Report - anontransfer.com/download/JLTtNXU3eW/Codium.exe

Report Overview

Submitted URL
anontransfer.com/download/JLTtNXU3eW/Codium.exe
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-07 12:45:33
Access
public
Website Title
Codium.exe - AnonTransfer
Final URL
anontransfer.com/download/JLTtNXU3eW/Codium.exe
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
zovidree.com	unknown	2024-02-23	2024-02-24	2024-04-22	398 B	78 kB	104.21.16.31
acscdn.com	93608	2020-05-05	2020-05-06	2024-05-06	1.2 kB	255 kB	104.21.11.26
anontransfer.com	unknown	2023-05-23	2023-05-24	2024-03-26	5.4 kB	492 kB	188.114.97.1
wigrooglie.net	unknown	unknown	No data	No data	1.1 kB	6.7 kB	139.45.197.242
lh3.googleusercontent.com	66	2008-11-17	2012-05-22	2024-05-05	544 B	16 kB	142.250.74.97
newassets.hcaptcha.com	11055	2018-01-12	2021-03-22	2024-05-07	2.5 kB	1.2 MB	104.18.125.91
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-05-06	1.1 kB	7.3 kB	142.250.74.35
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	1.4 kB	118 kB	142.250.74.170
youradexchange.com	273384	2012-11-09	2013-02-04	2024-05-06	1.9 kB	123 kB	172.67.177.214
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-06	1.6 kB	197 kB	104.17.25.14
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-06	338 B	942 B	143.204.53.97
zokaukree.net	unknown	unknown	No data	No data	464 B	132 kB	139.45.197.245
translate-pa.googleapis.com	1620	2005-01-25	2021-11-04	2024-05-06	530 B	2.2 kB	142.250.74.170
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-06	433 B	423 B	52.29.105.35
crrepo.com	82002	2017-11-10	2017-11-14	2024-04-25	486 B	122 kB	104.21.233.199
barelydonkeysteed.com	unknown	2023-11-07	2023-11-07	2024-02-23	439 B	13 kB	192.243.59.13
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-05	465 B	745 B	139.45.195.8
pubtrky.com	unknown	2023-11-21	2023-11-21	2024-05-06	476 B	558 B	172.67.188.110
translate.googleapis.com	1005	2005-01-25	2012-05-31	2024-05-06	1.7 kB	75 kB	142.250.74.42
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-06	441 B	26 kB	45.133.44.10
api.hcaptcha.com	63834	2018-01-12	2021-07-31	2024-05-06	616 B	13 kB	104.18.125.91
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-07	3.2 kB	329 kB	142.250.74.67
hcaptcha.com	5458	2018-01-12	2018-04-03	2024-05-06	396 B	110 kB	104.18.125.91
fundingchoicesmessages.google.com	2397	1997-09-15	2019-01-16	2024-05-06	3.5 kB	584 kB	216.58.211.14
exasperationincorporate.com	unknown	unknown	No data	No data	2.5 kB	5.6 kB	192.243.59.20
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	430 B	737 B	216.58.211.4
translate.google.com	1156	1997-09-15	2012-05-30	2024-05-06	932 B	92 kB	216.58.211.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	anontransfer.com	Sinkholed
2024-05-07	medium	anontransfer.com	Sinkholed
2024-05-07	medium	anontransfer.com	Sinkholed
2024-05-07	medium	zokaukree.net	Sinkholed
2024-05-07	medium	anontransfer.com	Sinkholed
2024-05-07	medium	anontransfer.com	Sinkholed
2024-05-07	medium	anontransfer.com	Sinkholed
2024-05-07	medium	anontransfer.com	Sinkholed
2024-05-07	medium	anontransfer.com	Sinkholed
2024-05-07	medium	anontransfer.com	Sinkholed
2024-05-07	medium	anontransfer.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (30)

	URL	Size	First Seen	Last Seen
	translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.tlVaMKdtlm8.O/am=ABA/d=1/exm=el_conf/ed=1/rs=AN8SPfodhSEIn_SeJc-BRVOcbmQF4EFWgg/m=el_main	210 kB	2024-05-06	2024-05-08
Pretty URL translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.tlVaMKdtlm8.O/am=ABA/d=1/exm=el_conf/ed=1/rs=AN8SPfodhSEIn_SeJc-BRVOcbmQF4EFWgg/m=el_main IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-06 22:25:01 Last Seen2024-05-08 21:06:36 Times Seen71 Hash 9b289af026f3e548d1d06033fa868b46 7916969abb1e3aa9e953f4d7e7cb8ca1380f98f7 dc5d2a255869ad274247f1bb8c353794f470a1fca09d9f8c98968178c5b8a717 Loading...

	anontransfer.com/download/JLTtNXU3eW/Codium.exe	197 B	2023-03-07	2024-05-18
Pretty URL anontransfer.com/download/JLTtNXU3eW/Codium.exe IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:41:05 Last Seen2024-05-18 23:18:25 Times Seen164 Hash 79d326aeaa6e19d724e6ea8be36c9b41 56b0adbce5f2cbe9ea20c6291fcf57ce9ffb2c35 60477c993d0d8fd8615f7c81f33b9a4359e34b180161f856640cab5d79866126 Loading...

	anontransfer.com/download/JLTtNXU3eW/Codium.exe	640 B	2024-05-07	2024-05-07
Pretty URL anontransfer.com/download/JLTtNXU3eW/Codium.exe IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 14:45:40 Last Seen2024-05-07 14:45:40 Times Seen1 Hash 8a1bc2ab03223ad10005f9fd4570ce7b 8d58f2797ba6c42b8f3f151923f02971c09e14cf 972941620de9113e8ebde738fb9e5cd1a28205fa606b16416b85f79c15a62c3a Loading...

	acscdn.com/script/ut.js?cb=1715085905768	63 kB	2024-04-25	2024-05-19
Pretty URL acscdn.com/script/ut.js?cb=1715085905768 IP 104.21.11.26 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 17:58:25 Last Seen2024-05-19 16:35:52 Times Seen358 Hash bc481e345c04b4534e0a4e54a0f2c1c6 2be428035dd37b2722891c200f35449c5893df33 04d8cc0aacc3f172f638e608d3f08e8457d849290ae553090cb951d4b3f1b97b Loading...

	anontransfer.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.3UcZcEtEPkI.es5.O/am=BgM/d=1/rs=AJlcJMxZoAqxd-JoOrcTLDQRJ8ck6cnwgw/m=kernel_loader,loader_js_executable	186 kB	2024-05-07	2024-05-07
Pretty URL anontransfer.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.3UcZcEtEPkI.es5.O/am=BgM/d=1/rs=AJlcJMxZoAqxd-JoOrcTLDQRJ8ck6cnwgw/m=kernel_loader,loader_js_executable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 14:45:40 Last Seen2024-05-07 14:45:41 Times Seen2 Hash 423af97189461d4e15b4ceddaba7f231 ff1af6b0a3ed45c91c025a18e40953d6341745c7 5812fd1c1a8050c74353d6ac249e8d37202ee99e666d6cfd65abdfd9adbaf7c2 Loading...

	anontransfer.com/download/JLTtNXU3eW/Codium.exe	429 B	2023-03-07	2024-05-19
Pretty URL anontransfer.com/download/JLTtNXU3eW/Codium.exe IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:02:48 Last Seen2024-05-19 15:34:47 Times Seen1518 Hash eafaa0be830db11da3770638100b686f db325dc427493ed0c2988ef229573b7093425466 96adbda6f380d09bfd780e4143e165a48037b43421d3964980a4343aedc644ab Loading...

	anontransfer.com/public/main.js	3.2 kB	2023-10-03	2024-05-12
Pretty URL anontransfer.com/public/main.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-03 23:46:10 Last Seen2024-05-12 01:58:06 Times Seen15 Hash 2f913676be4281619bb857d9455330ed 486b39d12e0ce4c5206cd84b3e0b72572fa57569 e52e70c5fce3bd7046418adc22baa60f61a3fb4d1fcd136b7397c4f66b47bfb5 Loading...

	anontransfer.com/download/JLTtNXU3eW/Codium.exe	16 kB	2024-03-13	2024-05-12
Pretty URL anontransfer.com/download/JLTtNXU3eW/Codium.exe IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-13 19:42:29 Last Seen2024-05-12 01:58:06 Times Seen11 Hash c7173ab337f9d060a21a80e1e8c8b9c7 a853128694b1d2666cb7856d060c193539096d75 92775d02f3a5283a7f49a31ae40449cf7cd5c739995c0dd0803682fab27bede6 Loading...

	zovidree.com/tag.min.js	90 kB	2024-05-05	2024-05-08
Pretty URL zovidree.com/tag.min.js IP 104.21.16.31 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 20:08:02 Last Seen2024-05-08 04:20:45 Times Seen75 Hash 7573260aff69fe8406b0115ab4bcefaa f7f5c31f2481bd176a9b79deff1b7c0d4878f87c 280186476a1f8103793e2139d4654b16f61a2a1d393966388f55b8ed795ebba3 Loading...

	newassets.hcaptcha.com/c/f922a41/hsw.js	470 kB	2024-05-03	2024-05-14
Pretty URL newassets.hcaptcha.com/c/f922a41/hsw.js IP 104.18.125.91 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 01:29:42 Last Seen2024-05-14 03:33:19 Times Seen288 Hash a015c3f04def6c02f6d3a815ff97f100 2322366db22def41a31f2dae0a2133ad75e6d1ac 42d9a4011ac36ae483e8e3cb4bb2b3829b96bf366bbc1c0e2ab40d4d7deb9240 Loading...

	anontransfer.com/_/translate_http/_/js/k=translate_http.tr.no.tlVaMKdtlm8.O/am=BgM/d=1/rs=AN8SPfq2MBDiRXuz8tld5nyNDZURqMvV2w/m=el_conf	89 kB	2024-05-07	2024-05-07
Pretty URL anontransfer.com/_/translate_http/_/js/k=translate_http.tr.no.tlVaMKdtlm8.O/am=BgM/d=1/rs=AN8SPfq2MBDiRXuz8tld5nyNDZURqMvV2w/m=el_conf IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 14:20:51 Last Seen2024-05-07 14:45:41 Times Seen3 Hash ed382eb133d005b89e06bc0c96b4426b a7f01b3904e960bd94423b8f427ec40fee546216 3c497eb6a306e96daf50eef0ea2e4c56dc5e3f65cd0a0dabca935288a75c14d3 Loading...

	anontransfer.com/download/JLTtNXU3eW/Codium.exe	192 B	2024-05-03	2024-05-12
Pretty URL anontransfer.com/download/JLTtNXU3eW/Codium.exe IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-03 19:15:46 Last Seen2024-05-12 01:58:06 Times Seen3 Hash 2edc806293124ab31d1c4ba622e77cf1 1e1ef2c96ab1db7c5735f9b7c3460bd0da3a1a57 91af79cb069a8621a467b2533dbe96e7b13ce27446cf254f4af93e7a35ea917f Loading...

	anontransfer.com/download/JLTtNXU3eW/Codium.exe	57 B	2023-03-07	2024-05-19
Pretty URL anontransfer.com/download/JLTtNXU3eW/Codium.exe IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:06:59 Last Seen2024-05-19 15:34:47 Times Seen11210 Hash 2a2781f9bb6302c2f96df0d1e96ef524 796bb90146495848c0c479533c367edadb94f1a9 1b60af0ce49d65e8b1006457c16883d60e53a0054bb157c57c3b03a82ee9964d Loading...

	newassets.hcaptcha.com/captcha/v1/50fb34a/hcaptcha.js	387 kB	2024-04-30	2024-05-07
Pretty URL newassets.hcaptcha.com/captcha/v1/50fb34a/hcaptcha.js IP 104.18.125.91 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 17:59:30 Last Seen2024-05-07 20:54:15 Times Seen187 Hash c6438f98ac4acd11054d196bf44310de 00a348466d30d26c486e48d464a2432dfcc28b69 1c7ee73f66b781ba78bdfd7189fc368805cb5e642ad5f095b505a206c5a19ba5 Loading...

	anontransfer.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.3UcZcEtEPkI.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMx_nykP5GTn71hdykwNrip8OK1rGQ/m=web_iab_tcf_v2_wall_executable	377 kB	2024-05-07	2024-05-07
Pretty URL anontransfer.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.3UcZcEtEPkI.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMx_nykP5GTn71hdykwNrip8OK1rGQ/m=web_iab_tcf_v2_wall_executable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 14:45:41 Last Seen2024-05-07 14:45:41 Times Seen1 Hash 474d17101c2c3d6e33c1df92d4450c79 961137584c6c58aa0f1d61317fa179373df0778a 8aba0be97ae1957977b9dd3f1bb5b5cf6f3c46983898edb1777a0d73a1921406 Loading...

	anontransfer.com/download/JLTtNXU3eW/Codium.exe	74 B	2024-05-03	2024-05-12
Pretty URL anontransfer.com/download/JLTtNXU3eW/Codium.exe IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-03 19:15:47 Last Seen2024-05-12 01:58:06 Times Seen3 Hash 7315c8e77bb221b93b8d8e1ef47e6fb1 c017fe30e7fe119ad58e9ce987895998242ef179 f4bb3ed124430398cdf4482b1de0f7c2f2da758ec817d00feffb5be15cdac0ee Loading...

	barelydonkeysteed.com/5565fd691e8ecaf4ea72c31df91cabfb/invoke.js	31 kB	2024-05-07	2024-05-07
Pretty URL barelydonkeysteed.com/5565fd691e8ecaf4ea72c31df91cabfb/invoke.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 14:45:41 Last Seen2024-05-07 14:45:41 Times Seen2 Hash bfd85230c5d82b1efe1ffa21e3ee065d d08a5aece0caed1fb7674074d5b610b2e8620d08 9fa817ac28a0fc2f7e19cac6a15d5a97aa216758c593a57537d64f2158870d6e Loading...

	anontransfer.com/public/bootstrap.min.js	59 kB	2023-03-07	2024-05-19
Pretty URL anontransfer.com/public/bootstrap.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-05-19 09:17:20 Times Seen3484 Hash 259e416ef6833be43801b8b68a93b008 19080c3b817985336aab5e1ce6925c99803f2efd 70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce Loading...

	anontransfer.com/download/JLTtNXU3eW/Codium.exe	139 B	2024-04-12	2024-05-12
Pretty URL anontransfer.com/download/JLTtNXU3eW/Codium.exe IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-12 09:12:28 Last Seen2024-05-12 01:58:06 Times Seen5 Hash 4330f38a51cd9280acfd341e9896f832 8b49ff0893a7a4febd8a73a715753d5b215269ef 1523a964479dd113f87dcabf81ed3f2af6a6eeaffc3ae5f8451480c170145392 Loading...

	anontransfer.com/download/JLTtNXU3eW/Codium.exe	485 B	2024-05-07	2024-05-07
Pretty URL anontransfer.com/download/JLTtNXU3eW/Codium.exe IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 14:45:41 Last Seen2024-05-07 14:45:41 Times Seen1 Hash d0809d8b5c35cf9321a9897911dfecb9 89dff7e7726e039fe65683674bad9a99a128cbf7 8ea39f9e5196b9e3eb755dbcf0bfe5d926069749de5ac424fac797192f150d3f Loading...

	fundingchoicesmessages.google.com/b/pub-1857840457925128	11 kB	2024-03-23	2024-05-07
Pretty URL fundingchoicesmessages.google.com/b/pub-1857840457925128 IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-23 19:52:49 Last Seen2024-05-07 14:45:41 Times Seen15 Hash 7d95c2ce557d72fb57101949fb17cfd3 fced0c276fe7dd10b6ec5709ad0b56623be753bb fa23e295b611fa0af4ba3a1828b1452ec9735f8c303c5c2f426113ed616e437f Loading...

	unknown	48 B	2023-04-11	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:45:29 Last Seen2024-05-19 16:32:20 Times Seen19450 Hash 43d643e449b4ea13394fe737b1d6a447 1c03d56d955fd266d7659379e63d5711bd5382db 4817661f6ac7d2e1691bc3aeb9966e66012891ccda569ff872dc0932010c540d Loading...

	unknown	145 B	2024-04-12	2024-05-12
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-12 09:12:27 Last Seen2024-05-12 01:58:06 Times Seen5 Hash cfadc07f569c4c82767c459c6e25efb7 b44e4192cd544dde82fbf0c3581cfca72dc45f80 afaeff706ee0dbd69126d4dd5f65ab6337ff2a75940cc90ed20e120b441ec0ed Loading...

	unknown	3.3 kB	2024-05-07	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 14:45:41 Last Seen2024-05-07 14:45:41 Times Seen1 Hash e09b95bcce2218ef209e31a3646b2619 587866961c266e00553d65741e79be4998807ebd b497dc55cc160a15e1c2dd9794a9e7ca8b9e838af4e0334201d995b7b31f73fb Loading...

	acscdn.com/script/banner.js	63 kB	2024-04-30	2024-05-15
Pretty URL acscdn.com/script/banner.js IP 104.21.11.26 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 08:25:45 Last Seen2024-05-15 07:02:35 Times Seen26 Hash 65deacd4c85e376123c1a1286c53b221 a00fdb9ba284308a9bb7a8f22a5297a6258700e0 06bdb883933f23989e4e2e71f787699fb9112c36349d503568aff6cd89c52a80 Loading...

	anontransfer.com/public/popper.min.js	19 kB	2023-03-07	2024-05-12
Pretty URL anontransfer.com/public/popper.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:05 Last Seen2024-05-12 01:58:06 Times Seen49 Hash 72d3b1e50e1a60d898f7817b27d76c1a 01d720c9ed9eab4e8d7f87d013cb3af11540d498 98f078a39b01008ae2eefd279d4aecc614b2b2533a4f8bef368e69d1977f5cb2 Loading...

	acscdn.com/script/aclib.js	126 kB	2024-04-29	2024-05-15
Pretty URL acscdn.com/script/aclib.js IP 104.21.11.26 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-29 17:52:36 Last Seen2024-05-15 10:52:57 Times Seen152 Hash 4c2179a619c355d4c2eca1a64f6f3f07 b274e397844067fef7f1ee62031cf1c03d7d0343 23847115b160f47704649f2f6bb3347e31b53c12089d504d98303c18856bc58a Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9f6fdc9bd46de8f8530070aa82c48f98	2.1 kB	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:45:41 Last Seen2024-05-07 14:45:41 Times Seen1 Hash 9f6fdc9bd46de8f8530070aa82c48f98 d977c10c223e05907c2d5eaf6903cb1ca3b96468 e3f01b357361627514fed2be312c5674558eb5274622e843cec580669220f089 Loading...

		Size	First Seen	Last Seen
	#1 Write - c220d845871b2c873174e7123d4ded17	469 B	2024-05-07	2024-05-19
Pretty Observations First Seen2024-05-07 14:20:51 Last Seen2024-05-19 09:54:11 Times Seen64 Hash c220d845871b2c873174e7123d4ded17 a2f38cb0011f7baa7c743fd3986e2229830ce865 18d5a13d297ca66da5ed9676c582207608725564048101c98443cfbe6f250ad4 Loading...

	#2 Write - b670adb6e6f9b4c16dee276ec8e3bac8	3.0 kB	2024-05-07	2024-05-18
Pretty Observations First Seen2024-05-07 05:35:06 Last Seen2024-05-18 23:18:25 Times Seen48 Hash b670adb6e6f9b4c16dee276ec8e3bac8 c5a130cff73bb714bab3e870d7f24cbee7e03089 21ee09c04fc0f0c500fd22e13a6eb817f9f80fae12d426ef3aa672d2ad921caa Loading...

HTTP Transactions (61)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css

104.17.25.14

200 OK

19 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (52276)
Size
19 kB (18752 bytes)
Hash
ded1c367363e8b20bdc6a19b8350a737
8c06d82739d14b094ff6d9036021a252bd1d985d
1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 12:45:04 GMT
content-type: text/css; charset=utf-8
content-length: 18752
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6421d693-4940"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 583604
expires: Sun, 27 Apr 2025 12:45:04 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BO8rbdf7JXLxf39dnXsqzhu9biC8f%2F1z%2Bvp2aENMyf9g150%2Fm%2FqyxZHS0Z4qijrQIeQQXQ2VTm873%2BbYFOIQ4Of9BmvkmGFiJ9vYQERu1XVwPiUYqSDjXWhhhnS6vt8CrfdHBq1h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88014e19cb775697-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Inter:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&display=swap

142.250.74.170

200 OK

4.7 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Inter:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&display=swap
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (20367)
Size
4.7 kB (4718 bytes)
Hash
a8f375aa006ff96adb30a8e423d55cdc
80565cf7a4891ff0443359c7ae234ef348a65b9c
03728afd914f5f40b03b87610acdcf3a85ef338136a4c82e4c87d4eea59cbefe

HTTP Headers

GET /css?family=Inter:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 12:45:05 GMT
date: Tue, 07 May 2024 12:45:05 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

142.250.74.67

200 OK

47 kB

URL GET HTTP/2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Size
47 kB (46704 bytes)
Hash
30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

HTTP Headers

GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 10:54:17 GMT
expires: Tue, 06 May 2025 10:54:17 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 93048
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

barelydonkeysteed.com/5565fd691e8ecaf4ea72c31df91cabfb/invoke.js

192.243.59.13

200 OK

12 kB

URL GET HTTP/1.1
barelydonkeysteed.com/5565fd691e8ecaf4ea72c31df91cabfb/invoke.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerLet's Encrypt
Subjectbarelydonkeysteed.com
Fingerprint09:96:53:A3:D4:FA:8F:6D:A9:BA:0D:D4:AC:65:7E:F5:A3:AD:C9:BB
ValidityMon, 06 May 2024 02:26:21 GMT - Sun, 04 Aug 2024 02:26:20 GMT

File type
JavaScript source, ASCII text, with very long lines (31336), with no line terminators
Size
12 kB (11861 bytes)
Hash
bfd85230c5d82b1efe1ffa21e3ee065d
d08a5aece0caed1fb7674074d5b610b2e8620d08
9fa817ac28a0fc2f7e19cac6a15d5a97aa216758c593a57537d64f2158870d6e

HTTP Headers

GET /5565fd691e8ecaf4ea72c31df91cabfb/invoke.js HTTP/1.1
Host: barelydonkeysteed.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 07 May 2024 12:45:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 28b122f77dce67179d76812cd2ee923e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

zovidree.com/tag.min.js

104.21.16.31

200 OK

77 kB

URL GET HTTP/2
zovidree.com/tag.min.js
IP
104.21.16.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerLet's Encrypt
Subjectzovidree.com
FingerprintE7:A2:02:40:34:64:74:90:8F:C4:F5:DA:6D:7F:08:2D:33:29:9A:FD
ValidityMon, 22 Apr 2024 15:25:10 GMT - Sun, 21 Jul 2024 15:25:09 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
77 kB (76939 bytes)
Hash
7573260aff69fe8406b0115ab4bcefaa
f7f5c31f2481bd176a9b79deff1b7c0d4878f87c
280186476a1f8103793e2139d4654b16f61a2a1d393966388f55b8ed795ebba3

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: zovidree.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 12:45:05 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 1a13b2616487079790d1ad15928b1eb9
cache-control: max-age=86400
last-modified: Sun, 05 May 2024 17:51:41 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Wed, 08 May 2024 03:11:59 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 34383
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W50rAAQ19JjHZFPXFlXATydmi4EwuL54HeS96QNvfDoGZGnx6Pirx%2FGpPj0ZXZqqudZ4Ni6p1mmXPAQ4WF%2BTwuluFrC%2BZ3a4KF%2FuMgd6hG%2FsYCIX%2FnH3kyjjoh99ESg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88014e1e6ce50b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

hcaptcha.com/1/api.js

104.18.125.91

200 OK

110 kB

URL GET HTTP/2
hcaptcha.com/1/api.js
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41625)
Size
110 kB (109934 bytes)
Hash
c6438f98ac4acd11054d196bf44310de
00a348466d30d26c486e48d464a2432dfcc28b69
1c7ee73f66b781ba78bdfd7189fc368805cb5e642ad5f095b505a206c5a19ba5

HTTP Headers

GET /1/api.js HTTP/1.1
Host: hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 12:45:04 GMT
content-type: application/javascript
cf-ray: 88014e19ee3c0b06-OSL
cf-cache-status: HIT
age: 0
cache-control: max-age=300
etag: W/"43a836cde2f57b4747b92444069ecfc9"
expires: Mon, 20 May 2024 20:35:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Origin, Accept-Encoding
alt-svc: h3=":443"; ma=86400
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
1c746578e95683e8b5c861e2c85d81b0
d689114a6d40b4a92b56d12e0eb33e9aeb1a4349
67752d648603b1a5bb6f8856a09b777cfa84dbaed795194ea4018908778fe336

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Tue, 07 May 2024 12:45:05 GMT
Last-Modified: Tue, 07 May 2024 11:15:11 GMT
Server: ECAcc (ska/F75B)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -OMZBfJC-tNramv6vbpiPXom1G0uKasEF11kyFoOzF-2IgO1s1qPHQ==
Age: 5394

anontransfer.com/public/bootstrap.min.css

188.114.97.1

200 OK

188 kB

URL GET HTTP/3
anontransfer.com/public/bootstrap.min.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectanontransfer.com
FingerprintA2:AE:2F:8B:D3:85:BA:A7:DC:4B:F3:87:D4:8E:EC:71:63:BF:96:EF
ValidityFri, 15 Mar 2024 22:40:29 GMT - Thu, 13 Jun 2024 22:40:28 GMT

File type
Unicode text, UTF-8 text
Size
188 kB (187864 bytes)
Hash
3f6998db3a5ca99cfe1e0a2acf431c6a
385fd4585ef04be945023facf736677ae13b5617
89b538bed524540606023d3d4b80d64d6ca1de0685a690e74706d92de5708f21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /public/bootstrap.min.css HTTP/1.1
Host: anontransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Cookie: PHPSESSID=n55js92nsdb33aerfqfkfgt3jh
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:05 GMT
content-type: text/css
last-modified: Sat, 23 Sep 2023 23:34:31 GMT
etag: W/"4ac8f-6060f2abf3db5-gzip"
vary: Accept-Encoding,User-Agent
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S9bCw%2F4z9PLgewR%2FBIlJMo4SKpWd40j7UmiXRfkqD2SdAaugIJ9ULKnfq03%2FB%2Fne8V4jozf%2FSUt8uegLXO7m0WcJAAfwwwZh%2B28q7xRXmDzOJVBH8rVGXvkhkJnadJKkVojT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88014e19aeb71c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
1d00140a8037a8fc49ce564026fff4cc
c0e9d6062f290a138548818e0b759efe2fe633c6
a77e9a7046e7d30d76799a8703ff35ddcdd25ff619815d46ebba6b9797bfb8e1

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 12:45:06 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://anontransfer.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=297ce5e3-0bd3-432d-a2f8-c958b1d580e1:1:1; expires=Fri, 05 May 2034 12:45:06 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

142.250.74.67

200 OK

47 kB

URL GET HTTP/2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Size
47 kB (46704 bytes)
Hash
30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

HTTP Headers

GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 10:54:17 GMT
expires: Tue, 06 May 2025 10:54:17 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 93049
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2

104.17.25.14

200 OK

25 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 24948, version 772.256
Size
25 kB (24948 bytes)
Hash
61f30b79daf5b31f0d254a31fba66158
fb363d27cfdfe71a243fa2ac3dab2815232b9b7e
8e7e5ea1b15f62ab14dbd41768e8fbcd21cc859a4ea5da812457ee714299fb35

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:06 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 24948
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-6174"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 587474
expires: Sun, 27 Apr 2025 12:45:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=np2OFJ%2Fr9wtmErLnqQq3z5n2SH0cSDUOorQfERCnqsOzi5DvcaWKIuw158Fwd5C0%2BC3UyG%2FR5%2BT66IKTB0TisVF6kMoH5oDg%2FHZ2Gfxz4n7EOCYJfC1A%2F%2FMsuPe2hN0YCQ6587nN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88014e20bf705691-OSL
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js?userId=0080556dbb75400de8724c5bf473ab74

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=0080556dbb75400de8724c5bf473ab74
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
aa7567c62e2715739810d5eaa8767948
08d5d242fd05baf53c0f1536c899ff467e379e2e
8ed5a7bafa0a49f6d8c11e165291c9dcc6a019d996375a2dfe392d789d8b4df2

HTTP Headers

GET /gid.js?userId=0080556dbb75400de8724c5bf473ab74 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 12:45:06 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://anontransfer.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080556dbb75400de8724c5bf473ab74; expires=Wed, 07 May 2025 12:45:06 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

pubtrky.com/ut/hb.php?cb=0.23732299147212144&v=1

172.67.188.110

204 No Content

0 B

URL POST HTTP/2
pubtrky.com/ut/hb.php?cb=0.23732299147212144&v=1
IP
172.67.188.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectpubtrky.com
Fingerprint1F:C3:3C:5C:C7:6F:56:DF:E4:18:22:98:6F:C2:B3:96:B2:B4:A6:30
ValidityMon, 18 Mar 2024 09:15:33 GMT - Sun, 16 Jun 2024 09:15:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ut/hb.php?cb=0.23732299147212144&v=1 HTTP/1.1
Host: pubtrky.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 887
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Tue, 07 May 2024 12:45:06 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EL%2BzhnzqkCIGH8EsWCZ3z8XB4FQLys6mxFebv98kcOaL%2BcEYQCnHSbOGaMqXMT4al4RZBFpPvyv9dG6GhWROZUP%2BPj9EqC2mgbCwVksp0JdqY79DxpMlJUtv7LRzKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88014e217d1f5694-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

anontransfer.com/download/JLTtNXU3eW/Codium.exe

188.114.97.1

200 OK

35 kB

URL User Request GET HTTP/2
anontransfer.com/download/JLTtNXU3eW/Codium.exe
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectanontransfer.com
FingerprintA2:AE:2F:8B:D3:85:BA:A7:DC:4B:F3:87:D4:8E:EC:71:63:BF:96:EF
ValidityFri, 15 Mar 2024 22:40:29 GMT - Thu, 13 Jun 2024 22:40:28 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (12460)
Size
35 kB (34952 bytes)
Hash
4442866fcbec2cbbc8dcf8810985d7cf
1c989df3f61e62151f5bd723a5ffb2f19f510abd
562835664f1208bacf929fdb4cfa84b206c44e429cf9f78ff2af5cd9c1c13991

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /download/JLTtNXU3eW/Codium.exe HTTP/1.1
Host: anontransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 12:45:04 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
cf-cache-status: BYPASS
set-cookie: PHPSESSID=n55js92nsdb33aerfqfkfgt3jh; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ILlxPMqENmcFL%2B8dTfSrZ22TZ%2FTjMgHENY%2FbhLE81WmvNqmBMamip0WD%2FkaYtJw2TDRWc7hfoqlroDO06FVPuo37TksGtpMNylyfzBRzhVIdPAxDKxLwD7OvAhpIgsChslE2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88014e158e520b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

anontransfer.com/public/main.js

188.114.97.1

200 OK

1.4 kB

URL GET HTTP/3
anontransfer.com/public/main.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectanontransfer.com
FingerprintA2:AE:2F:8B:D3:85:BA:A7:DC:4B:F3:87:D4:8E:EC:71:63:BF:96:EF
ValidityFri, 15 Mar 2024 22:40:29 GMT - Thu, 13 Jun 2024 22:40:28 GMT

File type
JavaScript source, ASCII text
Size
1.4 kB (1418 bytes)
Hash
2f913676be4281619bb857d9455330ed
486b39d12e0ce4c5206cd84b3e0b72572fa57569
e52e70c5fce3bd7046418adc22baa60f61a3fb4d1fcd136b7397c4f66b47bfb5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /public/main.js HTTP/1.1
Host: anontransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Cookie: PHPSESSID=n55js92nsdb33aerfqfkfgt3jh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:05 GMT
content-type: application/javascript
last-modified: Wed, 02 Aug 2023 13:31:01 GMT
etag: W/"c86-601f0acb94d34-gzip"
vary: Accept-Encoding,User-Agent
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HUgICTkvb3tDhOdquEYTFv1%2BrQBCmf%2FXN252yR%2FbGBVPcbj%2BYMIU7O4PWvLeMytnmiL3R6AZD8v2SAmXeaU9Vxl9aaT%2B5owxitIitpfJynQyYDd%2FPuvJGkCKWvOAraj0ZOj7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88014e19ceed1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

youradexchange.com/script/banner.php?r=8324054&cbpage=https%3A%2F%2Fanontransfer.com%2Fdownload%2FJLTtNXU3eW%2FCodium.exe&cbref=&cbdescription=Codium.exe%20-%20Preview%20your%20File&cbkeywords=&cbtitle=Codium.exe%20-%20AnonTransfer&srs=0082bef4d282664f5038c424d1023fe2&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&atv=48.1

172.67.177.214

200 OK

122 kB

URL GET HTTP/2
youradexchange.com/script/banner.php?r=8324054&cbpage=https%3A%2F%2Fanontransfer.com%2Fdownload%2FJLTtNXU3eW%2FCodium.exe&cbref=&cbdescription=Codium.exe%20-%20Preview%20your%20File&cbkeywords=&cbtitle=Codium.exe%20-%20AnonTransfer&srs=0082bef4d282664f5038c424d1023fe2&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&atv=48.1
IP
172.67.177.214:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintD5:0B:42:43:E8:69:FA:76:AA:C8:B3:28:9A:EB:33:C4:6F:62:7A:2B
ValiditySun, 14 Apr 2024 01:48:20 GMT - Sat, 13 Jul 2024 01:48:19 GMT

File type
JSON text data
Size
122 kB (121797 bytes)
Hash
231b88b5ee4983a10bbe79640752e14b
955f65e303fdc2a3026c06483727c3ed0c95fec4
6c3cc29eafd358c9b9f8a93fb438eed45ec66fc11013ccd24ff060222941bfed

HTTP Headers

GET /script/banner.php?r=8324054&cbpage=https%3A%2F%2Fanontransfer.com%2Fdownload%2FJLTtNXU3eW%2FCodium.exe&cbref=&cbdescription=Codium.exe%20-%20Preview%20your%20File&cbkeywords=&cbtitle=Codium.exe%20-%20AnonTransfer&srs=0082bef4d282664f5038c424d1023fe2&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&atv=48.1 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anontransfer.com/
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 12:45:06 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QWMoKMm1qYTzZPh3Z3ZXWZa4rk4ObqI2wMcMbaB4Bmw3i8FgQTbEDH0WiqAMSblDZfjwDr5qpy2l8NcZXWJYGIX8kj86EUbkTRVAzN31VdixtaiL6R00d6hfX14JizyKU7nmnME%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88014e1f8fa9b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

zokaukree.net/5/7402737/?oo=1&js_build=iclick-v1.788.9-auto

139.45.197.245

200 OK

131 kB

URL GET HTTP/2
zokaukree.net/5/7402737/?oo=1&js_build=iclick-v1.788.9-auto
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerLet's Encrypt
Subjectzokaukree.net
FingerprintC0:B6:2C:1B:C6:37:68:38:7C:A4:E0:F4:BF:B4:8E:D4:CA:7E:2A:F1
ValiditySun, 05 May 2024 11:48:42 GMT - Sat, 03 Aug 2024 11:48:41 GMT

File type
gzip compressed data, max speed, from Unix
Size
131 kB (130573 bytes)
Hash
17fe9d85ccb4902f708a644ea912bc54
93938b402e99be65b4955bad47eed10e1f386ec5
6369cd7a42be2df032c2e42bae2862592f4c737a993e8114d6abfae5115892fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/7402737/?oo=1&js_build=iclick-v1.788.9-auto HTTP/1.1
Host: zokaukree.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 12:45:05 GMT
content-type: application/json
x-trace-id: cb54e24aa0cfcf4eadcde6911a4a155c
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://anontransfer.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080556dbb75400de8724c5bf473ab74; expires=Wed, 07 May 2025 12:45:05 GMT; path=/; secure; SameSite=None
oaidts=1715085905; expires=Wed, 07 May 2025 12:45:05 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

fundingchoicesmessages.google.com/el/AGSKWxUGnlz58zvdeJI3okqu6JGTskn-86sgCpDo1CqowpIJqoEQqIDQQBWjefH45kUsg6dL0UkKOcIbH-MNrtgWT53ytw==

216.58.211.14

204 No Content

0 B

URL GET HTTP/3
fundingchoicesmessages.google.com/el/AGSKWxUGnlz58zvdeJI3okqu6JGTskn-86sgCpDo1CqowpIJqoEQqIDQQBWjefH45kUsg6dL0UkKOcIbH-MNrtgWT53ytw==
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /el/AGSKWxUGnlz58zvdeJI3okqu6JGTskn-86sgCpDo1CqowpIJqoEQqIDQQBWjefH45kUsg6dL0UkKOcIbH-MNrtgWT53ytw== HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-methods: POST, GET, OPTIONS
access-control-max-age: 86400
access-control-allow-origin: https://anontransfer.com
access-control-allow-credentials: true
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 12:45:06 GMT
content-security-policy: script-src 'nonce-aDnc5z-9gWRUpPIvTCTboQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmJw0ZBiqGV4xtQKxE7pM1hDgFiIh-PSkRcb2QQWNO86zQQAyCQMfA"
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.tlVaMKdtlm8.O/am=ABA/d=1/exm=el_conf/ed=1/rs=AN8SPfodhSEIn_SeJc-BRVOcbmQF4EFWgg/m=el_main

142.250.74.42

200 OK

73 kB

URL GET HTTP/2
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.tlVaMKdtlm8.O/am=ABA/d=1/exm=el_conf/ed=1/rs=AN8SPfodhSEIn_SeJc-BRVOcbmQF4EFWgg/m=el_main
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (2297)
Size
73 kB (72600 bytes)
Hash
9b289af026f3e548d1d06033fa868b46
7916969abb1e3aa9e953f4d7e7cb8ca1380f98f7
dc5d2a255869ad274247f1bb8c353794f470a1fca09d9f8c98968178c5b8a717

HTTP Headers

GET /_/translate_http/_/js/k=translate_http.tr.no.tlVaMKdtlm8.O/am=ABA/d=1/exm=el_conf/ed=1/rs=AN8SPfodhSEIn_SeJc-BRVOcbmQF4EFWgg/m=el_main HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 72600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 17:42:06 GMT
expires: Tue, 06 May 2025 17:42:06 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 04 May 2024 07:10:07 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 68580
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

exasperationincorporate.com/watch.36983745055.js?key=5565fd691e8ecaf4ea72c31df91cabfb&kw=%5B%22codium%22%2C%22exe%22%2C%22-%22%2C%22anontransfer%22%5D&refer=https%3A%2F%2Fanontransfer.com%2Fdownload%2FJLTtNXU3eW%2FCodium.exe&tz=0&dev=e&res=14.2071&uuid=297ce5e3-0bd3-432d-a2f8-c958b1d580e1%3A1%3A1

192.243.59.20

307 Temporary Redirect

0 B

URL GET HTTP/1.1
exasperationincorporate.com/watch.36983745055.js?key=5565fd691e8ecaf4ea72c31df91cabfb&kw=%5B%22codium%22%2C%22exe%22%2C%22-%22%2C%22anontransfer%22%5D&refer=https%3A%2F%2Fanontransfer.com%2Fdownload%2FJLTtNXU3eW%2FCodium.exe&tz=0&dev=e&res=14.2071&uuid=297ce5e3-0bd3-432d-a2f8-c958b1d580e1%3A1%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerLet's Encrypt
Subjectexasperationincorporate.com
Fingerprint29:93:4B:D4:EC:F4:64:10:C0:DD:6E:12:94:2B:33:D7:71:A6:AC:23
ValidityMon, 06 May 2024 08:00:27 GMT - Sun, 04 Aug 2024 08:00:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch.36983745055.js?key=5565fd691e8ecaf4ea72c31df91cabfb&kw=%5B%22codium%22%2C%22exe%22%2C%22-%22%2C%22anontransfer%22%5D&refer=https%3A%2F%2Fanontransfer.com%2Fdownload%2FJLTtNXU3eW%2FCodium.exe&tz=0&dev=e&res=14.2071&uuid=297ce5e3-0bd3-432d-a2f8-c958b1d580e1%3A1%3A1 HTTP/1.1
Host: exasperationincorporate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Tue, 07 May 2024 12:45:06 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://anontransfer.com
Access-Control-Allow-Origin: https://anontransfer.com
Access-Control-Allow-Credentials: true
Location: https://exasperationincorporate.com/watch.36983745055.js?dev=e&key=5565fd691e8ecaf4ea72c31df91cabfb&kw=%5B%22codium%22%2C%22exe%22%2C%22-%22%2C%22anontransfer%22%5D&pst=1715085966&refer=https%3A%2F%2Fanontransfer.com%2Fdownload%2FJLTtNXU3eW%2FCodium.exe&res=14.2071&rmtc=t&shu=ae55e0b0b8ea126b629b34fa68e4b53f6d4e21a9c87cb2fee70f6a67fd6533191288e172e56a713d109a19da3bd5d0fa7b48556cab45f2fedbe35ce7f31cb54a99262d36c3e86fb22442af86fe53ff0c83d8763148fe105291bab7cdd7f4&tz=0&uuid=297ce5e3-0bd3-432d-a2f8-c958b1d580e1%3A1%3A1
Set-Cookie: u_pl=20439883; expires=Wed, 08 May 2024 12:45:06 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDQzOTg4MywiayI6IjU1NjVmZDY5MWU4ZWNhZjRlYTcyYzMxZGY5MWNhYmZiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyODk4NjY3LCJwaWQiOjExODcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTcsImFpZCI6MjcsInB0Ijo0LCJwayI6InVzOWNtdndoeXAiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9hbm9udHJhbnNmZXIuY29tL2Rvd25sb2FkL0pMVHROWFUzZVcvQ29kaXVtLmV4ZSIsImFyIjpbXX19.Io70eHskFJjjLJtfFSyQCWQyhEG4jCJFttkgOqPZxKM; expires=Tue, 07 May 2024 12:46:06 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1a7c26182f614e1f532740fc46806188
Strict-Transport-Security: max-age=0; includeSubdomains

www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=BgM/d=0/rs=AN8SPfq0d33yBxzMYYqNCamwNK0h9W1I4w/m=el_main_css

142.250.74.35

200 OK

4.0 kB

URL GET HTTP/2
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=BgM/d=0/rs=AN8SPfq0d33yBxzMYYqNCamwNK0h9W1I4w/m=el_main_css
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
ASCII text, with very long lines (20367), with no line terminators
Size
4.0 kB (3960 bytes)
Hash
72d3a735ccca1027f6b3afba2c93e3a7
67f8eff8d17334c59c28fc1753bf451527c7490d
c8c845f55e2346b89894ce0df8185ee182359e096bf29987d5cf1f8a7391bef1

HTTP Headers

GET /_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=BgM/d=0/rs=AN8SPfq0d33yBxzMYYqNCamwNK0h9W1I4w/m=el_main_css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3960
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 19:04:03 GMT
expires: Tue, 06 May 2025 19:04:03 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 15 Jul 2023 01:09:03 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
age: 63663
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

exasperationincorporate.com/watch.36983745055.js?dev=e&key=5565fd691e8ecaf4ea72c31df91cabfb&kw=%5B%22codium%22%2C%22exe%22%2C%22-%22%2C%22anontransfer%22%5D&pst=1715085966&refer=https%3A%2F%2Fanontransfer.com%2Fdownload%2FJLTtNXU3eW%2FCodium.exe&res=14.2071&rmtc=t&shu=ae55e0b0b8ea126b629b34fa68e4b53f6d4e21a9c87cb2fee70f6a67fd6533191288e172e56a713d109a19da3bd5d0fa7b48556cab45f2fedbe35ce7f31cb54a99262d36c3e86fb22442af86fe53ff0c83d8763148fe105291bab7cdd7f4&tz=0&uuid=297ce5e3-0bd3-432d-a2f8-c958b1d580e1%3A1%3A1

192.243.59.20

200 OK

2.0 kB

URL GET HTTP/1.1
exasperationincorporate.com/watch.36983745055.js?dev=e&key=5565fd691e8ecaf4ea72c31df91cabfb&kw=%5B%22codium%22%2C%22exe%22%2C%22-%22%2C%22anontransfer%22%5D&pst=1715085966&refer=https%3A%2F%2Fanontransfer.com%2Fdownload%2FJLTtNXU3eW%2FCodium.exe&res=14.2071&rmtc=t&shu=ae55e0b0b8ea126b629b34fa68e4b53f6d4e21a9c87cb2fee70f6a67fd6533191288e172e56a713d109a19da3bd5d0fa7b48556cab45f2fedbe35ce7f31cb54a99262d36c3e86fb22442af86fe53ff0c83d8763148fe105291bab7cdd7f4&tz=0&uuid=297ce5e3-0bd3-432d-a2f8-c958b1d580e1%3A1%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerLet's Encrypt
Subjectexasperationincorporate.com
Fingerprint29:93:4B:D4:EC:F4:64:10:C0:DD:6E:12:94:2B:33:D7:71:A6:AC:23
ValidityMon, 06 May 2024 08:00:27 GMT - Sun, 04 Aug 2024 08:00:26 GMT

File type
JavaScript source, ASCII text, with very long lines (2447)
Size
2.0 kB (1985 bytes)
Hash
16df1e6ee90466f2dc8ee567afdd2b74
34b2f857e517b8271891c7b28f49063d5a804b65
f482f423ab49ca0346dcbddecbf7f2498e0640794d7c747aefc324301bf5fcc2

HTTP Headers

GET /watch.36983745055.js?dev=e&key=5565fd691e8ecaf4ea72c31df91cabfb&kw=%5B%22codium%22%2C%22exe%22%2C%22-%22%2C%22anontransfer%22%5D&pst=1715085966&refer=https%3A%2F%2Fanontransfer.com%2Fdownload%2FJLTtNXU3eW%2FCodium.exe&res=14.2071&rmtc=t&shu=ae55e0b0b8ea126b629b34fa68e4b53f6d4e21a9c87cb2fee70f6a67fd6533191288e172e56a713d109a19da3bd5d0fa7b48556cab45f2fedbe35ce7f31cb54a99262d36c3e86fb22442af86fe53ff0c83d8763148fe105291bab7cdd7f4&tz=0&uuid=297ce5e3-0bd3-432d-a2f8-c958b1d580e1%3A1%3A1 HTTP/1.1
Host: exasperationincorporate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anontransfer.com
Referer: https://anontransfer.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=20439883; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMDQzOTg4MywiayI6IjU1NjVmZDY5MWU4ZWNhZjRlYTcyYzMxZGY5MWNhYmZiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyODk4NjY3LCJwaWQiOjExODcwMTgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTcsImFpZCI6MjcsInB0Ijo0LCJwayI6InVzOWNtdndoeXAiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9hbm9udHJhbnNmZXIuY29tL2Rvd25sb2FkL0pMVHROWFUzZVcvQ29kaXVtLmV4ZSIsImFyIjpbXX19.Io70eHskFJjjLJtfFSyQCWQyhEG4jCJFttkgOqPZxKM
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 07 May 2024 12:45:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://anontransfer.com
Access-Control-Allow-Origin: https://anontransfer.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=297ce5e3-0bd3-432d-a2f8-c958b1d580e1:1:1; expires=Tue, 14 May 2024 12:45:06 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 08 May 2024 12:45:06 GMT; secure; SameSite=None
uncs=1; expires=Wed, 08 May 2024 12:45:06 GMT; secure; SameSite=None
pdhtkv27=true; expires=Wed, 08 May 2024 12:45:06 GMT; secure; SameSite=None
uncs27=1; expires=Wed, 08 May 2024 12:45:06 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 195624b8f81b01f4c4a0f3caf1f2cb86
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

wigrooglie.net/?rb=dossDXtKU9z2rKq_VHVnqgL3bV7y0OGZnOM7dDZgjUTwEnpsKEif6V8Np4GIUfFwlvuxc1dHF2QIGgRZ1jrG5JHK1PC6iPO1d5NkNn7iBh3wuwE9oaR-ZGQhAI8vtD6q0yG5NjFCXB6hV8R6P1AlJYThKxjbTPhFe5WhE4GUcR2dsqZZJLCvWBPDpKi8xcHkoC3lMGs0hWNNXNVJ-2aqRd1ov3IxIOPcurypFH2V2fQ4LG5LcBAKo9HzanpA9xnzUVd9Krwnj_KkuKgD&request_ab2=0&zoneid=7402737&js_build=iclick-v1.788.9-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=3&pl=https%3A%2F%2Fanontransfer.com%2Fdownload%2FJLTtNXU3eW%2FCodium.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.9-auto&navlng=en-US&pnt=0&pnrc=0&bs=42b6e1d9-fba6-4c6a-ab2e-700e7ce662d3&wasm=1&userId=0080556dbb75400de8724c5bf473ab74&m=link

