D&connectiontype=%7Bconnection.type%7D&isp=%7Bisp%7D&cost=&visitor_id=810567735617531904&ctrl_fetch_dest=iframe&ctrl_id=66360b8664273351898631&ctrl_ts=1714817926.4102&ctrl_ab=burp HTTP/1.1
Host: track.jefytrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-length: 0
location: https://externalde.com/out/xyhkxckud/?ctrl_id=66360b8664273351898631&ctrl_ab=burp&ctrl_ts=1714817926.4102&ctrl_vol_oid=0b046699-9de5-41eb-a62f-5035b56e631b&tg=https://lkbx.me/4KqY7&uid=wj23a03osa94r221je85hs2i
date: Sat, 04 May 2024 10:18:46 GMT
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: 145f6684-c379-407a-a2eb-922622a713e1-v4=LumZWtjR3kcyuKY4b_gBDVmzIKXDf9RxmxvwpXbtY7o; Max-Age=86400; Expires=Sun, 05-May-2024 10:18:46 GMT; Domain=track.jefytrack.com; Path=/; Secure; HttpOnly;SameSite=None
voluum-cid-v4=%7B%22cid%22%3A%22wj23a03osa94r221je85hs2i%22%2C%22caid%22%3A%22145f6684-c379-407a-a2eb-922622a713e1%22%7D; Max-Age=31536000; Expires=Sun, 04-May-2025 10:18:46 GMT; Domain=track.jefytrack.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
x-cache: Miss from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fWpgoxepoUdqHdldR663DbOF5p53UiwPy-UwuzLyhtue1gfntW7EwA==
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i

142.250.74.106

200 OK

37 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1572)
Size
37 kB (37345 bytes)
Hash
c2b8ea09ec90a66034e1b61bc1f8e5d4
9558953728cacfc3433ba6281c1b4a58fbbc9d51
1c593f4a688585b14c31e71fc64bfaa81d768984cdf182bca40ba8c524582685

HTTP Headers

GET /css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 10:18:44 GMT
date: Sat, 04 May 2024 10:18:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

alwingulla.com/88/tag.min.js

172.67.152.114

200 OK

81 kB

URL GET HTTP/2
alwingulla.com/88/tag.min.js
IP
172.67.152.114:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectalwingulla.com
FingerprintB6:A3:BD:4F:5E:0D:58:50:07:9D:17:E0:30:97:67:97:9E:23:1A:1C
ValidityTue, 12 Mar 2024 16:48:22 GMT - Mon, 10 Jun 2024 16:48:21 GMT

File type
JavaScript source, ASCII text, with very long lines (65494)
Size
81 kB (81042 bytes)
Hash
d8fe6d8977be78f78ee48c068b8c8686
e9c96bfc9bcd374f528f73c0441c2358d6d1d135
43423a879e310562ceed423aa563f4fac45713e6f59b0517d897e2c96a42993b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /88/tag.min.js HTTP/1.1
Host: alwingulla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 10:18:43 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 624b03ca331891542e6efac5f0adfba8
cache-control: max-age=86400
last-modified: Fri, 03 May 2024 05:52:08 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Sun, 05 May 2024 05:45:33 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 16390
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xn3%2FD8ozBce5qY3CyaKrRl%2FKmyHMqtDaM8hFzTf25IXcRO0olUypUiKUbK86VkDNcgfrQfxlc1pfUDYkwbC88QqM3pEImv6trwsXKk1aH72p80x1b24slbHKoniXMWnwCA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7bf97be5f56b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

offerimage.com/www/images/71581bf2ce9a00138faf7dd80fe3e12e.jpg

104.22.32.172

200 OK

19 kB

URL GET HTTP/2
offerimage.com/www/images/71581bf2ce9a00138faf7dd80fe3e12e.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
19 kB (19381 bytes)
Hash
71581bf2ce9a00138faf7dd80fe3e12e
56479135ed64bf23e1037067c0c87047eb8a414c
5d9f95c8c06343cc189b38268296615ed8816d8154b4b782ad0d62bedd23525e

HTTP Headers

GET /www/images/71581bf2ce9a00138faf7dd80fe3e12e.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 10:18:50 GMT
content-type: image/jpeg
content-length: 19381
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65674405-4bb5"
expires: Sat, 04 May 2024 18:07:30 GMT
last-modified: Wed, 29 Nov 2023 14:00:37 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 58280
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7bfc17c8f10b1-CPH
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/tag.min.js?z=7406592

139.45.197.250

200 OK

15 kB

URL GET HTTP/2
moonoafy.net/pfe/current/tag.min.js?z=7406592
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JavaScript source, ASCII text, with very long lines (14612), with no line terminators
Size
15 kB (14612 bytes)
Hash
ffdd38e0a5a1a47cb341a116a3318e0e
2fd730feff506cf56e14c531e9d89cdea2cca424
7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/tag.min.js?z=7406592 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonzip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:44 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:51 GMT
etag: W/"662a3513-3914"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

veepteero.com/?rb=BdZYMkparywH_vfWnFXLKc5OFRowmBnzu9x-eLEidRSlFJzzj2blbGkLIn6OXDp8ZaRr139UmG4k5jYG5ipsTEd1_yhdurFv0_hwhwbVXkk-6NiCcoQpm-AqRYAJBFD8qUEs0Wfyfp75A6XY6U4HuO67dVm7G31Ys3HB_wdiwf-rc5VwqvNY1PDsLgK3Kot77vubOm5u2Ztsmf1A-j7NRbx9I6rCf4bRhrobMkWorV6Dcc_dzZ8-LiqOSNGJ1TxX8sY_iQ%3D%3D&request_ab2=0&zoneid=7406588&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&bs=df6efd6e-3c8c-46b3-9244-1c06eab541e7&wasm=1&userId=0080520728d84fcbfec3fd5764890f66&m=link

139.45.197.242

200 OK

2.3 kB

URL GET HTTP/2
veepteero.com/?rb=BdZYMkparywH_vfWnFXLKc5OFRowmBnzu9x-eLEidRSlFJzzj2blbGkLIn6OXDp8ZaRr139UmG4k5jYG5ipsTEd1_yhdurFv0_hwhwbVXkk-6NiCcoQpm-AqRYAJBFD8qUEs0Wfyfp75A6XY6U4HuO67dVm7G31Ys3HB_wdiwf-rc5VwqvNY1PDsLgK3Kot77vubOm5u2Ztsmf1A-j7NRbx9I6rCf4bRhrobMkWorV6Dcc_dzZ8-LiqOSNGJ1TxX8sY_iQ%3D%3D&request_ab2=0&zoneid=7406588&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&bs=df6efd6e-3c8c-46b3-9244-1c06eab541e7&wasm=1&userId=0080520728d84fcbfec3fd5764890f66&m=link
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerLet's Encrypt
Subjectveepteero.com
Fingerprint13:68:56:48:EC:67:A6:93:BE:E0:36:BC:FA:04:75:6D:6E:D2:C1:91
ValiditySat, 23 Mar 2024 05:18:36 GMT - Fri, 21 Jun 2024 05:18:35 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2325), with no line terminators
Size
2.3 kB (2302 bytes)
Hash
cba9ecd751dcd8c5b708ef5c8c71792e
40747810e7e15fdb4929fd4810c27c8e607bb3a6
ca98e1dd59431c725b03ed62cb336f743f5835b7e84fd3a97063c685aaca44e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=BdZYMkparywH_vfWnFXLKc5OFRowmBnzu9x-eLEidRSlFJzzj2blbGkLIn6OXDp8ZaRr139UmG4k5jYG5ipsTEd1_yhdurFv0_hwhwbVXkk-6NiCcoQpm-AqRYAJBFD8qUEs0Wfyfp75A6XY6U4HuO67dVm7G31Ys3HB_wdiwf-rc5VwqvNY1PDsLgK3Kot77vubOm5u2Ztsmf1A-j7NRbx9I6rCf4bRhrobMkWorV6Dcc_dzZ8-LiqOSNGJ1TxX8sY_iQ%3D%3D&request_ab2=0&zoneid=7406588&js_build=iclick-v1.788.6-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fanonzip.com%2FC4r%2FWindows.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.6-auto&navlng=en-US&pnt=0&pnrc=0&bs=df6efd6e-3c8c-46b3-9244-1c06eab541e7&wasm=1&userId=0080520728d84fcbfec3fd5764890f66&m=link HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonzip.com/
Origin: https://anonzip.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 10:18:45 GMT
content-type: application/json
x-trace-id: 80380e20620981109cf7852318c4d2e1
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://anonzip.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080520728d84fcbfec3fd5764890f66; expires=Sun, 04 May 2025 10:18:45 GMT; path=/; secure; SameSite=None
oaidts=1714817925; expires=Sun, 04 May 2025 10:18:45 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 11 May 2024 10:18:45 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

lkbx.me/4KqY7?uid=wj23a03osa94r221je85hs2i

47.89.248.255

200 OK

1.1 kB

URL GET HTTP/2
lkbx.me/4KqY7?uid=wj23a03osa94r221je85hs2i
IP
47.89.248.255:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://anonzip.com/C4r/Windows.rar
Certificate
IssuerDigiCert Inc
Subjectlkbx.me
Fingerprint85:1C:F3:96:31:0D:EC:E9:85:9D:6E:27:5F:AE:1D:6C:F2:9B:F5:BD
ValidityMon, 27 Nov 2023 00:00:00 GMT - Tue, 26 Nov 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1129), with no line terminators
Size
1.1 kB (1073 bytes)
Hash
49852b4498148461ea8bce1732a0bb63
9e2c02ec960499c3352c9ba23f65b4b27a53fc52
d258b054ae3a04dbcba717d8397f638e2583f9f83a13c5ca1bcf7a70d26e8d19

HTTP Headers

GET /4KqY7?uid=wj23a03osa94r221je85hs2i HTTP/1.1
Host: lkbx.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 10:18:48 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
set-cookie: discuz_2132_saltkey=meW7dn44; expires=Mon, 03-Jun-2024 10:18:47 GMT; Max-Age=2592000; path=/; secure; httponly
discuz_2132_lang=en; path=/; secure
discuz_2132_lang=en; path=/; secure
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (25)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL