anonymfile.com/eyXa/imlikeaghostfr.pdf?PageSpeed=noscript
138.201.48.112301 Moved Permanently 162 B URL HTTP/1.1 anonymfile.com/eyXa/imlikeaghostfr.pdf?PageSpeed=noscript
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /eyXa/imlikeaghostfr.pdf?PageSpeed=noscript HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 23 Sep 2022 08:51:45 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://anonymfile.com/eyXa/imlikeaghostfr.pdf?PageSpeed=noscript
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3505
Expires: Fri, 23 Sep 2022 09:50:10 GMT
Date: Fri, 23 Sep 2022 08:51:45 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 08:14:07 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: SFieLEHBNlYvaLNtDIroZxt34qudGrzc_21-gdWjaDtvyswne6ZyCQ==
Age: 2258
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash afb65a07bf7214addf83d17a53acba32
a8e973204431320aa7b362a4e73944520c4b51b9
46e1a9e6c98245afb7fa84bc6d9ba6844105024e2d3f56e28748e6c321475d02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46E1A9E6C98245AFB7FA84BC6D9BA6844105024E2D3F56E28748E6C321475D02"
Last-Modified: Wed, 21 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4683
Expires: Fri, 23 Sep 2022 10:09:48 GMT
Date: Fri, 23 Sep 2022 08:51:45 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: xCz46dhE0eW1G4F/Q+PdaQaNqCSq99PIAwR0nlyfoKLa4vlKDjVrmUEfZkh3Yyoc2kXvfZ4ktdc7Gkkv+MvkhA==
x-amz-request-id: WB1B7TAFJEGQFQZG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 23 Sep 2022 08:46:54 GMT
age: 291
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:45 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js
104.17.25.14200 OK 30 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (65370)
Hash d18c98bb03dac8dd996130d56f3d8e8c
cc1777baef75c9438534927036a21f22e91e5578
89a5585efd3c48a3870d383705937d51bb2a3a776eb01805a2629dd7a28e3c2e
GET /ajax/libs/filepond/4.30.3/filepond.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 08:51:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 29707
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "615c7e96-740b"
last-modified: Tue, 05 Oct 2021 16:34:30 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 4966993
expires: Wed, 13 Sep 2023 08:51:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QBROgopuXZ2dCkjciAjbzQTBWuSeABxb6peJu1YK7Z%2FScxbgHMNAKlvG9J6YLKaheAKxuc2jR5OVMGMkWYqpkjwilwxGkNgDDJ6Y6KeEma1pvVMgggz4HDG6y6o1xaQFza7%2BtLUr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74f20a52abf9b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js
104.17.25.14200 OK 15 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (58940)
Hash 28dbaeb9aa2638e0c4e6d9ffd3d14e9d
3208ed3741e60986bbed3fd759cdfd3b4fa7cf06
ababbb021f57966e125b8e296f9515f38d906b462697f7835e6914465dd0d362
GET /ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 08:51:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 14584
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6161dfe3-38f8"
last-modified: Sat, 09 Oct 2021 18:30:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 4366051
expires: Wed, 13 Sep 2023 08:51:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LDo2j900L1q8bGb77iQ0iRGfgfCaJWOfLZpVpFd3stloVEXOuO4tIAxoL7pScNXIPzx4lhc9J2dRhTZoRE%2BK7%2ByBYzB3Zc31DmcAGgJoYeqMocxTZ7GbT2LHL%2FYLDRf7dW2L7UQJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74f20a52bc0fb51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js
104.17.25.14200 OK 3.0 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js
IP 104.17.25.14:0
File type Unicode text, UTF-8 text, with very long lines (10584)
Hash e34a4db0b42ca907e0b7a56cd4b145ec
2dc36a7dcdfc42d122b23ef91483d27865c4285f
4b2a908e8d2c23d19da5e9ef4c6c77e7c6e8823b7aeb93233723f366ff6d217a
GET /ajax/libs/clipboard.js/2.0.8/clipboard.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 08:51:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 3000
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6049431e-29b4"
last-modified: Wed, 10 Mar 2021 22:07:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 312053
expires: Wed, 13 Sep 2023 08:51:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JRZBCvtSI9cfuHNFNMQG%2BuN29Z9Nx13sRpvyXvA3xZMt32UMvccjsEvBppPm2JpYehC2t4WX1MVh%2B9GmaH1MtaiSfT6OcfKhhv22ajufdjYTssbDhDga4Ed2fda%2FbK04Id40kg1j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74f20a52bc11b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
104.17.25.14200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (65447)
Hash d900ca08873ee57d40616d39a44cc0aa
7ab3ac8b1504b7b914a6e94c979b8390bb492f6a
1eea479cc0abe04a0846f41031207f9511f12ffef017a6109d4efb6f5523465b
GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 08:51:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 4968326
expires: Wed, 13 Sep 2023 08:51:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DJiMch3jX6Ny1vof1V%2F4WdHFmZZ6yZn5fYBK6M9o4n9hTTZnkciv%2Blq08OvebFiuguBGrCNk8z9Q5uDxp8xfrj1J23wBJiCzN4g95rEVraC5eEpvvXKVxVVBgopGs%2F6dW63mmJPI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74f20a52bc12b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js
104.17.25.14200 OK 6.0 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (18706)
Hash 3773d4bd82b03cdfd02c9fd691f80d78
c4d89a2de179c90944835571b45877048f3c1424
5d05303e3777fd4f588b7167d0a22cd5ca499c238f78ec0cecbb3a8786de332d
GET /ajax/libs/popper.js/2.10.2/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 08:51:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 6037
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6155af49-1795"
last-modified: Thu, 30 Sep 2021 12:36:25 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 6965914
expires: Wed, 13 Sep 2023 08:51:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XSyoVPPhtDeSCNQ3UowAE708njJduPHJ99tmcmMrOhUlzO11DS8cySgTIUQLGwPTOdr5dI%2FStVT8XQ5TXFvmiiEUWRBy0ALbHo%2B1kC8YLx3LFrM79n2e9qu7OZ2BBAI6IDlWaeZl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74f20a52bc13b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 5e136317c0c71275860fcce48a860311
ea873b454c69b6bed9c6bfb32ca8b3d500c8cf3a
8280ba5f21730cd6cde3d0a3581bbdc319b5d707e268bc50f3b59d2846350830
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3936
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 08:51:45 GMT
Last-Modified: Fri, 23 Sep 2022 07:46:09 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 5e136317c0c71275860fcce48a860311
ea873b454c69b6bed9c6bfb32ca8b3d500c8cf3a
8280ba5f21730cd6cde3d0a3581bbdc319b5d707e268bc50f3b59d2846350830
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6194
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 08:51:45 GMT
Last-Modified: Fri, 23 Sep 2022 07:08:31 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280
cdn.jsdelivr.net/npm/sweetalert2@11
151.101.85.229200 OK 19 kB URL HTTP/2 cdn.jsdelivr.net/npm/sweetalert2@11
IP 151.101.85.229:0
File type Unicode text, UTF-8 text, with very long lines (44435)
Hash dcba663c4abdb8ca0a7f4974af933322
e8d49335c7bdef21531b4ec6c95ae0ec9fe96e09
3dd1d4f839dd267f48585ebcfcb818a1320f6f52b1e8a4b8e752df3d8091631b
GET /npm/sweetalert2@11 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.4.33
x-jsd-version-type: version
etag: W/"1122c-J9H0DCRqMGO33uXpjie+s7dGIes"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 23 Sep 2022 08:51:45 GMT
age: 1052
x-served-by: cache-fra19183-FRA, cache-bma1623-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 19287
X-Firefox-Spdy: h2
anonymfile.com/img/logo-anon-warning.webp
138.201.48.112200 OK 15 kB URL HTTP/2 anonymfile.com/img/logo-anon-warning.webp
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7b596f481388ac5ef6d74a15a351f6c3
6756e88c0b46cc981b7bbbdaf2ead77bd258a472
cd830cff1dfb9af2181dfe61645addbe21981954713fba54d5875a038e673972
GET /img/logo-anon-warning.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/eyXa/imlikeaghostfr.pdf?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6IllsaGFXVlJRWkpmZHRRRHdoSFFEWFE9PSIsInZhbHVlIjoiZEplSWhuaFZEN20zRmw3Y1RjOFFXMmZ4WWZHWlFjTzBMN05ZdTRiRk1lMnljRFgxQWx3aTJSejExY0lPK3ZKdkZXTjlaS2srOWpvcVFvSHY2QXQ2R1NZYURwdmJRK1VBMXFLdDlnZ2h1ZmNxSFQ1ZFBGU1hac0FQcjJUaC9nWkwiLCJtYWMiOiJhODNiMzY3NDZlZDBlYmQxZTkxZjQwYWY5MTY0YWFiZTFiNzY0YTdlZTAxMjY5YmVjNmZhNDc2NTI1OWRmMGY3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6IlIyOXQxQStzdmFHdElTbkxXb2Z4MWc9PSIsInZhbHVlIjoiUFFQWlF4THNKMzFTY01sakhSN2FtSjJ4Rjg3YzVyN1pnd3B6VW9NcDBJVWZBY3JPcUFuSnRiUmFsNGl0Qm1DVm1FV3loKy9KMVgzNUdRN045SUM1NVp5YWVHSE5uYjQxRFovVFJMUGR1WUVTell1SU1BSzFLT1hncSsvcDZpUGIiLCJtYWMiOiIxZGM3MDU4ZTQ1ZWE1M2E3ZjAzMzY2MTk2YWI1MTVhYzFlNDI5YmQ3NzZhMTBmZjMxNjQ3YzA0ZTJkYzc0MTQ1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
content-length: 15344
etag: "617d3713-3bf0"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ranges: bytes
date: Fri, 23 Sep 2022 08:49:13 GMT
expires: Fri, 23 Sep 2022 08:54:13 GMT
X-Firefox-Spdy: h2
unpkg.com/filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js
104.16.122.175200 OK 3.1 kB URL HTTP/2 unpkg.com/filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js
IP 104.16.122.175:0
Hash be060b50cbb4fdfb036b1c1a8c56b8e6
81861fe9b0fd78fa3442b5716bfca6dd20b7d02b
310e9cd2e29baf8eed13e924476f31a1f594a6fc3277fd268ce42bda7e482c7c
GET /filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 08:51:45 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1a7f-Ufoq68yhVBjz3riH5wAGJXD40pU"
via: 1.1 fly.io
fly-request-id: 01G7558XE30T0T2M6RDRBFG7JV-fra
cf-cache-status: HIT
age: 6966349
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74f20a534fceb50f-OSL
content-encoding: br
X-Firefox-Spdy: h2
anonymfile.com/img/main/footer.webp
138.201.48.112200 OK 178 kB URL HTTP/2 anonymfile.com/img/main/footer.webp
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image\012- data
Size 178 kB (178070 bytes)
Hash 79ccb3a1b78412a1a530284f45ea7056
626d0494e1bd871e67ecffad44d04ac2343fb7e5
3d4e83b59664d7a779fa777d4ee0e17a1bc09302f9b9cde60815a3142256d8b8
GET /img/main/footer.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/eyXa/imlikeaghostfr.pdf?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6IllsaGFXVlJRWkpmZHRRRHdoSFFEWFE9PSIsInZhbHVlIjoiZEplSWhuaFZEN20zRmw3Y1RjOFFXMmZ4WWZHWlFjTzBMN05ZdTRiRk1lMnljRFgxQWx3aTJSejExY0lPK3ZKdkZXTjlaS2srOWpvcVFvSHY2QXQ2R1NZYURwdmJRK1VBMXFLdDlnZ2h1ZmNxSFQ1ZFBGU1hac0FQcjJUaC9nWkwiLCJtYWMiOiJhODNiMzY3NDZlZDBlYmQxZTkxZjQwYWY5MTY0YWFiZTFiNzY0YTdlZTAxMjY5YmVjNmZhNDc2NTI1OWRmMGY3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6IlIyOXQxQStzdmFHdElTbkxXb2Z4MWc9PSIsInZhbHVlIjoiUFFQWlF4THNKMzFTY01sakhSN2FtSjJ4Rjg3YzVyN1pnd3B6VW9NcDBJVWZBY3JPcUFuSnRiUmFsNGl0Qm1DVm1FV3loKy9KMVgzNUdRN045SUM1NVp5YWVHSE5uYjQxRFovVFJMUGR1WUVTell1SU1BSzFLT1hncSsvcDZpUGIiLCJtYWMiOiIxZGM3MDU4ZTQ1ZWE1M2E3ZjAzMzY2MTk2YWI1MTVhYzFlNDI5YmQ3NzZhMTBmZjMxNjQ3YzA0ZTJkYzc0MTQ1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
content-length: 178070
etag: "62f35b9c-2b796"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ranges: bytes
date: Fri, 23 Sep 2022 08:49:17 GMT
expires: Fri, 23 Sep 2022 08:54:17 GMT
X-Firefox-Spdy: h2
anonymfile.com/css/theme.min.css
138.201.48.112200 OK 62 kB URL HTTP/2 anonymfile.com/css/theme.min.css
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash ac20ae52902474bc21f37dd62654f6e0
40818973bd9065d893c935170aa4a7c3500d69a7
476a2e672d82d64d42cc1dc29b960d9e891d45bb4271a98623295ef28c7511dd
GET /css/theme.min.css HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/eyXa/imlikeaghostfr.pdf?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6IllsaGFXVlJRWkpmZHRRRHdoSFFEWFE9PSIsInZhbHVlIjoiZEplSWhuaFZEN20zRmw3Y1RjOFFXMmZ4WWZHWlFjTzBMN05ZdTRiRk1lMnljRFgxQWx3aTJSejExY0lPK3ZKdkZXTjlaS2srOWpvcVFvSHY2QXQ2R1NZYURwdmJRK1VBMXFLdDlnZ2h1ZmNxSFQ1ZFBGU1hac0FQcjJUaC9nWkwiLCJtYWMiOiJhODNiMzY3NDZlZDBlYmQxZTkxZjQwYWY5MTY0YWFiZTFiNzY0YTdlZTAxMjY5YmVjNmZhNDc2NTI1OWRmMGY3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6IlIyOXQxQStzdmFHdElTbkxXb2Z4MWc9PSIsInZhbHVlIjoiUFFQWlF4THNKMzFTY01sakhSN2FtSjJ4Rjg3YzVyN1pnd3B6VW9NcDBJVWZBY3JPcUFuSnRiUmFsNGl0Qm1DVm1FV3loKy9KMVgzNUdRN045SUM1NVp5YWVHSE5uYjQxRFovVFJMUGR1WUVTell1SU1BSzFLT1hncSsvcDZpUGIiLCJtYWMiOiIxZGM3MDU4ZTQ1ZWE1M2E3ZjAzMzY2MTk2YWI1MTVhYzFlNDI5YmQ3NzZhMTBmZjMxNjQ3YzA0ZTJkYzc0MTQ1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:45 GMT
content-type: text/css
last-modified: Fri, 22 Oct 2021 08:15:50 GMT
vary: Accept-Encoding
etag: W/"61727336-921fb"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 86624f45fb3b7126dbe002f69c94dd86
30bcf274db5037122f989fb25dbf1e72c9ec417b
2cc9600578cf057dc499835773fb495caa60ac154c4945f0fc1f2b31d43f5502
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5035
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 08:51:46 GMT
Last-Modified: Fri, 23 Sep 2022 07:27:51 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
anonymfile.com/img/logo-anon-warning.png
138.201.48.112200 OK 41 kB URL HTTP/2 anonymfile.com/img/logo-anon-warning.png
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced\012- data
Hash d52ea6ebcd0b10dcf112a9d6c43ceee0
641e5277e2e079f0e88e2899879fda8882e58d28
77cb73f16f049b51c0a81c12ed878e11efe3b9a71c632a3bdb647d963059532e
GET /img/logo-anon-warning.png HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/eyXa/imlikeaghostfr.pdf?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6IllsaGFXVlJRWkpmZHRRRHdoSFFEWFE9PSIsInZhbHVlIjoiZEplSWhuaFZEN20zRmw3Y1RjOFFXMmZ4WWZHWlFjTzBMN05ZdTRiRk1lMnljRFgxQWx3aTJSejExY0lPK3ZKdkZXTjlaS2srOWpvcVFvSHY2QXQ2R1NZYURwdmJRK1VBMXFLdDlnZ2h1ZmNxSFQ1ZFBGU1hac0FQcjJUaC9nWkwiLCJtYWMiOiJhODNiMzY3NDZlZDBlYmQxZTkxZjQwYWY5MTY0YWFiZTFiNzY0YTdlZTAxMjY5YmVjNmZhNDc2NTI1OWRmMGY3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6IlIyOXQxQStzdmFHdElTbkxXb2Z4MWc9PSIsInZhbHVlIjoiUFFQWlF4THNKMzFTY01sakhSN2FtSjJ4Rjg3YzVyN1pnd3B6VW9NcDBJVWZBY3JPcUFuSnRiUmFsNGl0Qm1DVm1FV3loKy9KMVgzNUdRN045SUM1NVp5YWVHSE5uYjQxRFovVFJMUGR1WUVTell1SU1BSzFLT1hncSsvcDZpUGIiLCJtYWMiOiIxZGM3MDU4ZTQ1ZWE1M2E3ZjAzMzY2MTk2YWI1MTVhYzFlNDI5YmQ3NzZhMTBmZjMxNjQ3YzA0ZTJkYzc0MTQ1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: image/png
content-length: 40729
last-modified: Fri, 29 Oct 2021 10:50:56 GMT
vary: Accept-Encoding
etag: "617bd210-9f19"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2
anonymfile.com/sw.js
138.201.48.112404 Not Found 5.0 kB IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4320)
Hash d9dda1b6a9444e8bd564ee392db21277
acde147b30055cd0dabbb5c7b48f7ee83aba9aaf
3ade4e0ed9d0a2721decb0d13da47814f06b8bf5cd70a09be3b65dd35ebd9b82
GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/eyXa/imlikeaghostfr.pdf?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6IllsaGFXVlJRWkpmZHRRRHdoSFFEWFE9PSIsInZhbHVlIjoiZEplSWhuaFZEN20zRmw3Y1RjOFFXMmZ4WWZHWlFjTzBMN05ZdTRiRk1lMnljRFgxQWx3aTJSejExY0lPK3ZKdkZXTjlaS2srOWpvcVFvSHY2QXQ2R1NZYURwdmJRK1VBMXFLdDlnZ2h1ZmNxSFQ1ZFBGU1hac0FQcjJUaC9nWkwiLCJtYWMiOiJhODNiMzY3NDZlZDBlYmQxZTkxZjQwYWY5MTY0YWFiZTFiNzY0YTdlZTAxMjY5YmVjNmZhNDc2NTI1OWRmMGY3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6IlIyOXQxQStzdmFHdElTbkxXb2Z4MWc9PSIsInZhbHVlIjoiUFFQWlF4THNKMzFTY01sakhSN2FtSjJ4Rjg3YzVyN1pnd3B6VW9NcDBJVWZBY3JPcUFuSnRiUmFsNGl0Qm1DVm1FV3loKy9KMVgzNUdRN045SUM1NVp5YWVHSE5uYjQxRFovVFJMUGR1WUVTell1SU1BSzFLT1hncSsvcDZpUGIiLCJtYWMiOiIxZGM3MDU4ZTQ1ZWE1M2E3ZjAzMzY2MTk2YWI1MTVhYzFlNDI5YmQ3NzZhMTBmZjMxNjQ3YzA0ZTJkYzc0MTQ1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Fri, 23 Sep 2022 08:51:46 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 936c836fe49e0724b87ac82162f5047e
eb0156fd2ad894e68e02b341fc4aa57b21a42e85
3c7ddffb4f45fc048f9f0d1602cb60c3c5fadc4435c88f718fdc13902354abd6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C7DDFFB4F45FC048F9F0D1602CB60C3C5FADC4435C88F718FDC13902354ABD6"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3622
Expires: Fri, 23 Sep 2022 09:52:08 GMT
Date: Fri, 23 Sep 2022 08:51:46 GMT
Connection: keep-alive
push.services.mozilla.com/
52.89.20.60101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.20.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vJKgDnM68bkX3cFp/lKERQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tBMqp/EtPPUQxccxRN0DkIE2R4M=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 691ead31501097a14cc636bef13fee66
d61e929761ff877b000cfa6347073d781e455a7c
ee8c88025f2f19d372ae33d8d82883a27cea6313e91f5fe79ab2101646bce8f0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EE8C88025F2F19D372AE33D8D82883A27CEA6313E91F5FE79AB2101646BCE8F0"
Last-Modified: Thu, 22 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5775
Expires: Fri, 23 Sep 2022 10:28:01 GMT
Date: Fri, 23 Sep 2022 08:51:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 722ef108c4d4fc81d56f8a6c10adcffb
4db06d907ef3eaaf9aa08d9a7ec559206f94469c
db67bd24af8e50a7af38451c2febe20ec4c1eaf713e6e6bcc5ed4b1d55d24098
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DB67BD24AF8E50A7AF38451C2FEBE20EC4C1EAF713E6E6BCC5ED4B1D55D24098"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11651
Expires: Fri, 23 Sep 2022 12:05:57 GMT
Date: Fri, 23 Sep 2022 08:51:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9c0f0c54043eecab0f2e6a29aa554160
9f1244152256010709efadfbdb9cd415b279a26b
9d42f4f3d40785f153428139840eaed00faa07ada26d30da5e37ab8def8f36c7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D42F4F3D40785F153428139840EAED00FAA07ADA26D30DA5E37AB8DEF8F36C7"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3923
Expires: Fri, 23 Sep 2022 09:57:09 GMT
Date: Fri, 23 Sep 2022 08:51:46 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash af56ebb29d27fb6a049680fe85c8828b
235a3579a72192a6a1fc0366d6d8671e2630b9f5
68454f522f57ca84315459fbf178251544804533512e9bebb8a6e3f3bce12895
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 08:51:46 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Sep 2022 18:25:22 GMT
Expires: Thu, 29 Sep 2022 18:25:21 GMT
Etag: "235a3579a72192a6a1fc0366d6d8671e2630b9f5"
Cache-Control: max-age=552214,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f20a577bdfb4fd-OSL
my.rtmark.net/gid.js?userId=3ddc54fb266d446a9817b79b5e08bf6a
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=3ddc54fb266d446a9817b79b5e08bf6a
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash a6cb42e668ebbbb864c9344c33f30d23
cfbc3bcf3e64224b65726443d7ea3ac00d607904
8077ff6190b105634c052b13813bf148271c834f81f9f2d065771b5afc3bffea
GET /gid.js?userId=3ddc54fb266d446a9817b79b5e08bf6a HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=3ddc54fb266d446a9817b79b5e08bf6a; expires=Sat, 23 Sep 2023 08:51:46 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
pseepsie.com/zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3=
139.45.197.250200 OK 664 B URL HTTP/2 pseepsie.com/zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (663)
Hash 924f83d583902548517c3327ff8e4493
7d5ea76f95d862b44558e6428f0a0d2bb20e2b0c
92e16e70459ff85e5803ded19d1f535cb6197a2b1eda7b254cb663b81908147c
GET /zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3= HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: fc4dc291cfa5349fc12d37d6be9773c9
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 296a132fcbec72230db535083564224d
1263092bb27da2c55bd056cfa1bfad50c1e23fcf
11559a005c262b46c93cf2b687c8d6e16e3b0ffbd6fcbd5d36e26e718a4f88eb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "11559A005C262B46C93CF2B687C8D6E16E3B0FFBD6FCBD5D36E26E718A4F88EB"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3084
Expires: Fri, 23 Sep 2022 09:43:10 GMT
Date: Fri, 23 Sep 2022 08:51:46 GMT
Connection: keep-alive
tovanillitechan.com/42/38?z=5307589
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/42/38?z=5307589
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /42/38?z=5307589 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=bf470b0fadc34e11a64e8234d7f041c7; oaidts=1663923106
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 11851f21452d5f9db6760f6f78d6ce4f
access-control-expose-headers: X-Sc
set-cookie: OAID=bf470b0fadc34e11a64e8234d7f041c7; expires=Sat, 23 Sep 2023 08:51:46 GMT; secure; SameSite=None
oaidts=1663923106; expires=Sat, 23 Sep 2023 08:51:46 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
tovanillitechan.com/27/b7bd02994a2771796f8a835cfb750d4b
139.45.197.239200 OK 131 kB URL HTTP/2 tovanillitechan.com/27/b7bd02994a2771796f8a835cfb750d4b
IP 139.45.197.239:0
File type ASCII text, with very long lines (65523)
Size 131 kB (131245 bytes)
Hash 369181a44ab40b3cc2510921246c5f4c
ffcd2eea059c0aaba575bf0b397f89c81f83e802
d064fbc3c4aa4abe30d92bbdf1ec17c20c900b730ddac549f35e762bec33717b
Analyzer Verdict Alert quad9 Sinkholed
GET /27/b7bd02994a2771796f8a835cfb750d4b HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=bf470b0fadc34e11a64e8234d7f041c7; oaidts=1663923106
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 22 Sep 2022 08:42:06 GMT
expires: Thu, 22 Oct 2082 08:42:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
bedrapiona.com/5/5307591/?oo=1&js_build=iclick-v1.429.0
139.45.197.234200 OK 7.4 kB URL HTTP/2 bedrapiona.com/5/5307591/?oo=1&js_build=iclick-v1.429.0
IP 139.45.197.234:0
File type JSON data\012- , ASCII text, with very long lines (17670), with no line terminators
Hash 6071766c1dc1119dbb7c64d687744c01
d462eecc13592467e040d55cd69251922783372a
f1859b1b73cd62fc2cb7e4f4a7a6be280226f702658604887dffc20823049ff2
GET /5/5307591/?oo=1&js_build=iclick-v1.429.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: application/json
x-trace-id: e76ff41c936b5c26d3adfd82cd4f7858
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=3ddc54fb266d446a9817b79b5e08bf6a; expires=Sat, 23 Sep 2023 08:51:46 GMT; path=/; secure; SameSite=None
oaidts=1663923106; expires=Sat, 23 Sep 2023 08:51:46 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
dozubatan.com/400/5307588
139.45.197.237200 OK 31 kB URL HTTP/2 dozubatan.com/400/5307588
IP 139.45.197.237:0
Hash bd9cf6f81c1fad10b0f3804a1fbcc15a
745faa8aa74e7b9377601efea42606810ce3da38
7c39ea5e131e07432ee1d2a51e52d6b8606a57b577828e0dab21cf1c81d4b84e
GET /400/5307588 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: application/javascript
x-trace-id: d8ffb174bafff503c4787dda808ad7d4
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=dfed65e61f884f60a358cd85538f51a4; expires=Sat, 23 Sep 2023 08:51:46 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 791
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 13e5b3be58e78e38c244b59bef5139fc
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
tovanillitechan.com/11?rnd=1425512728&z=5307589&b=14505328&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=7QnWsa0mHM9w1rjqxwYSnK92BAQjw2lxOAxllfDUvXvVxLMRinvW7RX2mH3YBmCKAy54g2CAdME8-5szBCrA5Ez7-F9IJcC10k9YxUDRdOJupA4Bp2Nzd-7V2BySB9pItCAQr9ljRHCObR2S2Ajy95xaZ9kBJljQaYBrzGylityxUM_vwan_MXoHin_85nlF84jG4Qhyq7QLRdeSmPKmufdUBPbe8PgFBWTHStHKmCvSA12SfxRBqnyzHggv1V6kR02E8Oetj_ppKJqu1lilGgVZ5-6owQP3Pv7yxV5PBCuejSh5OkA03n7Vhai6_KNTG6srkEkCl9Vf4ZsboiARZDgkCsEf82gc75z3H1TVmhp-l9lFY-a_Fssnj1EDhHSDWVP0zUFYDyMKgyFQtRgutm8K6Q9AqYfR_mavAtzVEHOho2EuyV-Zf1X-tN22HqviThCc796APf3eQnTLGOxr6D7TTdJlLSuG52pu7VmXXdWAu8u_L2MBnWcoa6Wm2kBycyF0VrzzH7Q9bqqMZUFJg3rHqP_nSOEOSL6rugR_BNsue5f9VhhwXOdlJnVExzh4-MD2MlmRrinaEAbeb6d_3Yq9PNLDHzFTaKGOT0nMKXBo5gzIq302fHUjnx6eM3Bxe9_yXXNNAVDVaSzf&ruid=d880ee8d-f954-4b7c-9b7a-3eac92d62dbe&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=90
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/11?rnd=1425512728&z=5307589&b=14505328&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=7QnWsa0mHM9w1rjqxwYSnK92BAQjw2lxOAxllfDUvXvVxLMRinvW7RX2mH3YBmCKAy54g2CAdME8-5szBCrA5Ez7-F9IJcC10k9YxUDRdOJupA4Bp2Nzd-7V2BySB9pItCAQr9ljRHCObR2S2Ajy95xaZ9kBJljQaYBrzGylityxUM_vwan_MXoHin_85nlF84jG4Qhyq7QLRdeSmPKmufdUBPbe8PgFBWTHStHKmCvSA12SfxRBqnyzHggv1V6kR02E8Oetj_ppKJqu1lilGgVZ5-6owQP3Pv7yxV5PBCuejSh5OkA03n7Vhai6_KNTG6srkEkCl9Vf4ZsboiARZDgkCsEf82gc75z3H1TVmhp-l9lFY-a_Fssnj1EDhHSDWVP0zUFYDyMKgyFQtRgutm8K6Q9AqYfR_mavAtzVEHOho2EuyV-Zf1X-tN22HqviThCc796APf3eQnTLGOxr6D7TTdJlLSuG52pu7VmXXdWAu8u_L2MBnWcoa6Wm2kBycyF0VrzzH7Q9bqqMZUFJg3rHqP_nSOEOSL6rugR_BNsue5f9VhhwXOdlJnVExzh4-MD2MlmRrinaEAbeb6d_3Yq9PNLDHzFTaKGOT0nMKXBo5gzIq302fHUjnx6eM3Bxe9_yXXNNAVDVaSzf&ruid=d880ee8d-f954-4b7c-9b7a-3eac92d62dbe&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=90
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=1425512728&z=5307589&b=14505328&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=7QnWsa0mHM9w1rjqxwYSnK92BAQjw2lxOAxllfDUvXvVxLMRinvW7RX2mH3YBmCKAy54g2CAdME8-5szBCrA5Ez7-F9IJcC10k9YxUDRdOJupA4Bp2Nzd-7V2BySB9pItCAQr9ljRHCObR2S2Ajy95xaZ9kBJljQaYBrzGylityxUM_vwan_MXoHin_85nlF84jG4Qhyq7QLRdeSmPKmufdUBPbe8PgFBWTHStHKmCvSA12SfxRBqnyzHggv1V6kR02E8Oetj_ppKJqu1lilGgVZ5-6owQP3Pv7yxV5PBCuejSh5OkA03n7Vhai6_KNTG6srkEkCl9Vf4ZsboiARZDgkCsEf82gc75z3H1TVmhp-l9lFY-a_Fssnj1EDhHSDWVP0zUFYDyMKgyFQtRgutm8K6Q9AqYfR_mavAtzVEHOho2EuyV-Zf1X-tN22HqviThCc796APf3eQnTLGOxr6D7TTdJlLSuG52pu7VmXXdWAu8u_L2MBnWcoa6Wm2kBycyF0VrzzH7Q9bqqMZUFJg3rHqP_nSOEOSL6rugR_BNsue5f9VhhwXOdlJnVExzh4-MD2MlmRrinaEAbeb6d_3Yq9PNLDHzFTaKGOT0nMKXBo5gzIq302fHUjnx6eM3Bxe9_yXXNNAVDVaSzf&ruid=d880ee8d-f954-4b7c-9b7a-3eac92d62dbe&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=90 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=3ddc54fb266d446a9817b79b5e08bf6a; oaidts=1663923106
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 7b0c93ff1ca2c18a860bef94f9a95177
access-control-expose-headers: X-Sc
set-cookie: OAID=3ddc54fb266d446a9817b79b5e08bf6a; expires=Sat, 23 Sep 2023 08:51:46 GMT; secure; SameSite=None
oaidts=1663923106; expires=Sat, 23 Sep 2023 08:51:46 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
dozubatan.com/500/5307588?excludes=&oaid=3ddc54fb266d446a9817b79b5e08bf6a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/5307588?excludes=&oaid=3ddc54fb266d446a9817b79b5e08bf6a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/5307588?excludes=&oaid=3ddc54fb266d446a9817b79b5e08bf6a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 49e5ce5b845b02f2812fd5e0e90657ab
b25b1883b0f0e02956c3eb5beb98552f814ee6ab
626d35b4cb1b83b59e4ee11e274ba2e82d81a7357d085012401623d088bc3985
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 08:51:46 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 22 Sep 2022 12:52:21 GMT
Expires: Thu, 29 Sep 2022 12:52:20 GMT
Etag: "b25b1883b0f0e02956c3eb5beb98552f814ee6ab"
Cache-Control: max-age=532233,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f20a5a5f75b4fd-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 27918a7a61d7c4d90d66e4c783ab1d79
06b3c212199defca730b6d8ba852ed8ff891d527
a51c385c0e195e72f489954cdae59b4cdd869a63f366088e50a4e7513838953a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A51C385C0E195E72F489954CDAE59B4CDD869A63F366088E50A4E7513838953A"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12911
Expires: Fri, 23 Sep 2022 12:26:58 GMT
Date: Fri, 23 Sep 2022 08:51:47 GMT
Connection: keep-alive
tovanillitechan.com/1?z=5307589
139.45.197.239200 OK 3.6 kB URL HTTP/2 tovanillitechan.com/1?z=5307589
IP 139.45.197.239:0
Hash 642fc1156626c77e4705452d7a834c75
f79c30a8299cf2888b2ed10a29898d9cd23d12a4
2ead4a0d73c4a174750814d90ff1afbbd10185428b5fdaaa184c874785334e3e
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5307589 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: bf9054442efffd43e6833aff74b4c6f5
access-control-expose-headers: X-Sc
x-sc: Ul_d3mMx3VovV3-v7JugBV6MQtF4eZcmGg0a--i7ri0WUVXWoRISrdMxuNjMExgtY_ilBKuqFZlKeB_JTHRzOlvemok=
set-cookie: scm=1; expires=Sat, 23 Sep 2023 08:51:46 GMT; secure; SameSite=None
OAID=bf470b0fadc34e11a64e8234d7f041c7; expires=Sat, 23 Sep 2023 08:51:46 GMT; secure; SameSite=None
oaidts=1663923106; expires=Sat, 23 Sep 2023 08:51:46 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/500/5307588?excludes=&oaid=3ddc54fb266d446a9817b79b5e08bf6a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 78 kB URL HTTP/2 dozubatan.com/500/5307588?excludes=&oaid=3ddc54fb266d446a9817b79b5e08bf6a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash 6ec0f5e2272c9d75392e6d7c99946793
5558e988fa62080f03fba00a62c99b0646cbebad
d001bee9daba84f7dc16467323343b8e6b3833dc23cae453f708ac50c79ad149
GET /500/5307588?excludes=&oaid=3ddc54fb266d446a9817b79b5e08bf6a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=dfed65e61f884f60a358cd85538f51a4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: application/javascript
x-trace-id: 45ccf2a7c57f5a001a4d4e227a6b21b0
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=3ddc54fb266d446a9817b79b5e08bf6a; expires=Sat, 23 Sep 2023 08:51:46 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/66/b3/32/cc869685d47aa5fc5aed0ee5d2/0225907308323.jpeg
139.45.197.152200 OK 25 kB URL HTTP/2 interstitial-07.com/contents/s/66/b3/32/cc869685d47aa5fc5aed0ee5d2/0225907308323.jpeg
IP 139.45.197.152:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Hash 66b332cc869685d47aa5fc5aed0ee5d2
cca872d3733ea7073a8628f6465e9c5e7bc04476
75b09353fa7d53dd635de034aa971aabf975297f334a335cb4cbb16a82ac4a31
GET /contents/s/66/b3/32/cc869685d47aa5fc5aed0ee5d2/0225907308323.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=CmsCpewTVJwbeFa&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D1948929060%26z%3D5307589%26b%3D14505328%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D7QnWsa0mHM9w1rjqxwYSnK92BAQjw2lxOAxllfDUvXvVxLMRinvW7RX2mH3YBmCKAy54g2CAdME8-5szBCrA5Ez7-F9IJcC10k9YxUDRdOJupA4Bp2Nzd-7V2BySB9pItCAQr9ljRHCObR2S2Ajy95xaZ9kBJljQaYBrzGylityxUM_vwan_MXoHin_85nlF84jG4Qhyq7QLRdeSmPKmufdUBPbe8PgFBWTHStHKmCvSA12SfxRBqnyzHggv1V6kR02E8Oetj_ppKJqu1lilGgVZ5-6owQP3Pv7yxV5PBCuejSh5OkA03n7Vhai6_KNTG6srkEkCl9Vf4ZsboiARZDgkCsEf82gc75z3H1TVmhp-l9lFY-a_Fssnj1EDhHSDWVP0zUFYDyMKgyFQtRgutm8K6Q9AqYfR_mavAtzVEHOho2EuyV-Zf1X-tN22HqviThCc796APf3eQnTLGOxr6D7TTdJlLSuG52pu7VmXXdWAu8u_L2MBnWcoa6Wm2kBycyF0VrzzH7Q9bqqMZUFJg3rHqP_nSOEOSL6rugR_BNsue5f9VhhwXOdlJnVExzh4-MD2MlmRrinaEAbeb6d_3Yq9PNLDHzFTaKGOT0nMKXBo5gzIq302fHUjnx6eM3Bxe9_yXXNNAVDVaSzf%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3Dd880ee8d-f954-4b7c-9b7a-3eac92d62dbe%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FeyXa%252Fimlikeaghostfr.pdf%253FPageSpeed%253Dnoscript%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:47 GMT
content-type: image/jpeg
content-length: 25403
last-modified: Wed, 13 Apr 2022 16:39:55 GMT
etag: "6256fcdb-633b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 19bd6556ae2f12130479854e25199b2f
29d9f6ccfcebb2f417a0d4117e4e8f19dcce79c6
e41ef9ea9f18a42bb7ce3e16b59e9934ef471dac566eadbc20d369535307a03f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E41EF9EA9F18A42BB7CE3E16B59E9934EF471DAC566EADBC20D369535307A03F"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2488
Expires: Fri, 23 Sep 2022 09:33:15 GMT
Date: Fri, 23 Sep 2022 08:51:47 GMT
Connection: keep-alive
interstitial-07.com/contents/s/a7/38/6f/7414b456c918d0db3f4a7f8adc/0404027195892.jpeg
139.45.197.152200 OK 62 kB URL HTTP/2 interstitial-07.com/contents/s/a7/38/6f/7414b456c918d0db3f4a7f8adc/0404027195892.jpeg
IP 139.45.197.152:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Hash a7386f7414b456c918d0db3f4a7f8adc
098cd5dc2a88b754e65a9069c7ab2346146a5cbb
ae5b9aa7bdca1f343d79693bebb66a90cd76c2b1d73762dcf86d012d4d48307d
GET /contents/s/a7/38/6f/7414b456c918d0db3f4a7f8adc/0404027195892.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=CmsCpewTVJwbeFa&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D1948929060%26z%3D5307589%26b%3D14505328%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D7QnWsa0mHM9w1rjqxwYSnK92BAQjw2lxOAxllfDUvXvVxLMRinvW7RX2mH3YBmCKAy54g2CAdME8-5szBCrA5Ez7-F9IJcC10k9YxUDRdOJupA4Bp2Nzd-7V2BySB9pItCAQr9ljRHCObR2S2Ajy95xaZ9kBJljQaYBrzGylityxUM_vwan_MXoHin_85nlF84jG4Qhyq7QLRdeSmPKmufdUBPbe8PgFBWTHStHKmCvSA12SfxRBqnyzHggv1V6kR02E8Oetj_ppKJqu1lilGgVZ5-6owQP3Pv7yxV5PBCuejSh5OkA03n7Vhai6_KNTG6srkEkCl9Vf4ZsboiARZDgkCsEf82gc75z3H1TVmhp-l9lFY-a_Fssnj1EDhHSDWVP0zUFYDyMKgyFQtRgutm8K6Q9AqYfR_mavAtzVEHOho2EuyV-Zf1X-tN22HqviThCc796APf3eQnTLGOxr6D7TTdJlLSuG52pu7VmXXdWAu8u_L2MBnWcoa6Wm2kBycyF0VrzzH7Q9bqqMZUFJg3rHqP_nSOEOSL6rugR_BNsue5f9VhhwXOdlJnVExzh4-MD2MlmRrinaEAbeb6d_3Yq9PNLDHzFTaKGOT0nMKXBo5gzIq302fHUjnx6eM3Bxe9_yXXNNAVDVaSzf%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3Dd880ee8d-f954-4b7c-9b7a-3eac92d62dbe%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FeyXa%252Fimlikeaghostfr.pdf%253FPageSpeed%253Dnoscript%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:47 GMT
content-type: image/jpeg
content-length: 61558
last-modified: Wed, 13 Apr 2022 16:39:54 GMT
etag: "6256fcda-f076"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
unphionetor.com/fv.js?t=72747&cb=2106930519
139.45.197.236200 OK 2.2 kB URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=2106930519
IP 139.45.197.236:0
File type ASCII text, with very long lines (5213), with no line terminators
Hash 0254fb1dad74628b7ad0f97d304fac92
35f7af13a08eb87023ec7df4d3c35c21b2cde79d
47fb6ce428ca80ea69b772e4f66e4e5c622a4005db601746033d04511bd27536
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=72747&cb=2106930519 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:47 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: da8a46e2bfcfe30a2f3bfd718ab5c499
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 23 Sep 2022 08:51:47 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 1d355c73bda57a9044743175b781ca1c
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4106
Expires: Fri, 23 Sep 2022 10:00:13 GMT
Date: Fri, 23 Sep 2022 08:51:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4106
Expires: Fri, 23 Sep 2022 10:00:13 GMT
Date: Fri, 23 Sep 2022 08:51:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4106
Expires: Fri, 23 Sep 2022 10:00:13 GMT
Date: Fri, 23 Sep 2022 08:51:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b318ea5c36d2b22b925f7dfe382df5f
0264e73c4cfff0bb255757c7e1c760a5ad3ece80
0c2f58ea4f5f32bb327f292e1b8fb5a4a60230bffc3abc440a624df27ec0d6bc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5340
x-amzn-requestid: b13bc974-e15d-43a4-a918-fbc35b09a36f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y19HljIAMFY8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4f2-2cb226ba4bd7c7e74d9ab2db;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8DCVWC4Ihr4R21i3ySyiWdUK0aGymTE22B842ZKolG-ZThiKSMX-uQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:26 GMT
age: 38421
etag: "0264e73c4cfff0bb255757c7e1c760a5ad3ece80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js
104.16.122.175302 Found 13 kB URL HTTP/2 unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js
IP 104.16.122.175:0
Hash fa2793a5e9be2fe1b75511153ec8d00c
5b6ab8f23e1fc30df0ac902aa04ec3a103206311
4b20c7c9e51fe63045562c59f57c37bfda99ee14f350093b285bd002d79603b5
GET /filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 23 Sep 2022 08:51:45 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GDMRBH721X94BQR8H0HC8YE6-fra
cf-cache-status: HIT
age: 387
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74f20a532fbbb50f-OSL
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9bb1df1b-7300-4e0d-ad7a-6e90b6c03299.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9bb1df1b-7300-4e0d-ad7a-6e90b6c03299.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e2bbb3856eeac20d0ee556c96144bf6c
76ac1f33cd006227162e12e7142e754562bec0c0
1e3f6551d401346b6d809d8feb9b36a9e0006f99f518d1130aa9bd630bfb6801
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9bb1df1b-7300-4e0d-ad7a-6e90b6c03299.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12538
x-amzn-requestid: 2ae96766-6999-44ec-8084-a19d26b3e118
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YpOJOHYFIAMFXYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6326c3d4-060b96fa5fc99e79711bde3f;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 07:08:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: f2gWVJG2DTnIblkJjx4bkFIeg8GauM9TnrThPQPZTkAuL7D7AyG2TQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 17:48:34 GMT
age: 54193
etag: "76ac1f33cd006227162e12e7142e754562bec0c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 2ff2c324-51c5-484d-b049-3eacbdc1024a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yyj8THHdoAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a804e-0f4da4ba2a84679b3fd297fc;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 03:09:02 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: z0uCxl-5L4gijwJsCjssxmgnJr4yhzvtiZdcX4wOXzgiuh8-Yj92vg==
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 04:32:56 GMT
age: 15531
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac33f06-9198-44a5-b43b-9cbcc092cf52.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac33f06-9198-44a5-b43b-9cbcc092cf52.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1eab8da8cc1495a0221efadddd1a0bcc
4156c37b612d5fb99c6b061187a3cb0b314ae4a8
2fc5dbd9216f775cd305de80d17db2e6c74abcb1e30bfa7065c4d763a7345026
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac33f06-9198-44a5-b43b-9cbcc092cf52.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9481
x-amzn-requestid: d527d22a-6822-4b90-b9cb-034f58f73c24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0IGl7oAMFSKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4e7-13a676d9596cbd20663d2d8f;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: V8vtLV7n0bPpR5xQtqcH6WK7uBV4ObaMdy_9qN_TtISqAozEwPe0hA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:15 GMT
age: 38432
etag: "4156c37b612d5fb99c6b061187a3cb0b314ae4a8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7DX67a-HmEh76IorINvRU61AKtSiimdPnHFnYeR2OJezZJ1_mJq0MA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:48:22 GMT
age: 39805
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dozubatan.com/impression/79nQE5qR_kxCbVlc-amxYqqkFEFBzlyALAOoVYUw-qhle7mVCrs7seMQu1YvV-LaS5uoXHqzZKL87iHWQwtvMeub5qKas99nDfwuZ_1a9bspK6F_PsOYXCEyY5G5Ucy_14WWRok7iFlgnVJxgX7QoJqVZicIrNCsU4yF8nSsWEVkh1aQBVGEFfL37-v1ZamN5OEW0bV-sbj2-6yAmI8ExYpUhlhFMFQZeJRRb3vc2w7pf8bCx4ct8zP2md2fYllo_lcCgyYqjuGC6xXTocUCuB6uC2oJFnEZpLrQX19Ey7Pfrwgs9aiCyLcmq6Lrhs_qffiIpghX86au0OtNgytyx_tW2WBw1iETj6TC7HCwS6cirPz9GKOD2xMkfYuas_0pmfkNK3enKiM1j1lz3w2_K8yLlRhuWJ-DRD5xj4jOVaCY04XCKa_m4MMb7Sh3xwJDR3ac9L8u0aBKnxNvjnlpIwxysdNpV2q1vhUniHmCCRThL7RAH47527TY646EtS9iY_2BQ-0C0tL6nuMeHHn3rJBOH8W3vMJaBtB_iXvfppn8EW3YpqeBJtsoGnhipFGkkS2ucpnC-_5hM6aJDHwvx8Q7i9UHoSkAmbKHLPl5dfwYOqdUqTHB0U6w68uG1MH1ssi5EzSXQCDtGNz4J5vidJS5HGsJZmMaztt2oHeoxcXt9l87hUzWDA1x2Hklnov2kE7AvoGm0fA=?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 dozubatan.com/impression/79nQE5qR_kxCbVlc-amxYqqkFEFBzlyALAOoVYUw-qhle7mVCrs7seMQu1YvV-LaS5uoXHqzZKL87iHWQwtvMeub5qKas99nDfwuZ_1a9bspK6F_PsOYXCEyY5G5Ucy_14WWRok7iFlgnVJxgX7QoJqVZicIrNCsU4yF8nSsWEVkh1aQBVGEFfL37-v1ZamN5OEW0bV-sbj2-6yAmI8ExYpUhlhFMFQZeJRRb3vc2w7pf8bCx4ct8zP2md2fYllo_lcCgyYqjuGC6xXTocUCuB6uC2oJFnEZpLrQX19Ey7Pfrwgs9aiCyLcmq6Lrhs_qffiIpghX86au0OtNgytyx_tW2WBw1iETj6TC7HCwS6cirPz9GKOD2xMkfYuas_0pmfkNK3enKiM1j1lz3w2_K8yLlRhuWJ-DRD5xj4jOVaCY04XCKa_m4MMb7Sh3xwJDR3ac9L8u0aBKnxNvjnlpIwxysdNpV2q1vhUniHmCCRThL7RAH47527TY646EtS9iY_2BQ-0C0tL6nuMeHHn3rJBOH8W3vMJaBtB_iXvfppn8EW3YpqeBJtsoGnhipFGkkS2ucpnC-_5hM6aJDHwvx8Q7i9UHoSkAmbKHLPl5dfwYOqdUqTHB0U6w68uG1MH1ssi5EzSXQCDtGNz4J5vidJS5HGsJZmMaztt2oHeoxcXt9l87hUzWDA1x2Hklnov2kE7AvoGm0fA=?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/79nQE5qR_kxCbVlc-amxYqqkFEFBzlyALAOoVYUw-qhle7mVCrs7seMQu1YvV-LaS5uoXHqzZKL87iHWQwtvMeub5qKas99nDfwuZ_1a9bspK6F_PsOYXCEyY5G5Ucy_14WWRok7iFlgnVJxgX7QoJqVZicIrNCsU4yF8nSsWEVkh1aQBVGEFfL37-v1ZamN5OEW0bV-sbj2-6yAmI8ExYpUhlhFMFQZeJRRb3vc2w7pf8bCx4ct8zP2md2fYllo_lcCgyYqjuGC6xXTocUCuB6uC2oJFnEZpLrQX19Ey7Pfrwgs9aiCyLcmq6Lrhs_qffiIpghX86au0OtNgytyx_tW2WBw1iETj6TC7HCwS6cirPz9GKOD2xMkfYuas_0pmfkNK3enKiM1j1lz3w2_K8yLlRhuWJ-DRD5xj4jOVaCY04XCKa_m4MMb7Sh3xwJDR3ac9L8u0aBKnxNvjnlpIwxysdNpV2q1vhUniHmCCRThL7RAH47527TY646EtS9iY_2BQ-0C0tL6nuMeHHn3rJBOH8W3vMJaBtB_iXvfppn8EW3YpqeBJtsoGnhipFGkkS2ucpnC-_5hM6aJDHwvx8Q7i9UHoSkAmbKHLPl5dfwYOqdUqTHB0U6w68uG1MH1ssi5EzSXQCDtGNz4J5vidJS5HGsJZmMaztt2oHeoxcXt9l87hUzWDA1x2Hklnov2kE7AvoGm0fA=?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=3ddc54fb266d446a9817b79b5e08bf6a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:51 GMT
content-type: image/gif
content-length: 43
x-trace-id: c9ed931ef03fb951051208eab807afbc
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
dozubatan.com/500/5307588?excludes=14745758&oaid=3ddc54fb266d446a9817b79b5e08bf6a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/5307588?excludes=14745758&oaid=3ddc54fb266d446a9817b79b5e08bf6a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/5307588?excludes=14745758&oaid=3ddc54fb266d446a9817b79b5e08bf6a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:51 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 415
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:54 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: f04cb881430e64f32116a2208fffa721
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=0dea868a8d324f8d8bedd16641b81c74&zoneId=5307590&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=0dea868a8d324f8d8bedd16641b81c74&zoneId=5307590&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash a6cb42e668ebbbb864c9344c33f30d23
cfbc3bcf3e64224b65726443d7ea3ac00d607904
8077ff6190b105634c052b13813bf148271c834f81f9f2d065771b5afc3bffea
GET /gid.js?pub=0&userId=0dea868a8d324f8d8bedd16641b81c74&zoneId=5307590&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Cookie: ID=3ddc54fb266d446a9817b79b5e08bf6a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:54 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=3ddc54fb266d446a9817b79b5e08bf6a; expires=Sat, 23 Sep 2023 08:51:54 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
inklinkor.com/tag.min.js
172.67.211.29200 OK 0 B IP 172.67.211.29:0
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 23edf38e61eaf84f4bffff0ada1af35d
cache-control: max-age=86400
last-modified: Tue, 20 Sep 2022 08:55:35 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Sat, 24 Sep 2022 07:44:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 4046
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jCw5DXLAanF%2FrT9aOIcyl7gkogyciPlk040dTtRnhVKPe2Yhd7eLaSHOGMW1fpnUGkCHJysvqoj%2FjuuYZf2PlZ%2F%2BYoWONwLRouZ%2F3uSp8h%2BKxR8k3NZQnjZc1ih6Zy1k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f20a55a839b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
anonymfile.com/sw.js
138.201.48.112404 Not Found 0 B IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/eyXa/imlikeaghostfr.pdf?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6IllsaGFXVlJRWkpmZHRRRHdoSFFEWFE9PSIsInZhbHVlIjoiZEplSWhuaFZEN20zRmw3Y1RjOFFXMmZ4WWZHWlFjTzBMN05ZdTRiRk1lMnljRFgxQWx3aTJSejExY0lPK3ZKdkZXTjlaS2srOWpvcVFvSHY2QXQ2R1NZYURwdmJRK1VBMXFLdDlnZ2h1ZmNxSFQ1ZFBGU1hac0FQcjJUaC9nWkwiLCJtYWMiOiJhODNiMzY3NDZlZDBlYmQxZTkxZjQwYWY5MTY0YWFiZTFiNzY0YTdlZTAxMjY5YmVjNmZhNDc2NTI1OWRmMGY3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6IlIyOXQxQStzdmFHdElTbkxXb2Z4MWc9PSIsInZhbHVlIjoiUFFQWlF4THNKMzFTY01sakhSN2FtSjJ4Rjg3YzVyN1pnd3B6VW9NcDBJVWZBY3JPcUFuSnRiUmFsNGl0Qm1DVm1FV3loKy9KMVgzNUdRN045SUM1NVp5YWVHSE5uYjQxRFovVFJMUGR1WUVTell1SU1BSzFLT1hncSsvcDZpUGIiLCJtYWMiOiIxZGM3MDU4ZTQ1ZWE1M2E3ZjAzMzY2MTk2YWI1MTVhYzFlNDI5YmQ3NzZhMTBmZjMxNjQ3YzA0ZTJkYzc0MTQ1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Fri, 23 Sep 2022 08:51:45 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2
pseepsie.com/pfe/current/universal.min.js?v=3.1.395
139.45.197.250200 OK 0 B URL HTTP/2 pseepsie.com/pfe/current/universal.min.js?v=3.1.395
IP 139.45.197.250:0
GET /pfe/current/universal.min.js?v=3.1.395 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 07:25:49 GMT
etag: W/"63296afd-1fafa"
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=3ddc54fb266d446a9817b79b5e08bf6a
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=3ddc54fb266d446a9817b79b5e08bf6a
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=3ddc54fb266d446a9817b79b5e08bf6a HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 119
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=bf470b0fadc34e11a64e8234d7f041c7; oaidts=1663923106
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: df0eda45add7dd45b25ca0faf0abf0e0
access-control-expose-headers: X-Sc
set-cookie: OAID=3ddc54fb266d446a9817b79b5e08bf6a; expires=Sat, 23 Sep 2023 08:51:46 GMT; secure; SameSite=None
oaidts=1663923106; expires=Sat, 23 Sep 2023 08:51:46 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
anonymfile.com/eyXa/imlikeaghostfr.pdf?PageSpeed=noscript
138.201.48.112200 OK 0 B URL HTTP/2 anonymfile.com/eyXa/imlikeaghostfr.pdf?PageSpeed=noscript
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
GET /eyXa/imlikeaghostfr.pdf?PageSpeed=noscript HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: XSRF-TOKEN=eyJpdiI6IllsaGFXVlJRWkpmZHRRRHdoSFFEWFE9PSIsInZhbHVlIjoiZEplSWhuaFZEN20zRmw3Y1RjOFFXMmZ4WWZHWlFjTzBMN05ZdTRiRk1lMnljRFgxQWx3aTJSejExY0lPK3ZKdkZXTjlaS2srOWpvcVFvSHY2QXQ2R1NZYURwdmJRK1VBMXFLdDlnZ2h1ZmNxSFQ1ZFBGU1hac0FQcjJUaC9nWkwiLCJtYWMiOiJhODNiMzY3NDZlZDBlYmQxZTkxZjQwYWY5MTY0YWFiZTFiNzY0YTdlZTAxMjY5YmVjNmZhNDc2NTI1OWRmMGY3IiwidGFnIjoiIn0%3D; expires=Fri, 23-Sep-2022 10:51:45 GMT; Max-Age=7200; path=/; samesite=lax
anonymfile_session=eyJpdiI6IlIyOXQxQStzdmFHdElTbkxXb2Z4MWc9PSIsInZhbHVlIjoiUFFQWlF4THNKMzFTY01sakhSN2FtSjJ4Rjg3YzVyN1pnd3B6VW9NcDBJVWZBY3JPcUFuSnRiUmFsNGl0Qm1DVm1FV3loKy9KMVgzNUdRN045SUM1NVp5YWVHSE5uYjQxRFovVFJMUGR1WUVTell1SU1BSzFLT1hncSsvcDZpUGIiLCJtYWMiOiIxZGM3MDU4ZTQ1ZWE1M2E3ZjAzMzY2MTk2YWI1MTVhYzFlNDI5YmQ3NzZhMTBmZjMxNjQ3YzA0ZTJkYzc0MTQ1IiwidGFnIjoiIn0%3D; expires=Fri, 23-Sep-2022 10:51:45 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
date: Fri, 23 Sep 2022 08:51:45 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2
dozubatan.com/500/5307588?excludes=14745758&oaid=3ddc54fb266d446a9817b79b5e08bf6a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/5307588?excludes=14745758&oaid=3ddc54fb266d446a9817b79b5e08bf6a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
GET /500/5307588?excludes=14745758&oaid=3ddc54fb266d446a9817b79b5e08bf6a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=3ddc54fb266d446a9817b79b5e08bf6a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:51 GMT
content-type: application/javascript
x-trace-id: a5117041b5dbd434666cfe8d7470ccb9
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=3ddc54fb266d446a9817b79b5e08bf6a; expires=Sat, 23 Sep 2023 08:51:51 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.67.194.45200 OK 0 B IP 172.67.194.45:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 3838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lcZw5Rp3Uxt3N%2B3gwTI%2F46bnR3sJBIlwpVWRTDIzCLjSg98nWuQ3sLE7jQwx7XHdBz4zzBFFTQoA6%2BKrWWQYiAEAeDlwdDZxc%2FDTxk8J16aE2BFJKEiwqhfrc6Untw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f20a589abefab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
anonymfile.com/js/site.js
138.201.48.112200 OK 0 B URL HTTP/2 anonymfile.com/js/site.js
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
GET /js/site.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/eyXa/imlikeaghostfr.pdf?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6IllsaGFXVlJRWkpmZHRRRHdoSFFEWFE9PSIsInZhbHVlIjoiZEplSWhuaFZEN20zRmw3Y1RjOFFXMmZ4WWZHWlFjTzBMN05ZdTRiRk1lMnljRFgxQWx3aTJSejExY0lPK3ZKdkZXTjlaS2srOWpvcVFvSHY2QXQ2R1NZYURwdmJRK1VBMXFLdDlnZ2h1ZmNxSFQ1ZFBGU1hac0FQcjJUaC9nWkwiLCJtYWMiOiJhODNiMzY3NDZlZDBlYmQxZTkxZjQwYWY5MTY0YWFiZTFiNzY0YTdlZTAxMjY5YmVjNmZhNDc2NTI1OWRmMGY3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6IlIyOXQxQStzdmFHdElTbkxXb2Z4MWc9PSIsInZhbHVlIjoiUFFQWlF4THNKMzFTY01sakhSN2FtSjJ4Rjg3YzVyN1pnd3B6VW9NcDBJVWZBY3JPcUFuSnRiUmFsNGl0Qm1DVm1FV3loKy9KMVgzNUdRN045SUM1NVp5YWVHSE5uYjQxRFovVFJMUGR1WUVTell1SU1BSzFLT1hncSsvcDZpUGIiLCJtYWMiOiIxZGM3MDU4ZTQ1ZWE1M2E3ZjAzMzY2MTk2YWI1MTVhYzFlNDI5YmQ3NzZhMTBmZjMxNjQ3YzA0ZTJkYzc0MTQ1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:45 GMT
content-type: application/javascript
last-modified: Wed, 20 Oct 2021 12:30:18 GMT
vary: Accept-Encoding
etag: W/"61700bda-2487"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
content-encoding: br
X-Firefox-Spdy: h2
onmarshtompor.com/?rb=m3ZR6T2HPiTO0erA4Uv6nfK6KEk0gGOJtjft6S6Cjj00tSznRklRv6cF8agCzdR4pwA9Nevos6H1Iks3jLU4GUWHGIdhL3_u3ITKDeVzzSg4Rm0AJTLj1us1DOgJaoJoDS_X2Ibi63CXpN6GHPptxe25gDSCWcslNGILi8LWVwLMoTPLN0bEHJQ2q4NIpcJ8EsMKixqYQkEH188S31UO13wPQwI%3D&request_ab2=0&zoneid=5307591&js_build=iclick-v1.429.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.429.0&bs=a84d2f3f-30e5-46dc-b130-e6e5c7622b17&userId=3ddc54fb266d446a9817b79b5e08bf6a&m=link
139.45.197.243200 OK 0 B URL HTTP/2 onmarshtompor.com/?rb=m3ZR6T2HPiTO0erA4Uv6nfK6KEk0gGOJtjft6S6Cjj00tSznRklRv6cF8agCzdR4pwA9Nevos6H1Iks3jLU4GUWHGIdhL3_u3ITKDeVzzSg4Rm0AJTLj1us1DOgJaoJoDS_X2Ibi63CXpN6GHPptxe25gDSCWcslNGILi8LWVwLMoTPLN0bEHJQ2q4NIpcJ8EsMKixqYQkEH188S31UO13wPQwI%3D&request_ab2=0&zoneid=5307591&js_build=iclick-v1.429.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.429.0&bs=a84d2f3f-30e5-46dc-b130-e6e5c7622b17&userId=3ddc54fb266d446a9817b79b5e08bf6a&m=link
IP 139.45.197.243:0
GET /?rb=m3ZR6T2HPiTO0erA4Uv6nfK6KEk0gGOJtjft6S6Cjj00tSznRklRv6cF8agCzdR4pwA9Nevos6H1Iks3jLU4GUWHGIdhL3_u3ITKDeVzzSg4Rm0AJTLj1us1DOgJaoJoDS_X2Ibi63CXpN6GHPptxe25gDSCWcslNGILi8LWVwLMoTPLN0bEHJQ2q4NIpcJ8EsMKixqYQkEH188S31UO13wPQwI%3D&request_ab2=0&zoneid=5307591&js_build=iclick-v1.429.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FeyXa%2Fimlikeaghostfr.pdf%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.429.0&bs=a84d2f3f-30e5-46dc-b130-e6e5c7622b17&userId=3ddc54fb266d446a9817b79b5e08bf6a&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 08:51:46 GMT
content-type: application/json
x-trace-id: 8313962b61bf049249fb148ebb16b2da
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=3ddc54fb266d446a9817b79b5e08bf6a; expires=Sat, 23 Sep 2023 08:51:46 GMT; path=/; secure; SameSite=None
oaidts=1663923106; expires=Sat, 23 Sep 2023 08:51:46 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 30 Sep 2022 08:51:46 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js
104.16.122.175302 Found 0 B URL HTTP/2 unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js
IP 104.16.122.175:0
GET /filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 23 Sep 2022 08:51:45 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GDMRG8CF3MAAQX3P3EZX7BRZ-fra
cf-cache-status: HIT
age: 233
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74f20a532fbcb50f-OSL
X-Firefox-Spdy: h2