139.45.197.242

200 OK

5.6 kB

URL GET HTTP/2
wigrooglie.net/?rb=dossDXtKU9z2rKq_VHVnqgL3bV7y0OGZnOM7dDZgjUTwEnpsKEif6V8Np4GIUfFwlvuxc1dHF2QIGgRZ1jrG5JHK1PC6iPO1d5NkNn7iBh3wuwE9oaR-ZGQhAI8vtD6q0yG5NjFCXB6hV8R6P1AlJYThKxjbTPhFe5WhE4GUcR2dsqZZJLCvWBPDpKi8xcHkoC3lMGs0hWNNXNVJ-2aqRd1ov3IxIOPcurypFH2V2fQ4LG5LcBAKo9HzanpA9xnzUVd9Krwnj_KkuKgD&request_ab2=0&zoneid=7402737&js_build=iclick-v1.788.9-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=3&pl=https%3A%2F%2Fanontransfer.com%2Fdownload%2FJLTtNXU3eW%2FCodium.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.9-auto&navlng=en-US&pnt=0&pnrc=0&bs=42b6e1d9-fba6-4c6a-ab2e-700e7ce662d3&wasm=1&userId=0080556dbb75400de8724c5bf473ab74&m=link
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerLet's Encrypt
Subjectwigrooglie.net
FingerprintEF:4A:44:83:A9:78:0C:8F:85:B1:B3:3B:F0:A8:79:7A:1C:FE:39:3F
ValidityTue, 07 May 2024 00:49:13 GMT - Mon, 05 Aug 2024 00:49:12 GMT

File type
ASCII text, with very long lines (9137), with no line terminators
Size
5.6 kB (5567 bytes)
Hash
dc1af7843dd4ec70798d2afd2737d1a5
bfd7ed6fc4e3131fc4952084602c07facbc3733b
2a5823a80d76dee6238870b4976df390e5c6e31cf0dafbc57895c8e1e33cd866

HTTP Headers

GET /?rb=dossDXtKU9z2rKq_VHVnqgL3bV7y0OGZnOM7dDZgjUTwEnpsKEif6V8Np4GIUfFwlvuxc1dHF2QIGgRZ1jrG5JHK1PC6iPO1d5NkNn7iBh3wuwE9oaR-ZGQhAI8vtD6q0yG5NjFCXB6hV8R6P1AlJYThKxjbTPhFe5WhE4GUcR2dsqZZJLCvWBPDpKi8xcHkoC3lMGs0hWNNXNVJ-2aqRd1ov3IxIOPcurypFH2V2fQ4LG5LcBAKo9HzanpA9xnzUVd9Krwnj_KkuKgD&request_ab2=0&zoneid=7402737&js_build=iclick-v1.788.9-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=3&pl=https%3A%2F%2Fanontransfer.com%2Fdownload%2FJLTtNXU3eW%2FCodium.exe&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.9-auto&navlng=en-US&pnt=0&pnrc=0&bs=42b6e1d9-fba6-4c6a-ab2e-700e7ce662d3&wasm=1&userId=0080556dbb75400de8724c5bf473ab74&m=link HTTP/1.1
Host: wigrooglie.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anontransfer.com/
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 12:45:06 GMT
content-type: application/json
x-trace-id: 184b516803a974eec9d707c32afb9342
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://anontransfer.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080556dbb75400de8724c5bf473ab74; expires=Wed, 07 May 2025 12:45:06 GMT; path=/; secure; SameSite=None
oaidts=1715085906; expires=Wed, 07 May 2025 12:45:06 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Tue, 14 May 2024 12:45:06 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.35

200 OK

1.8 kB

URL GET HTTP/3
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.TpYxICw8iG4.L.F4.O/am=BgM/d=0/rs=AN8SPfq0d33yBxzMYYqNCamwNK0h9W1I4w/m=el_main_css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:13:15 GMT
expires: Fri, 02 May 2025 02:13:15 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 469912
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/images/cleardot.gif

216.58.211.4

200 OK

43 B

URL GET HTTP/2
www.google.com/images/cleardot.gif
IP
216.58.211.4:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99
ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /images/cleardot.gif HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 43
date: Tue, 07 May 2024 12:45:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback

142.250.74.170

1.4 kB

URL
translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text
Size
1.4 kB (1392 bytes)
Hash
a3eefe14b1b4698460d992bd1673a26b
a2fca6ebb00b8bdcca3eda88654d02d2c165b9c4
87514750a90cd70dd22c8673cfa80d804ef55840bd0755950af2118d8d218067

HTTP Headers

GET /v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback HTTP/1.1
Host: translate-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type: text/javascript; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Tue, 07 May 2024 12:45:07 GMT
server: ESF
cache-control: private
content-length: 1392
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: NID=514=NUfuUwdBjCGIHDmHkaNyaE2Giqo5RWAeI1_7KUzul7COl4ywpU_C2Q6Yy0GQmc_G3lcURve1qsBm4qDTNe09pl23__fsx4bKLVPG5Wt3URe4pM6ldbhnseiFu93FI4O3OSbjd6UkfB4Stpam3PeY_GguIBxo6n5Py4MgzDR2zo0; expires=Wed, 06-Nov-2024 12:45:07 GMT; path=/; domain=.translate-pa.googleapis.com; HttpOnly
expires: Tue, 07 May 2024 12:45:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

translate.google.com/gen204?sl=en&nca=te_ap&client=te&logld=vTE_20240505

216.58.211.14

204 No Content

0 B

URL GET HTTP/3
translate.google.com/gen204?sl=en&nca=te_ap&client=te&logld=vTE_20240505
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gen204?sl=en&nca=te_ap&client=te&logld=vTE_20240505 HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: image/gif; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 12:45:07 GMT
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-security-policy: require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport, script-src 'nonce-qgBls8U02DLVuCveH7Hl8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/TranslateApiHttp/web-reports?context=eJzjEtDikmLw05BicEqfwRoExEI8HJePvNjIJjBh5t3LjAB1mwnb"
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: __Secure-ENID=19.SE=TArGaOiMEZ7TnNlPPQr5hKq4CLv4FA9xJUXk8Khhe-fNIYBH7rp_KE0DTfUcXKXYSIB_XPc7rG5QEGFumCZ32NmocsUubx_LoiZu0_nCpDjTXe8h2hP1b6jISL2jf8S8Ra9bBBvj4TK1I-R9w0v3pNKgjlw4MtyeymOyz2WXiaE; expires=Sat, 07-Jun-2025 05:03:25 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

lh3.googleusercontent.com/lDoP0gomLwtYtuRCWmIp6NiO8q-8ntli29HTtGqak22-tD7R3mv_J1DXsECl2IVrVgFjP4YQZ0TAyGgEk2b2LqhnKft_81XkTaunkrq5JUur3ulKI2bTmQ=h60

142.250.74.97

200 OK

15 kB

URL GET HTTP/2
lh3.googleusercontent.com/lDoP0gomLwtYtuRCWmIp6NiO8q-8ntli29HTtGqak22-tD7R3mv_J1DXsECl2IVrVgFjP4YQZ0TAyGgEk2b2LqhnKft_81XkTaunkrq5JUur3ulKI2bTmQ=h60
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint7B:64:D0:4F:29:87:0A:A8:90:15:F1:9F:B6:8F:FB:D6:AC:D2:76:56
ValidityTue, 16 Apr 2024 04:13:47 GMT - Tue, 09 Jul 2024 04:13:46 GMT

File type
PNG image data, 456 x 60, 8-bit/color RGBA, non-interlaced
Size
15 kB (15000 bytes)
Hash
0d270b65146664b527f4bf47bb3b8a53
50a0d64b7784bebbec2de83325763810ab5ac517
3d3d52c6516f0647a3f62aa744345cc35b28461d84bbe6953b647b9e6c355f56

HTTP Headers

GET /lDoP0gomLwtYtuRCWmIp6NiO8q-8ntli29HTtGqak22-tD7R3mv_J1DXsECl2IVrVgFjP4YQZ0TAyGgEk2b2LqhnKft_81XkTaunkrq5JUur3ulKI2bTmQ=h60 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
x-content-type-options: nosniff
server: fife
content-length: 15000
x-xss-protection: 0
date: Tue, 07 May 2024 12:45:07 GMT
expires: Wed, 08 May 2024 12:45:07 GMT
cache-control: public, max-age=86400, no-transform
etag: "v1"
content-type: image/png
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.67

200 OK

48 kB

URL GET HTTP/3
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:35:00 GMT
expires: Fri, 02 May 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 468607
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.67

200 OK

48 kB

URL GET HTTP/3
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:35:00 GMT
expires: Fri, 02 May 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 468607
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

142.250.74.67

200 OK

128 kB

URL GET HTTP/3
fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 128352, version 1.0
Size
128 kB (128352 bytes)
Hash
53436aca8627a49f4deaaa44dc9e3c05
0bc0c675480d94ec7e8609dda6227f88c5d08d2c
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

HTTP Headers

GET /s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 03:43:48 GMT
expires: Sat, 03 May 2025 03:43:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 08 Apr 2024 19:04:47 GMT
content-type: font/woff2
age: 378079
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fundingchoicesmessages.google.com/el/AGSKWxUS6P2BE_CDtfZ7sg4GQ5o-QY5rCZ-JIGIdnLk5ccB5fk_M4Dsu4wLRhkO3rjUEoMs1ZxMSUhiWp0qgSYf4z7rIlMUJ4hLTL9v1JZbrHMVlFQ4Ug0WKz2kzqkal6BVcAo0Z_rgoSw==

216.58.211.14

204 No Content

0 B

URL POST HTTP/3
fundingchoicesmessages.google.com/el/AGSKWxUS6P2BE_CDtfZ7sg4GQ5o-QY5rCZ-JIGIdnLk5ccB5fk_M4Dsu4wLRhkO3rjUEoMs1ZxMSUhiWp0qgSYf4z7rIlMUJ4hLTL9v1JZbrHMVlFQ4Ug0WKz2kzqkal6BVcAo0Z_rgoSw==
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /el/AGSKWxUS6P2BE_CDtfZ7sg4GQ5o-QY5rCZ-JIGIdnLk5ccB5fk_M4Dsu4wLRhkO3rjUEoMs1ZxMSUhiWp0qgSYf4z7rIlMUJ4hLTL9v1JZbrHMVlFQ4Ug0WKz2kzqkal6BVcAo0Z_rgoSw== HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 195
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-methods: POST, GET, OPTIONS
access-control-max-age: 86400
access-control-allow-origin: https://anontransfer.com
access-control-allow-credentials: true
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 12:45:07 GMT
cross-origin-opener-policy: same-origin
content-security-policy: script-src 'nonce-OIOVqo9vL7jfAmM-tMbiKA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmII0pBiqGV4xtQKxE7pM1hDgFiIh-PykRcb2QRm_HnwiQkAzIcNSQ"
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fundingchoicesmessages.google.com/el/AGSKWxUS6P2BE_CDtfZ7sg4GQ5o-QY5rCZ-JIGIdnLk5ccB5fk_M4Dsu4wLRhkO3rjUEoMs1ZxMSUhiWp0qgSYf4z7rIlMUJ4hLTL9v1JZbrHMVlFQ4Ug0WKz2kzqkal6BVcAo0Z_rgoSw==

216.58.211.14

204 No Content

0 B

URL POST HTTP/3
fundingchoicesmessages.google.com/el/AGSKWxUS6P2BE_CDtfZ7sg4GQ5o-QY5rCZ-JIGIdnLk5ccB5fk_M4Dsu4wLRhkO3rjUEoMs1ZxMSUhiWp0qgSYf4z7rIlMUJ4hLTL9v1JZbrHMVlFQ4Ug0WKz2kzqkal6BVcAo0Z_rgoSw==
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /el/AGSKWxUS6P2BE_CDtfZ7sg4GQ5o-QY5rCZ-JIGIdnLk5ccB5fk_M4Dsu4wLRhkO3rjUEoMs1ZxMSUhiWp0qgSYf4z7rIlMUJ4hLTL9v1JZbrHMVlFQ4Ug0WKz2kzqkal6BVcAo0Z_rgoSw== HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 169
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=utf-8
access-control-allow-methods: POST, GET, OPTIONS
access-control-max-age: 86400
access-control-allow-origin: https://anontransfer.com
access-control-allow-credentials: true
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 12:45:07 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'nonce-TQ8UOyxzkpWXB3N5AMuWLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw15BiqGV4xtQKxE7pM1hDgFiIh-PykRcb2QR2zH7-gQkAy04NCg"
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.cloudimagesb.com/cti/ce/4f/ad/ce4fad594f0595d487d8b6b4c83c440a/1627917103.png

45.133.44.10

200 OK

25 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/ce/4f/ad/ce4fad594f0595d487d8b6b4c83c440a/1627917103.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 468 x 60, 8-bit/color RGB, non-interlaced
Size
25 kB (25371 bytes)
Hash
a2d05b1f17d513b399aac78339ef978e
f0a52b95fbc0df33084ab457a6919b6c533f799a
3a255ad4f051d9484322374d692e67215edc0a3f4b76be3eb21e944c8daeba7b

HTTP Headers

GET /cti/ce/4f/ad/ce4fad594f0595d487d8b6b4c83c440a/1627917103.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 12:45:07 GMT
content-type: image/png
content-length: 25371
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 15:11:50 GMT
etag: "61080b36-631b"
expires: Thu, 09 May 2024 12:45:07 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

api.hcaptcha.com/checksiteconfig?v=50fb34a&host=anontransfer.com&sitekey=6610571a-4613-4ecd-a763-7a8957c62512&sc=1&swa=1&spst=0

104.18.125.91

200 OK

13 kB

URL POST HTTP/3
api.hcaptcha.com/checksiteconfig?v=50fb34a&host=anontransfer.com&sitekey=6610571a-4613-4ecd-a763-7a8957c62512&sc=1&swa=1&spst=0
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/50fb34a/static/hcaptcha.html#frame=challenge&id=05tzfqbkwj2&host=anontransfer.com&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=6610571a-4613-4ecd-a763-7a8957c62512&theme=light&origin=https%3A%2F%2Fanontransfer.com
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
JSON text data
Size
13 kB (12844 bytes)
Hash
80c1f7cc930d7798b9633ab3e6a9e7e6
bbd81c0d4221e9ca90384860eb8f6e6b7df403b1
0b62b5b7358df60e30e75d9daaea8c78fa171a9b85099f6bb34cac2ec7d3e3e4

HTTP Headers

POST /checksiteconfig?v=50fb34a&host=anontransfer.com&sitekey=6610571a-4613-4ecd-a763-7a8957c62512&sc=1&swa=1&spst=0 HTTP/1.1
Host: api.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://newassets.hcaptcha.com
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:06 GMT
content-type: application/json
access-control-allow-origin: https://newassets.hcaptcha.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
access-control-allow-methods: GET, HEAD, POST, OPTIONS
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 88014e245bf8b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

142.250.74.42

200 OK

0 B

URL OPTIONS HTTP/3
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Referer: https://anontransfer.com/
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: https://anontransfer.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 07 May 2024 12:45:17 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

142.250.74.42

200 OK

131 B

URL OPTIONS HTTP/3
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JSON text data
Size
131 B (131 bytes)
Hash
ca0b7e866005f6774d284b9f438ebfd2
53644f5ee3640189bdb223473ba6a2d46606c556
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

HTTP Headers

POST /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anontransfer.com/
X-Goog-AuthUser: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 1183
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: https://anontransfer.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Tue, 07 May 2024 12:45:17 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

acscdn.com/script/ut.js?cb=1715085905768

104.21.11.26

200 OK

63 kB

URL GET HTTP/3
acscdn.com/script/ut.js?cb=1715085905768
IP
104.21.11.26:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectacscdn.com
Fingerprint55:5D:7F:12:65:2B:04:EA:49:29:92:63:3B:D1:C2:DF:C7:F6:4B:9E
ValiditySat, 27 Apr 2024 13:56:54 GMT - Fri, 26 Jul 2024 13:56:53 GMT

File type

Size
63 kB (62975 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/ut.js?cb=1715085905768 HTTP/1.1
Host: acscdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:05 GMT
content-type: text/javascript
x-guploader-uploadid: ABPtcPq4rLQfUzIb4PXABJF3kaL6QpNC2eEDt1dZIA_AICzJwRtEzQkHmfGBvBjJTgyllcLoFfCchk7ypw
x-goog-generation: 1714053300452258
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 62975
x-goog-hash: crc32c=f8d0YQ==, md5=vEgeNFwEtFNOCk5UoPLBxg==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Tue, 07 May 2024 13:18:10 GMT
cache-control: public, max-age=3600
age: 178
last-modified: Thu, 25 Apr 2024 13:55:00 GMT
etag: W/"bc481e345c04b4534e0a4e54a0f2c1c6"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kk%2Bcyp%2FgF%2BpaMv%2F%2FR4GsZcstfB9JhirfPCXTCUOuOZY5ylFkP%2BFMmnWmeFs46SzTib0zG2uy4iUiPsKdGICGmkWvU%2BBEoVrSPCmQ%2FoF2JKat%2F3Rd4BS%2B%2FeovI1Mm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88014e1f5ef7568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

acscdn.com/script/banner.js

104.21.11.26

200 OK

63 kB

URL GET HTTP/3
acscdn.com/script/banner.js
IP
104.21.11.26:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectacscdn.com
Fingerprint55:5D:7F:12:65:2B:04:EA:49:29:92:63:3B:D1:C2:DF:C7:F6:4B:9E
ValiditySat, 27 Apr 2024 13:56:54 GMT - Fri, 26 Jul 2024 13:56:53 GMT

File type

Size
63 kB (63013 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/banner.js HTTP/1.1
Host: acscdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:05 GMT
content-type: text/javascript
x-goog-generation: 1714389693207586
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 63013
x-goog-hash: crc32c=fi3olg==, md5=Zd6s1MheN2EjwaEobFOyIQ==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
x-guploader-uploadid: ABPtcPokA-nYfLnt6-1nIW2SFFPL1Wx442RKOF5tzz1Gl9dN3yklq7QEJvMiPvHs8ZrDmzgtf7K1-x4ziw
expires: Tue, 07 May 2024 12:37:33 GMT
cache-control: public, max-age=3600
age: 843
last-modified: Mon, 29 Apr 2024 11:21:33 GMT
etag: W/"65deacd4c85e376123c1a1286c53b221"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lMWPEf%2Fk%2Ban7bNt3maJqxITIfi9TRKyMjrVv5pR6jXj4Vdj9wEVHwnS4Ja77Lg3DO3VO5%2Ff7xGa8isypxxeeF8ZfZ00VXbpRBXS6QrlMoQFvL0VUvyb9S6%2B2nNfL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88014e1e7d07568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/captcha/v1/50fb34a/static/hcaptcha.html

104.18.125.91

200 OK

1.8 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/50fb34a/static/hcaptcha.html
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
HTML document, ASCII text, with very long lines (1803), with no line terminators
Size
1.8 kB (1758 bytes)
Hash
1061da5ccf4d00902874135c386f3cec
3fbf23dcb9452a187c9ec136a7f5538776f8b9ad
f472028d948ffa52e1eb7cd913034240f740dab373e73ab17c07891dca16cd72

HTTP Headers

GET /captcha/v1/50fb34a/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:05 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Tue, 21 May 2024 12:45:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 88014e1fea3db50f-OSL
content-encoding: br

crrepo.com/extban/278371020/creatives/23426596/e192295018ae5357d1c5b67ef5e985ad_3890.jpg

104.21.233.199

200 OK

121 kB

URL GET HTTP/2
crrepo.com/extban/278371020/creatives/23426596/e192295018ae5357d1c5b67ef5e985ad_3890.jpg
IP
104.21.233.199:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectcrrepo.com
Fingerprint44:8B:BA:AA:80:2B:6C:39:BF:F9:EA:5D:F1:1E:6D:BF:47:FF:41:D3
ValidityFri, 03 May 2024 12:40:29 GMT - Thu, 01 Aug 2024 12:40:28 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x250, components 3
Size
121 kB (121009 bytes)
Hash
e192295018ae5357d1c5b67ef5e985ad
b35ebb12f3525f93b95f7d23153d2cf98cb3f451
f5e1a3e880c62a3e756db0d72a0ba6a9efb2c0db20046d8d5874296eab9c28b9

HTTP Headers

GET /extban/278371020/creatives/23426596/e192295018ae5357d1c5b67ef5e985ad_3890.jpg HTTP/1.1
Host: crrepo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 12:45:06 GMT
content-type: image/jpeg
last-modified: Thu, 03 Mar 2022 16:56:37 GMT
etag: W/"6220f345-1d8b1"
via: 1.1 google
cache-control: max-age=14400
cf-cache-status: HIT
age: 6569
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OQHpvgz0Yx%2Fokn0qXFBq6nttp3rayXj2nwTF7EcZ2kczkpjmotqLcv1u0XZJDojdwr1QH70O1ijIZL8z%2Bm4nR2q9b07T5mP3S2sYCXZ4COF1W9rmvrJlCih4HK3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88014e223f3693e1-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

anontransfer.com/public/bootstrap.min.js

188.114.97.1

200 OK

59 kB

URL GET HTTP/3
anontransfer.com/public/bootstrap.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectanontransfer.com
FingerprintA2:AE:2F:8B:D3:85:BA:A7:DC:4B:F3:87:D4:8E:EC:71:63:BF:96:EF
ValidityFri, 15 Mar 2024 22:40:29 GMT - Thu, 13 Jun 2024 22:40:28 GMT

File type
JavaScript source, ASCII text, with very long lines (58940)
Size
59 kB (59219 bytes)
Hash
259e416ef6833be43801b8b68a93b008
19080c3b817985336aab5e1ce6925c99803f2efd
70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /public/bootstrap.min.js HTTP/1.1
Host: anontransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Cookie: PHPSESSID=n55js92nsdb33aerfqfkfgt3jh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:05 GMT
content-type: application/javascript
last-modified: Sat, 22 Jul 2023 20:32:32 GMT
etag: W/"e753-6011947e0f800-gzip"
vary: Accept-Encoding,User-Agent
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WixafCfLcpX5RulJ%2B7fd9RDmfd57JqGXYk7r8XrG4X5WF6gWDgtJPMtLXaNKIlmJKGTmloLY1ejgcLyGCp3x9RWTZxMFei6vSfjkwdKZGs8pn5oPDW%2B1bDGH2e1RqxoEFnfZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88014e19ceec1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/captcha/v1/50fb34a/static/hcaptcha.html

104.18.125.91

200 OK

1.8 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/50fb34a/static/hcaptcha.html
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
HTML document, ASCII text, with very long lines (1803), with no line terminators
Size
1.8 kB (1758 bytes)
Hash
1061da5ccf4d00902874135c386f3cec
3fbf23dcb9452a187c9ec136a7f5538776f8b9ad
f472028d948ffa52e1eb7cd913034240f740dab373e73ab17c07891dca16cd72

HTTP Headers

GET /captcha/v1/50fb34a/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:05 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Tue, 21 May 2024 12:45:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 88014e1fea41b50f-OSL
content-encoding: br

newassets.hcaptcha.com/captcha/v1/50fb34a/hcaptcha.js

104.18.125.91

200 OK

387 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/50fb34a/hcaptcha.js
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/50fb34a/static/hcaptcha.html#frame=checkbox&id=05tzfqbkwj2&host=anontransfer.com&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=6610571a-4613-4ecd-a763-7a8957c62512&theme=light&origin=https%3A%2F%2Fanontransfer.com
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type

Size
387 kB (387118 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /captcha/v1/50fb34a/hcaptcha.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/50fb34a/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:06 GMT
content-type: application/javascript
etag: W/"43a836cde2f57b4747b92444069ecfc9"
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Tue, 21 May 2024 12:45:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 88014e218d7ab50f-OSL
content-encoding: br

newassets.hcaptcha.com/captcha/v1/50fb34a/hcaptcha.js

104.18.125.91

200 OK

387 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/50fb34a/hcaptcha.js
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/50fb34a/static/hcaptcha.html#frame=challenge&id=05tzfqbkwj2&host=anontransfer.com&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=6610571a-4613-4ecd-a763-7a8957c62512&theme=light&origin=https%3A%2F%2Fanontransfer.com
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type

Size
387 kB (387118 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /captcha/v1/50fb34a/hcaptcha.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/50fb34a/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:06 GMT
content-type: application/javascript
etag: W/"43a836cde2f57b4747b92444069ecfc9"
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Tue, 21 May 2024 12:45:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 88014e218d7eb50f-OSL
content-encoding: br

acscdn.com/script/aclib.js

104.21.11.26

200 OK

126 kB

URL GET HTTP/2
acscdn.com/script/aclib.js
IP
104.21.11.26:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectacscdn.com
Fingerprint55:5D:7F:12:65:2B:04:EA:49:29:92:63:3B:D1:C2:DF:C7:F6:4B:9E
ValiditySat, 27 Apr 2024 13:56:54 GMT - Fri, 26 Jul 2024 13:56:53 GMT

File type

Size
126 kB (125606 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/aclib.js HTTP/1.1
Host: acscdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 12:45:04 GMT
content-type: text/javascript
x-goog-generation: 1714389616107910
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 125606
x-goog-hash: crc32c=xTw75w==, md5=TCF5phnDVdTC7KGmT28/Bw==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
x-guploader-uploadid: ABPtcPq3WDRiywUXy1I9epsgjBrZr10_kxsxD8tygBTr-xkVVMzaGeOnPwLfQ_UPT0AwhViwE90
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
expires: Tue, 07 May 2024 12:57:52 GMT
cache-control: public, max-age=3600
age: 807
last-modified: Mon, 29 Apr 2024 11:20:16 GMT
etag: W/"4c2179a619c355d4c2eca1a64f6f3f07"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pnkm%2FGp5t4lUwFcRQr6I5ssK4LkITos44MnlBe%2FnmV04ChE6Gqgp75EZqNPbnXu7CZXIsB%2Fmgbyztp9hT6Y%2FZvbMTwotNszkrGx51dW1cRbg1wXJ6gUPHyrzTXrx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88014e19eef60b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

anontransfer.com/public/popper.min.js

188.114.97.1

200 OK

19 kB

URL GET HTTP/3
anontransfer.com/public/popper.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectanontransfer.com
FingerprintA2:AE:2F:8B:D3:85:BA:A7:DC:4B:F3:87:D4:8E:EC:71:63:BF:96:EF
ValidityFri, 15 Mar 2024 22:40:29 GMT - Thu, 13 Jun 2024 22:40:28 GMT

File type
JavaScript source, ASCII text, with very long lines (18706)
Size
19 kB (18756 bytes)
Hash
72d3b1e50e1a60d898f7817b27d76c1a
01d720c9ed9eab4e8d7f87d013cb3af11540d498
98f078a39b01008ae2eefd279d4aecc614b2b2533a4f8bef368e69d1977f5cb2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /public/popper.min.js HTTP/1.1
Host: anontransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Cookie: PHPSESSID=n55js92nsdb33aerfqfkfgt3jh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:05 GMT
content-type: application/javascript
last-modified: Sat, 22 Jul 2023 20:32:31 GMT
etag: W/"4944-6011947d1b5c0-gzip"
vary: Accept-Encoding,User-Agent
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E3HaDPfiVCDHcn7ElROxFPlwOmwH5mUwI%2BPKCJyPp5OTmB8Ku7nNL3bbbBpG7nuCIXQKCpco21qVdj2y3e0kY1mdQ%2BCN8uGxjmJAh4jK4KjXLzfiJRrkTn2EQZRak3uPY062"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88014e19bee61c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

142.250.74.170

200 OK

112 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1572)
Size
112 kB (112083 bytes)
Hash
a656f24503830b5b1554f7a1655446da
a9692d730b090e7093c79026780e5045184280e7
e6c3ac5acc22f10a07b54dc9311d8fa3cd64cddfda3a5921d8290b88b8ca630f

HTTP Headers

GET /css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 12:45:07 GMT
date: Tue, 07 May 2024 12:45:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2

104.17.25.14

200 OK

150 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 150124, version 772.256
Size
150 kB (150124 bytes)
Hash
c64278386c2bbb5e293e11b94ca2f6d1
6b99aa650bd12a36caa14e0127435d8f4cd3ba73
7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anontransfer.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:05 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150124
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-24a6c"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 587645
expires: Sun, 27 Apr 2025 12:45:05 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xef0oFqa5GzC8a6jRvwxqc0E7HGVUlX4u3Y3dZeRXaHjzmYljM8eyFI1qMOkxHvThocTZcsbz7nFxO6ru6mOx2G%2FiRAhw5DvAhYUKxAEbMxfcBubRkPfkT5Nf9HYKgmABOvZthPN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88014e205ebc5691-OSL
alt-svc: h3=":443"; ma=86400

anontransfer.com/public/main.min.css

188.114.97.1

200 OK

3.1 kB

URL GET HTTP/3
anontransfer.com/public/main.min.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectanontransfer.com
FingerprintA2:AE:2F:8B:D3:85:BA:A7:DC:4B:F3:87:D4:8E:EC:71:63:BF:96:EF
ValidityFri, 15 Mar 2024 22:40:29 GMT - Thu, 13 Jun 2024 22:40:28 GMT

File type
ASCII text, with very long lines (3053), with no line terminators
Size
3.1 kB (3051 bytes)
Hash
1783f583975d6dc2498ab64797c52bb8
4c6931a7417234360fa7c5d26eb96717af1be444
b78bd0e5718345c790e67c01ffb82666f1f1146fc9a745f6d5358c0c020beb6a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /public/main.min.css HTTP/1.1
Host: anontransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Cookie: PHPSESSID=n55js92nsdb33aerfqfkfgt3jh
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:05 GMT
content-type: text/css
last-modified: Tue, 17 Oct 2023 16:25:58 GMT
etag: W/"beb-607ebfa4a031d-gzip"
vary: Accept-Encoding,User-Agent
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mbPn7RiiS6BvFYI0skoda%2FE2ZPRsVRsmtETyL1N2Og0YyW7f6D%2BYuzl5VsbxWoYvqgWny4uDFwkxp2j8hN3KTbMLbZXsa9fERd6lF%2F9maZqlDaq1dIPP2AlaLZM9cgXemc9T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88014e19aebf1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

216.58.211.14

200 OK

89 kB

URL GET HTTP/2
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
JavaScript source, ASCII text, with very long lines (2064)
Size
89 kB (89377 bytes)
Hash
ed382eb133d005b89e06bc0c96b4426b
a7f01b3904e960bd94423b8f427ec40fee546216
3c497eb6a306e96daf50eef0ea2e4c56dc5e3f65cd0a0dabca935288a75c14d3

HTTP Headers

GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 12:45:05 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

anontransfer.com/public/at-logo.webp

188.114.97.1

200 OK

3.4 kB

URL GET HTTP/3
anontransfer.com/public/at-logo.webp
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectanontransfer.com
FingerprintA2:AE:2F:8B:D3:85:BA:A7:DC:4B:F3:87:D4:8E:EC:71:63:BF:96:EF
ValidityFri, 15 Mar 2024 22:40:29 GMT - Thu, 13 Jun 2024 22:40:28 GMT

File type
RIFF (little-endian) data, Web/P image
Size
3.4 kB (3394 bytes)
Hash
4085d16973c5fd4d17fa03d23d8ff5c4
cbcc34ef0dcc557a321f64f484163e6828bc43b9
4ecd9408f4d052a43f4111dc66fec20e6f4924efb401cea52f2baf8e39f25204

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /public/at-logo.webp HTTP/1.1
Host: anontransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Cookie: PHPSESSID=n55js92nsdb33aerfqfkfgt3jh
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:05 GMT
content-type: image/webp
last-modified: Wed, 24 May 2023 02:52:25 GMT
etag: W/"d42-5fc6797f80c40-gzip"
vary: Accept-Encoding,User-Agent
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GaiAMAluVbB0OEaijkirPVqhpQj1ay7kg0sinp722z0hLK2s9pXg6G7jc5lVa3ozzsTnOtGQ%2FKvQoT3EsrItJpo1MopPDMYvq4pgQMpianz83K8djNLXR2S%2FPIow1JsPFBot"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88014e19bed71c16-OSL
alt-svc: h3=":443"; ma=86400

anontransfer.com/public/file-format-icon.webp

188.114.97.1

200 OK

900 B

URL GET HTTP/3
anontransfer.com/public/file-format-icon.webp
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectanontransfer.com
FingerprintA2:AE:2F:8B:D3:85:BA:A7:DC:4B:F3:87:D4:8E:EC:71:63:BF:96:EF
ValidityFri, 15 Mar 2024 22:40:29 GMT - Thu, 13 Jun 2024 22:40:28 GMT

File type
RIFF (little-endian) data, Web/P image
Size
900 B (900 bytes)
Hash
66402453e205f10efb8d3be5d0e475cc
0113ccd1362a74d2e25dc837a986ae1a579f906a
7bdd4be48dec56dd8b86c1e533d725ea3f8fd4d920a1d9a26be3f6e254588b50

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /public/file-format-icon.webp HTTP/1.1
Host: anontransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Cookie: PHPSESSID=n55js92nsdb33aerfqfkfgt3jh
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:05 GMT
content-type: image/webp
last-modified: Thu, 22 Jun 2023 19:59:23 GMT
etag: W/"384-5febd5215fcc0-gzip"
vary: Accept-Encoding,User-Agent
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qk1Ernv0aZmQYTfMoew4%2FXbMk%2Fw5qBvPFnLQxc6xureYL1Bbkmgk0QtOOHfxCaiQU88%2FIh%2F43GIDqVlqawki%2BKUYxJLSupGtgwShqiC5mIK5xiJJD%2FjfoZ1%2B3TaU4YhKhX0V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88014e19bed91c16-OSL
alt-svc: h3=":443"; ma=86400

anontransfer.com/download/JLTtNXU3eW/Codium.exe

0.0.0.0

0 B

URL GET
anontransfer.com/download/JLTtNXU3eW/Codium.exe
IP
0.0.0.0:0
ASN
#0

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectanontransfer.com
FingerprintA2:AE:2F:8B:D3:85:BA:A7:DC:4B:F3:87:D4:8E:EC:71:63:BF:96:EF
ValidityFri, 15 Mar 2024 22:40:29 GMT - Thu, 13 Jun 2024 22:40:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /download/JLTtNXU3eW/Codium.exe HTTP/1.1
Host: anontransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Cookie: PHPSESSID=n55js92nsdb33aerfqfkfgt3jh; dom3ic8zudi28v8lr6fgphwffqoz0j6c=297ce5e3-0bd3-432d-a2f8-c958b1d580e1%3A1%3A1; prefetchAd_7402737=true
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

fundingchoicesmessages.google.com/f/AGSKWxWnNC7TtCo_ZA_Tmx-VoxUW8XCX5uBoIuzwPywct1OC9v1XKp6IkApo0-N2qDJeuDRzpedbKQwEGefCAuH9qTvObcWFITadkyoNFfINhe1qSy1r5xLNwOFcQWx0fxM8q0gpVFavVQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzE1MDg1OTA2LDgyMzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9hbm9udHJhbnNmZXIuY29tL2Rvd25sb2FkL0pMVHROWFUzZVcvQ29kaXVtLmV4ZSIsbnVsbCxbWzgsIjNVY1pjRXRFUGtJIl0sWzksImVuLVVTIl0sWzE5LCIxIl1dXQ

216.58.211.14

200 OK

377 kB

URL GET HTTP/3
fundingchoicesmessages.google.com/f/AGSKWxWnNC7TtCo_ZA_Tmx-VoxUW8XCX5uBoIuzwPywct1OC9v1XKp6IkApo0-N2qDJeuDRzpedbKQwEGefCAuH9qTvObcWFITadkyoNFfINhe1qSy1r5xLNwOFcQWx0fxM8q0gpVFavVQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzE1MDg1OTA2LDgyMzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9hbm9udHJhbnNmZXIuY29tL2Rvd25sb2FkL0pMVHROWFUzZVcvQ29kaXVtLmV4ZSIsbnVsbCxbWzgsIjNVY1pjRXRFUGtJIl0sWzksImVuLVVTIl0sWzE5LCIxIl1dXQ
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type

Size
377 kB (376808 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /f/AGSKWxWnNC7TtCo_ZA_Tmx-VoxUW8XCX5uBoIuzwPywct1OC9v1XKp6IkApo0-N2qDJeuDRzpedbKQwEGefCAuH9qTvObcWFITadkyoNFfINhe1qSy1r5xLNwOFcQWx0fxM8q0gpVFavVQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzE1MDg1OTA2LDgyMzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9hbm9udHJhbnNmZXIuY29tL2Rvd25sb2FkL0pMVHROWFUzZVcvQ29kaXVtLmV4ZSIsbnVsbCxbWzgsIjNVY1pjRXRFUGtJIl0sWzksImVuLVVTIl0sWzE5LCIxIl1dXQ HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 12:45:07 GMT
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'nonce-tvl7wcFQHPnrt-9MbwoFqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjKtDikmLw15BiOO90h-k6ENcyPGNqBWIDjedMFkAs8fUlkxYQxzyfzpoCxE7pM1hDgNinfgZrHBC33jzHOh2ITy44z3oRiJP-nWctAeKdiy-wHgTiVUcusG4C4m_sF1n_AbEQN8flIy82sgmcuPvbHQCwmThM"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

anontransfer.com/public/anontransfer-favicon.ico

188.114.97.1

200 OK

176 kB

URL GET HTTP/3
anontransfer.com/public/anontransfer-favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectanontransfer.com
FingerprintA2:AE:2F:8B:D3:85:BA:A7:DC:4B:F3:87:D4:8E:EC:71:63:BF:96:EF
ValidityFri, 15 Mar 2024 22:40:29 GMT - Thu, 13 Jun 2024 22:40:28 GMT

File type
MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
Size
176 kB (176492 bytes)
Hash
d5e92a2fedcb52f737435150cba4e603
54838eb1a51959a5df8d498f8c7f999be5652283
eda268a2c3241dbd07ac42ed4b4be3f66408c1b5fbf3a2f0cb15e460a14c1b1c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /public/anontransfer-favicon.ico HTTP/1.1
Host: anontransfer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Cookie: PHPSESSID=n55js92nsdb33aerfqfkfgt3jh; dom3ic8zudi28v8lr6fgphwffqoz0j6c=297ce5e3-0bd3-432d-a2f8-c958b1d580e1%3A1%3A1; prefetchAd_7402737=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:06 GMT
content-type: image/x-icon
last-modified: Thu, 25 May 2023 05:00:53 GMT
etag: W/"2b16c-5fc7d813e2b40-gzip"
vary: Accept-Encoding,User-Agent
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0DrvDbwCEjM%2FBwqFCsjrtvVt50k7Ib%2Bp6gn4MsZUGfUn3j7aCABUduwjv51JtgWme7w3EDWTpWC1I55duztVgi0zg%2FhSVbPU2pcVN7WbJI1fT3CWF2rwuCCPoq7e84Hwy6Ry"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88014e24794b1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/c/f922a41/hsw.js

104.18.125.91

200 OK

470 kB

URL GET HTTP/3
newassets.hcaptcha.com/c/f922a41/hsw.js
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/50fb34a/static/hcaptcha.html#frame=challenge&id=05tzfqbkwj2&host=anontransfer.com&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=6610571a-4613-4ecd-a763-7a8957c62512&theme=light&origin=https%3A%2F%2Fanontransfer.com
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type

Size
470 kB (469642 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/f922a41/hsw.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/50fb34a/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:45:06 GMT
content-type: application/javascript
etag: W/"a015c3f04def6c02f6d3a815ff97f100"
cache-control: public, max-age=3024000
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Tue, 11 Jun 2024 12:45:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 88014e250d53b50f-OSL
content-encoding: br

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

142.250.74.67

200 OK

6.2 kB

URL GET HTTP/3
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
SVG Scalable Vector Graphics image
Size
6.2 kB (6225 bytes)
Hash
a1a4ffbc52fa4bd18e2f9f7c45ba71fc
0df81f908c859204ae9748c21ad2a4219381b2e4
151e69c94e1f500a46c405df3a0c60043651b22aec7b4ae33d5df3bc9fd82737

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 13:00:35 GMT
expires: Tue, 06 May 2025 13:00:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 85472
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

youradexchange.com/script/i.php?t=1&c=23426596&stamat=m%257C%252C%252Cg2a3Y3ZvoGU3BP-GH0dEdHP3xP.b31%252ClPaq-_QKNHVXG66e24PYReXzSpQxPcZiZ4F0QmhOGfR8X29rHYUhkl_2eue_xmUXFYF8GtnCfVrw--wis6sZxjLktEs6Vc20ax-gVQ-QxvVMS4muHNWRLxWoi5hQeqWHOA5J6r0D2xC1eFZwJLakumrJVT1vf5yjggQP8uSBtfWhqV0zpHrlfG0yEsmaVmyHxLNLDVkrN8PjIE5M7F6CN76g4OZXvoKxQidPqn95liWggw4GQimInaOaTXsR2TbejuOkUrXYSZtH2iqj6YpKMKLryFtbVYtdUpWyAjFpRlLLmYG22RQCyHqLK8DQxhslLa95B036zEBm7uMwPIhgQbine5Av8ZqIUPbUIsXHui3VLzzvbTrDqrpOwhMr5hahEvyUcifubSP9QaC3zmklyJfuNxjCq-ATmVBVc7L5FA0VqsNGogRCU0_bcIPwM4plWHT4BsSXH2R03BUO5YnpXVw9a0iBzJ19xa1BfyzUkrODbjs7yztWrl05LbNeC-6L206ncl1r5U5FqVLfRMdiCq9ykd-T-tDi3L3lZ2KKSQ1PEgP17Fz9tW74JUlg64xGm1GOnr1xPuKpAXLAgNmzQc6FeKwLe4H0TTeLHNUiNM-Y4lRw9vGmFDWNjRQVoA7X

172.67.177.214

204 No Content

0 B

URL GET HTTP/3
youradexchange.com/script/i.php?t=1&c=23426596&stamat=m%257C%252C%252Cg2a3Y3ZvoGU3BP-GH0dEdHP3xP.b31%252ClPaq-_QKNHVXG66e24PYReXzSpQxPcZiZ4F0QmhOGfR8X29rHYUhkl_2eue_xmUXFYF8GtnCfVrw--wis6sZxjLktEs6Vc20ax-gVQ-QxvVMS4muHNWRLxWoi5hQeqWHOA5J6r0D2xC1eFZwJLakumrJVT1vf5yjggQP8uSBtfWhqV0zpHrlfG0yEsmaVmyHxLNLDVkrN8PjIE5M7F6CN76g4OZXvoKxQidPqn95liWggw4GQimInaOaTXsR2TbejuOkUrXYSZtH2iqj6YpKMKLryFtbVYtdUpWyAjFpRlLLmYG22RQCyHqLK8DQxhslLa95B036zEBm7uMwPIhgQbine5Av8ZqIUPbUIsXHui3VLzzvbTrDqrpOwhMr5hahEvyUcifubSP9QaC3zmklyJfuNxjCq-ATmVBVc7L5FA0VqsNGogRCU0_bcIPwM4plWHT4BsSXH2R03BUO5YnpXVw9a0iBzJ19xa1BfyzUkrODbjs7yztWrl05LbNeC-6L206ncl1r5U5FqVLfRMdiCq9ykd-T-tDi3L3lZ2KKSQ1PEgP17Fz9tW74JUlg64xGm1GOnr1xPuKpAXLAgNmzQc6FeKwLe4H0TTeLHNUiNM-Y4lRw9vGmFDWNjRQVoA7X
IP
172.67.177.214:443
ASN
#13335 CLOUDFLARENET

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintD5:0B:42:43:E8:69:FA:76:AA:C8:B3:28:9A:EB:33:C4:6F:62:7A:2B
ValiditySun, 14 Apr 2024 01:48:20 GMT - Sat, 13 Jul 2024 01:48:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/i.php?t=1&c=23426596&stamat=m%257C%252C%252Cg2a3Y3ZvoGU3BP-GH0dEdHP3xP.b31%252ClPaq-_QKNHVXG66e24PYReXzSpQxPcZiZ4F0QmhOGfR8X29rHYUhkl_2eue_xmUXFYF8GtnCfVrw--wis6sZxjLktEs6Vc20ax-gVQ-QxvVMS4muHNWRLxWoi5hQeqWHOA5J6r0D2xC1eFZwJLakumrJVT1vf5yjggQP8uSBtfWhqV0zpHrlfG0yEsmaVmyHxLNLDVkrN8PjIE5M7F6CN76g4OZXvoKxQidPqn95liWggw4GQimInaOaTXsR2TbejuOkUrXYSZtH2iqj6YpKMKLryFtbVYtdUpWyAjFpRlLLmYG22RQCyHqLK8DQxhslLa95B036zEBm7uMwPIhgQbine5Av8ZqIUPbUIsXHui3VLzzvbTrDqrpOwhMr5hahEvyUcifubSP9QaC3zmklyJfuNxjCq-ATmVBVc7L5FA0VqsNGogRCU0_bcIPwM4plWHT4BsSXH2R03BUO5YnpXVw9a0iBzJ19xa1BfyzUkrODbjs7yztWrl05LbNeC-6L206ncl1r5U5FqVLfRMdiCq9ykd-T-tDi3L3lZ2KKSQ1PEgP17Fz9tW74JUlg64xGm1GOnr1xPuKpAXLAgNmzQc6FeKwLe4H0TTeLHNUiNM-Y4lRw9vGmFDWNjRQVoA7X HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
date: Tue, 07 May 2024 12:45:06 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yFFx2gh4%2FwF6QNjYNkxRVtBiAhv0OJfRJgg3sdVWAYo6S3xy%2FINiO3%2B8JL4rCFulO%2F1gIx2h7XhJrWEXhW8SacZ%2B%2BD4I%2BQlalIABzTu3dI%2FFawnh1mdhQS0k1tW1cN8ObUvpd%2FA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88014e21cab11c12-OSL
alt-svc: h3=":443"; ma=86400

fundingchoicesmessages.google.com/b/pub-1857840457925128

216.58.211.14

200 OK

11 kB

URL GET HTTP/3
fundingchoicesmessages.google.com/b/pub-1857840457925128
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
JavaScript source, ASCII text, with very long lines (1483)
Size
11 kB (10559 bytes)
Hash
7d95c2ce557d72fb57101949fb17cfd3
fced0c276fe7dd10b6ec5709ad0b56623be753bb
fa23e295b611fa0af4ba3a1828b1452ec9735f8c303c5c2f426113ed616e437f

HTTP Headers

GET /b/pub-1857840457925128 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 12:45:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'nonce-zvexLvs3kDR-sEAhHnBkEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cross-origin-opener-policy: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmLw1pBiOO90h-k6ENcyPGNqBWIDjedMFkAs8fUlkxYQxzyfzpoCxE7pM1hDgNinfgZrHBC33jzHOh2ITy44z3oRiJP-nWctAeKdiy-wHgTi7-wXWf8DsRAPx6UjLzayCRyYt3kTEwAZ2jOS"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fundingchoicesmessages.google.com/i/pub-1857840457925128?ers=1

216.58.211.14

200 OK

186 kB

URL GET HTTP/3
fundingchoicesmessages.google.com/i/pub-1857840457925128?ers=1
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://anontransfer.com/download/JLTtNXU3eW/Codium.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
JavaScript source, ASCII text, with very long lines (1933)
Size
186 kB (186480 bytes)
Hash
423af97189461d4e15b4ceddaba7f231
ff1af6b0a3ed45c91c025a18e40953d6341745c7
5812fd1c1a8050c74353d6ac249e8d37202ee99e666d6cfd65abdfd9adbaf7c2

HTTP Headers

GET /i/pub-1857840457925128?ers=1 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anontransfer.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 07 May 2024 12:45:06 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'nonce-3iP_HU4kpRQA9_dUNVtdXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cross-origin-opener-policy: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmLw0ZBiOO90h-k6ENcyPGNqBWIDjedMFkAs8fUlkxYQxzyfzpoCxE7pM1hDgNinfgZrHBC33jzHOh2ITy44z3oRiJP-nWctAeKdiy-wHgTib-wXWf8BsRAPx6UjLzayCfzo-byXCQAbyjQC"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (30)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML