anonymfile.com/596Bj/fivem-stellexec.rar?PageSpeed=noscript
138.201.48.112301 Moved Permanently 162 B URL HTTP/1.1 anonymfile.com/596Bj/fivem-stellexec.rar?PageSpeed=noscript
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /596Bj/fivem-stellexec.rar?PageSpeed=noscript HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 08 Feb 2023 09:14:25 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://anonymfile.com/596Bj/fivem-stellexec.rar?PageSpeed=noscript
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5826
Expires: Wed, 08 Feb 2023 10:51:31 GMT
Date: Wed, 08 Feb 2023 09:14:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7980
Expires: Wed, 08 Feb 2023 11:27:25 GMT
Date: Wed, 08 Feb 2023 09:14:25 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 08:34:12 GMT
content-type: application/json
age: 2413
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2551
Expires: Wed, 08 Feb 2023 09:56:56 GMT
Date: Wed, 08 Feb 2023 09:14:25 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: FuCIV3riptBygIj5tybclf/Q3YHBd/VAidVMcYYgxhBExCzTM4Pnk0PTEGoBPn0A0opRMuPAJA7D35P7EDI3Lg==
x-amz-request-id: FDP8B52D07J8P77F
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 08:45:54 GMT
age: 1711
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:25 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3311
Cache-Control: max-age=129952
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 09:14:25 GMT
Etag: "63e2b3a2-118"
Expires: Thu, 09 Feb 2023 21:20:17 GMT
Last-Modified: Tue, 07 Feb 2023 20:25:06 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6246
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 09:14:25 GMT
Last-Modified: Wed, 08 Feb 2023 07:30:19 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3311
Cache-Control: max-age=129952
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 09:14:25 GMT
Etag: "63e2b3a2-118"
Expires: Thu, 09 Feb 2023 21:20:17 GMT
Last-Modified: Tue, 07 Feb 2023 20:25:06 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6246
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 09:14:25 GMT
Last-Modified: Wed, 08 Feb 2023 07:30:19 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4091
Cache-Control: max-age=130732
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 09:14:25 GMT
Etag: "63e2b3a2-118"
Expires: Thu, 09 Feb 2023 21:33:17 GMT
Last-Modified: Tue, 07 Feb 2023 20:25:06 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
anonymfile.com/css/theme.min.css
138.201.48.112200 OK 75 kB URL HTTP/2 anonymfile.com/css/theme.min.css
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 8b61cc26bfb7e13d1ebf3e9639914e51
7b8d4de2b1884b3c1654cfbde0e8a6f3885a3f66
f27b9cd4b89d6729e328f65b08114323077a61b6761865aa160785073f57bbb0
GET /css/theme.min.css HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/596Bj/fivem-stellexec.rar?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6ImYvaHI2S3dFaVVpZVJNeXd0RmRIbmc9PSIsInZhbHVlIjoiUExQYmJuVjZtL1ZkSXhvU21oYTduaFBwSTVJTlR0eVVJRm9xNXN6cWNDZ0s3ZmRXZVVmb0IvaFFIOUJXUnh4MFNCbDI3dkFPR3dma3p2MDR5YkVmb1ZaOUFoQUtSNU9JRFJ3VTVDQlBEYkdyeUlRL2VlZlN3Vys4NFhyUGJZbWIiLCJtYWMiOiI5NmU0ZDA5ZjEwNmEyNDk0ZDQzNTlhZWMyNjliZDUyYzliMDBkYzYyYzQ4MzA3ZjExZDZkM2UwNDhkYzRiNWY3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6InhRT1djamtaTU5pZC9EOFA4VjRvNWc9PSIsInZhbHVlIjoiQUZTQmVoMzhvTENYMHowYUVwZitCeUZmWmw0aXY2cUxjMVFKN01mSnI4RWJnUWdLLzhhNml6TlN4KzRpaHdadjQ0MThvV3VUc0JFMlJsQmlPTGI0cnNnV214MVg2QmpOd3piQitxRm8xVHlyMGpHQU91bUVRemEvc0ptRXVvMHEiLCJtYWMiOiJlYmMxNGUwMzc2ZWNhMTNjNDM0Mjk3MjUxNjdjMGJiY2I0Y2Y3OTE5MTU1NDc1NTJkYWZhZjc5NWJmMjc0YjlkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/css
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-original-content-length: 598523
vary: Accept-Encoding
content-encoding: gzip
content-length: 74661
etag: W/"PSA-aj-TDax0QZn8Y"
date: Wed, 08 Feb 2023 09:14:25 GMT
expires: Wed, 08 Feb 2023 09:18:09 GMT
cache-control: max-age=223
X-Firefox-Spdy: h2
anonymfile.com/img/logo-anon-warning.webp
138.201.48.112200 OK 15 kB URL HTTP/2 anonymfile.com/img/logo-anon-warning.webp
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7b596f481388ac5ef6d74a15a351f6c3
6756e88c0b46cc981b7bbbdaf2ead77bd258a472
cd830cff1dfb9af2181dfe61645addbe21981954713fba54d5875a038e673972
GET /img/logo-anon-warning.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/596Bj/fivem-stellexec.rar?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6ImYvaHI2S3dFaVVpZVJNeXd0RmRIbmc9PSIsInZhbHVlIjoiUExQYmJuVjZtL1ZkSXhvU21oYTduaFBwSTVJTlR0eVVJRm9xNXN6cWNDZ0s3ZmRXZVVmb0IvaFFIOUJXUnh4MFNCbDI3dkFPR3dma3p2MDR5YkVmb1ZaOUFoQUtSNU9JRFJ3VTVDQlBEYkdyeUlRL2VlZlN3Vys4NFhyUGJZbWIiLCJtYWMiOiI5NmU0ZDA5ZjEwNmEyNDk0ZDQzNTlhZWMyNjliZDUyYzliMDBkYzYyYzQ4MzA3ZjExZDZkM2UwNDhkYzRiNWY3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6InhRT1djamtaTU5pZC9EOFA4VjRvNWc9PSIsInZhbHVlIjoiQUZTQmVoMzhvTENYMHowYUVwZitCeUZmWmw0aXY2cUxjMVFKN01mSnI4RWJnUWdLLzhhNml6TlN4KzRpaHdadjQ0MThvV3VUc0JFMlJsQmlPTGI0cnNnV214MVg2QmpOd3piQitxRm8xVHlyMGpHQU91bUVRemEvc0ptRXVvMHEiLCJtYWMiOiJlYmMxNGUwMzc2ZWNhMTNjNDM0Mjk3MjUxNjdjMGJiY2I0Y2Y3OTE5MTU1NDc1NTJkYWZhZjc5NWJmMjc0YjlkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
content-length: 15344
etag: "617d3713-3bf0"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ranges: bytes
date: Wed, 08 Feb 2023 09:13:09 GMT
expires: Wed, 08 Feb 2023 09:18:09 GMT
X-Firefox-Spdy: h2
anonymfile.com/js/site.js
138.201.48.112200 OK 2.0 kB URL HTTP/2 anonymfile.com/js/site.js
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (5640)
Hash a779d1605363c034784168e0553fee12
203adaeac5eec419f7bdf4ba6840c9378c9692e5
0ac5db7b1ae244540526d4c971799e4c8ba3f5921dda88b94d10d2cb6a730bc6
GET /js/site.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/596Bj/fivem-stellexec.rar?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6ImYvaHI2S3dFaVVpZVJNeXd0RmRIbmc9PSIsInZhbHVlIjoiUExQYmJuVjZtL1ZkSXhvU21oYTduaFBwSTVJTlR0eVVJRm9xNXN6cWNDZ0s3ZmRXZVVmb0IvaFFIOUJXUnh4MFNCbDI3dkFPR3dma3p2MDR5YkVmb1ZaOUFoQUtSNU9JRFJ3VTVDQlBEYkdyeUlRL2VlZlN3Vys4NFhyUGJZbWIiLCJtYWMiOiI5NmU0ZDA5ZjEwNmEyNDk0ZDQzNTlhZWMyNjliZDUyYzliMDBkYzYyYzQ4MzA3ZjExZDZkM2UwNDhkYzRiNWY3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6InhRT1djamtaTU5pZC9EOFA4VjRvNWc9PSIsInZhbHVlIjoiQUZTQmVoMzhvTENYMHowYUVwZitCeUZmWmw0aXY2cUxjMVFKN01mSnI4RWJnUWdLLzhhNml6TlN4KzRpaHdadjQ0MThvV3VUc0JFMlJsQmlPTGI0cnNnV214MVg2QmpOd3piQitxRm8xVHlyMGpHQU91bUVRemEvc0ptRXVvMHEiLCJtYWMiOiJlYmMxNGUwMzc2ZWNhMTNjNDM0Mjk3MjUxNjdjMGJiY2I0Y2Y3OTE5MTU1NDc1NTJkYWZhZjc5NWJmMjc0YjlkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-original-content-length: 9351
vary: Accept-Encoding
content-encoding: gzip
content-length: 1993
etag: W/"PSA-aj-ZD_qAZjk-5"
date: Wed, 08 Feb 2023 09:14:25 GMT
expires: Wed, 08 Feb 2023 09:18:10 GMT
cache-control: max-age=224
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
104.17.25.14200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (65447)
Hash d900ca08873ee57d40616d39a44cc0aa
7ab3ac8b1504b7b914a6e94c979b8390bb492f6a
1eea479cc0abe04a0846f41031207f9511f12ffef017a6109d4efb6f5523465b
GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 09:14:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 6087934
expires: Mon, 29 Jan 2024 09:14:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fU%2BGC4I%2F1Q0MruavENRIJKxX5ZVLZmRrUZK073Az%2FWGzIAjGK87l9LU%2Ba5cHf3viS7EgBfDqco2yD3fmYAi8b7N0yzAwAzIb634MSi50x64oVqfAZhyNCiRC2Rcr6v0OA%2BuuPbL1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79634147fd091c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js
104.17.25.14200 OK 6.0 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (18706)
Hash 3773d4bd82b03cdfd02c9fd691f80d78
c4d89a2de179c90944835571b45877048f3c1424
5d05303e3777fd4f588b7167d0a22cd5ca499c238f78ec0cecbb3a8786de332d
GET /ajax/libs/popper.js/2.10.2/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 09:14:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 6037
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6155af49-1795"
last-modified: Thu, 30 Sep 2021 12:36:25 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1649239
expires: Mon, 29 Jan 2024 09:14:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=APbIl1C%2FLB7fU7zeWhnJsFfQPp3n645rAD2zukqbpCX8prhyXT3q4bd4axAuwKx4ZWjPJRWhyD%2FmJpVtUdSkGJWKuDFIEJpFSFCO%2B7rFBLY3KBD85rd43xIegqJM8LsJoZkfDZNv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 796341480d281c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/sweetalert2@11
151.101.129.229200 OK 18 kB URL HTTP/2 cdn.jsdelivr.net/npm/sweetalert2@11
IP 151.101.129.229:0
File type ASCII text, with very long lines (43315)
Hash 34245e47533a6bbe4e69f65aa0297dcf
6649da8177cd2018da3bdcef74aac77931fb470c
9db43754d594eb4c0d021c4b62b3b4a0e13b455d8130f33e845523e9f0c43f7e
GET /npm/sweetalert2@11 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.7.1
x-jsd-version-type: version
etag: W/"fb5c-w+GyqThvnHQcfkFno5FntMBy22I"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 08 Feb 2023 09:14:25 GMT
age: 8576
x-served-by: cache-fra-eddf8230057-FRA, cache-bma1633-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18041
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js
104.17.25.14200 OK 15 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (58940)
Hash 28dbaeb9aa2638e0c4e6d9ffd3d14e9d
3208ed3741e60986bbed3fd759cdfd3b4fa7cf06
ababbb021f57966e125b8e296f9515f38d906b462697f7835e6914465dd0d362
GET /ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 09:14:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 14584
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6161dfe3-38f8"
last-modified: Sat, 09 Oct 2021 18:30:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 7229406
expires: Mon, 29 Jan 2024 09:14:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xTgfLJ4tiL%2B8C6JW0NSKG1iAfI11qtcHv%2Bp4xX3SSCOlV7CTkwNP19e%2B4P%2BkrUQ5lkzjLjO8SnfZdSphKpqlcrF1cmXH0SPTjFTjPcxW4%2FrrVSUOmyZccjhQ8iXzigvFNr%2FuVU%2FX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79634147fd0f1c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js
104.17.25.14200 OK 30 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (65370)
Hash d18c98bb03dac8dd996130d56f3d8e8c
cc1777baef75c9438534927036a21f22e91e5578
89a5585efd3c48a3870d383705937d51bb2a3a776eb01805a2629dd7a28e3c2e
GET /ajax/libs/filepond/4.30.3/filepond.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 09:14:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 29707
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "615c7e96-740b"
last-modified: Tue, 05 Oct 2021 16:34:30 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 16891553
expires: Mon, 29 Jan 2024 09:14:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FlsUNinR11SlkmbRV44dfOPf7qjRpOeUMqxCrwoBd5Gy%2BTw4N4i%2BogVt6QCTVSQ4GjeevYXhhvQlqqnua3Bjat9U2IXJT8yqLnWL4%2BvYnkGxSRdvI9n8Q3cs2rDJyu1YuQ1%2Fu9GE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 796341480d241c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js
3.0 kB URL cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js
IP :0
Hash e34a4db0b42ca907e0b7a56cd4b145ec
2dc36a7dcdfc42d122b23ef91483d27865c4285f
4b2a908e8d2c23d19da5e9ef4c6c77e7c6e8823b7aeb93233723f366ff6d217a
GET /ajax/libs/clipboard.js/2.0.8/clipboard.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
anonymfile.com/img/main/footer.webp
138.201.48.112200 OK 178 kB URL HTTP/2 anonymfile.com/img/main/footer.webp
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image\012- data
Size 178 kB (178070 bytes)
Hash 79ccb3a1b78412a1a530284f45ea7056
626d0494e1bd871e67ecffad44d04ac2343fb7e5
3d4e83b59664d7a779fa777d4ee0e17a1bc09302f9b9cde60815a3142256d8b8
GET /img/main/footer.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/596Bj/fivem-stellexec.rar?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6ImYvaHI2S3dFaVVpZVJNeXd0RmRIbmc9PSIsInZhbHVlIjoiUExQYmJuVjZtL1ZkSXhvU21oYTduaFBwSTVJTlR0eVVJRm9xNXN6cWNDZ0s3ZmRXZVVmb0IvaFFIOUJXUnh4MFNCbDI3dkFPR3dma3p2MDR5YkVmb1ZaOUFoQUtSNU9JRFJ3VTVDQlBEYkdyeUlRL2VlZlN3Vys4NFhyUGJZbWIiLCJtYWMiOiI5NmU0ZDA5ZjEwNmEyNDk0ZDQzNTlhZWMyNjliZDUyYzliMDBkYzYyYzQ4MzA3ZjExZDZkM2UwNDhkYzRiNWY3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6InhRT1djamtaTU5pZC9EOFA4VjRvNWc9PSIsInZhbHVlIjoiQUZTQmVoMzhvTENYMHowYUVwZitCeUZmWmw0aXY2cUxjMVFKN01mSnI4RWJnUWdLLzhhNml6TlN4KzRpaHdadjQ0MThvV3VUc0JFMlJsQmlPTGI0cnNnV214MVg2QmpOd3piQitxRm8xVHlyMGpHQU91bUVRemEvc0ptRXVvMHEiLCJtYWMiOiJlYmMxNGUwMzc2ZWNhMTNjNDM0Mjk3MjUxNjdjMGJiY2I0Y2Y3OTE5MTU1NDc1NTJkYWZhZjc5NWJmMjc0YjlkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
content-length: 178070
etag: "62f35b9c-2b796"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ranges: bytes
date: Wed, 08 Feb 2023 09:13:10 GMT
expires: Wed, 08 Feb 2023 09:18:10 GMT
X-Firefox-Spdy: h2
unpkg.com/filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js
104.16.122.175200 OK 2.0 kB URL HTTP/2 unpkg.com/filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js
IP 104.16.122.175:0
Hash a2f4eafe0eed2c1eccdbce581f5a0b76
72d6b9720078fc784caf25523a77603a542b31f5
3b8f876080acfae9e0d37f23ecdace64d767334ddd32fc8685ea0c5e2d893537
GET /filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 09:14:25 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1a7f-mapzppsO4HAWL/eiqLcABeu0hWU"
via: 1.1 fly.io
fly-request-id: 01GJZ5C0MRVMZFWGTQD5XR207X-ams
cf-cache-status: HIT
age: 6207047
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 796341480f200afe-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3312
Cache-Control: max-age=129952
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 09:14:26 GMT
Etag: "63e2b3a2-118"
Expires: Thu, 09 Feb 2023 21:20:18 GMT
Last-Modified: Tue, 07 Feb 2023 20:25:06 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.20.226:0
Hash 72fb220de7b03735de9aeb3d08667162
cce7de9fe6586e3ac76f6b045b5c18c8f974af55
f78b281cc34715e0cd0fecc589e8aa4468d95e7b6269ca30f579b16cf4ad6314
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 09:14:26 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "ED266C6F17D2F6031765F513179784BC8B832CE1"
Expires: Wed, 08 Feb 2023 21:00:00 GMT
Last-Modified: Wed, 08 Feb 2023 09:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 75
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796341493abdfac0-OSL
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css
104.17.25.14200 OK 14 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (65345)
Hash 642445b86596bdeaa98e92faa2064fc6
6c5539660bf533d34e37b917973c941d1c963374
4a5a39e9f325c5578dccd880c1d516eae190ee39f7539f4a6c6c52d2eee4cbdf
GET /ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 09:14:26 GMT
content-type: text/css; charset=utf-8
content-length: 14374
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61498362-3826"
last-modified: Tue, 21 Sep 2021 07:01:54 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 16727584
expires: Mon, 29 Jan 2024 09:14:26 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=loAAR3AyvQFqFZGA%2FDdUOe65JyVnwWK6cwCIX5jbCXYBmGdu8%2F26FJ0XBH61vy4aTfN3WhZrh2ya1vePh5lNJU3UsX3kAwZPkmoRO2khEz0h%2Bev0WYdK3aSK7F7TW%2BWoG1QWPdP0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 796341493e3e1c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/filepond/4.29.1/filepond.min.css
104.17.25.14200 OK 2.9 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/filepond/4.29.1/filepond.min.css
IP 104.17.25.14:0
File type assembler source, ASCII text, with very long lines (17282)
Hash 78aabb09e30a9eb6f833cbb1b48bdb2e
e876ff16b6c511bc217973e51202aaaf23a4e936
8d76a29a92bc268043a7bd4d0b8f171fffd6c6c3c8e18aa314d6dac1aeb542ae
GET /ajax/libs/filepond/4.29.1/filepond.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 09:14:26 GMT
content-type: text/css; charset=utf-8
content-length: 2934
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "613afc53-b76"
last-modified: Fri, 10 Sep 2021 06:33:55 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1031906
expires: Mon, 29 Jan 2024 09:14:26 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NquQ3qTrzu41Y2PF16CkFsF3C1PHcn9UjdyAtLFdUKdloFdzFr54rzLNKLUXS4XYVXv06gWbQLoq8v2MENDd3rVK2Vqwp3DXL6oJ9LvoH%2B9GGNs2UD%2FQhHjrMo2I4jiuFcbJNL1j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79634149beac1c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/webfonts/fa-solid-900.woff2
104.17.25.14200 OK 123 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/webfonts/fa-solid-900.woff2
IP 104.17.25.14:0
File type Web Open Font Format (Version 2), TrueType, length 122760, version 768.66\012- data
Size 123 kB (122760 bytes)
Hash d1bea16f470ff27ca26131a867131fda
c1e34985d239716f1f236b932f2ecf4fb4c167d2
57deb9ccde6d49564a916cc58a799d8ebd793c7aff69a7f3cce48cbfb0c48777
GET /ajax/libs/font-awesome/6.0.0-beta2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 09:14:26 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 122760
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "61498362-1df88"
last-modified: Tue, 21 Sep 2021 07:01:54 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4194335
expires: Mon, 29 Jan 2024 09:14:26 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JcsY15wZ0FYuIImYd4G7bkUIHJPIXst0UdEIlOyJHpF286EFydja4C5sSZlqnUim1rldnfV29D%2BxtCJx45Chh6ZLyzdJREB6JxsYlDq3h8igdFsJLH9W7srbPjxMxv%2FFteVElO9A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79634149cec41c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5084
Expires: Wed, 08 Feb 2023 10:39:10 GMT
Date: Wed, 08 Feb 2023 09:14:26 GMT
Connection: keep-alive
push.services.mozilla.com/
52.26.112.186101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.26.112.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: m7yAUz6wFcdHRNrlRMNZvg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: sn1YedQQvVnhbQijSIbrXneSIt0=
anonymfile.com/img/logo-anon-warning.png
138.201.48.112200 OK 22 kB URL HTTP/2 anonymfile.com/img/logo-anon-warning.png
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 1024 x 1024, 8-bit colormap, non-interlaced\012- data
Hash 4332367bd6f2c12da86e4ab20157daef
027b329b8b50972ee035b4e4f3cb9a3c080aba31
a7a91652e8153a80b1270b5fdb1d1e1e880ad9580e298040df1ed1b024699eb4
GET /img/logo-anon-warning.png HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/596Bj/fivem-stellexec.rar?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6ImYvaHI2S3dFaVVpZVJNeXd0RmRIbmc9PSIsInZhbHVlIjoiUExQYmJuVjZtL1ZkSXhvU21oYTduaFBwSTVJTlR0eVVJRm9xNXN6cWNDZ0s3ZmRXZVVmb0IvaFFIOUJXUnh4MFNCbDI3dkFPR3dma3p2MDR5YkVmb1ZaOUFoQUtSNU9JRFJ3VTVDQlBEYkdyeUlRL2VlZlN3Vys4NFhyUGJZbWIiLCJtYWMiOiI5NmU0ZDA5ZjEwNmEyNDk0ZDQzNTlhZWMyNjliZDUyYzliMDBkYzYyYzQ4MzA3ZjExZDZkM2UwNDhkYzRiNWY3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6InhRT1djamtaTU5pZC9EOFA4VjRvNWc9PSIsInZhbHVlIjoiQUZTQmVoMzhvTENYMHowYUVwZitCeUZmWmw0aXY2cUxjMVFKN01mSnI4RWJnUWdLLzhhNml6TlN4KzRpaHdadjQ0MThvV3VUc0JFMlJsQmlPTGI0cnNnV214MVg2QmpOd3piQitxRm8xVHlyMGpHQU91bUVRemEvc0ptRXVvMHEiLCJtYWMiOiJlYmMxNGUwMzc2ZWNhMTNjNDM0Mjk3MjUxNjdjMGJiY2I0Y2Y3OTE5MTU1NDc1NTJkYWZhZjc5NWJmMjc0YjlkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
content-length: 21479
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ranges: bytes
x-original-content-length: 40729
etag: W/"PSA-aj-QzI2e9bywS"
date: Wed, 08 Feb 2023 09:14:27 GMT
expires: Wed, 08 Feb 2023 09:18:10 GMT
cache-control: max-age=222
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 96678f6c0d2bd79e1881f123c3b08e24
f9d0db9670587818b9a239e959e8ff77a8897442
778c46a7286484335eb56b63879185db601810a5b76b7e7c6784328a39991104
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2049
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 09:14:27 GMT
Last-Modified: Wed, 08 Feb 2023 08:40:18 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 96678f6c0d2bd79e1881f123c3b08e24
f9d0db9670587818b9a239e959e8ff77a8897442
778c46a7286484335eb56b63879185db601810a5b76b7e7c6784328a39991104
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 784
Cache-Control: max-age=118767
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 09:14:27 GMT
Etag: "63e291d2-118"
Expires: Thu, 09 Feb 2023 18:13:54 GMT
Last-Modified: Tue, 07 Feb 2023 18:00:50 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
anonymfile.com/ngx_pagespeed_beacon?url=http%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar
138.201.48.112204 No Content 0 B URL HTTP/2 anonymfile.com/ngx_pagespeed_beacon?url=http%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ngx_pagespeed_beacon?url=http%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/596Bj/fivem-stellexec.rar?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6ImYvaHI2S3dFaVVpZVJNeXd0RmRIbmc9PSIsInZhbHVlIjoiUExQYmJuVjZtL1ZkSXhvU21oYTduaFBwSTVJTlR0eVVJRm9xNXN6cWNDZ0s3ZmRXZVVmb0IvaFFIOUJXUnh4MFNCbDI3dkFPR3dma3p2MDR5YkVmb1ZaOUFoQUtSNU9JRFJ3VTVDQlBEYkdyeUlRL2VlZlN3Vys4NFhyUGJZbWIiLCJtYWMiOiI5NmU0ZDA5ZjEwNmEyNDk0ZDQzNTlhZWMyNjliZDUyYzliMDBkYzYyYzQ4MzA3ZjExZDZkM2UwNDhkYzRiNWY3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6InhRT1djamtaTU5pZC9EOFA4VjRvNWc9PSIsInZhbHVlIjoiQUZTQmVoMzhvTENYMHowYUVwZitCeUZmWmw0aXY2cUxjMVFKN01mSnI4RWJnUWdLLzhhNml6TlN4KzRpaHdadjQ0MThvV3VUc0JFMlJsQmlPTGI0cnNnV214MVg2QmpOd3piQitxRm8xVHlyMGpHQU91bUVRemEvc0ptRXVvMHEiLCJtYWMiOiJlYmMxNGUwMzc2ZWNhMTNjNDM0Mjk3MjUxNjdjMGJiY2I0Y2Y3OTE5MTU1NDc1NTJkYWZhZjc5NWJmMjc0YjlkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 08 Feb 2023 09:14:27 GMT
cache-control: max-age=0, no-cache
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 7f32addc23634c5f55fdd92c9f6d11e8
76f1d272abe4599e132cdcda6211703574d34024
646dcc0838b646cf96a628ecf41b2a7ef50657868d2679c692984f82d046c9d3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "646DCC0838B646CF96A628ECF41B2A7EF50657868D2679C692984F82D046C9D3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15963
Expires: Wed, 08 Feb 2023 13:40:30 GMT
Date: Wed, 08 Feb 2023 09:14:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13210
Expires: Wed, 08 Feb 2023 12:54:37 GMT
Date: Wed, 08 Feb 2023 09:14:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13210
Expires: Wed, 08 Feb 2023 12:54:37 GMT
Date: Wed, 08 Feb 2023 09:14:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13210
Expires: Wed, 08 Feb 2023 12:54:37 GMT
Date: Wed, 08 Feb 2023 09:14:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13210
Expires: Wed, 08 Feb 2023 12:54:37 GMT
Date: Wed, 08 Feb 2023 09:14:27 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9c2a9eee923b84d4e06438a8b2acaff
520b122e3ce52220af153fee26bb7067283f9075
9ff4236fdcd05210a9c8bb48ea68179e142b1b05c8b19dd66282590dff69fa22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10058
x-amzn-requestid: 94374454-1e89-4c43-895b-0a90f39b851d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O5vEgcoAMFctg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c50a-0bf11cad4b0818c36188ba91;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1R4SRNvqhRHbrDZsGB06NJbBXf8WRgJEHmXTbop8pqf8etTJSlmQwQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:05 GMT
age: 40102
etag: "520b122e3ce52220af153fee26bb7067283f9075"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02fde25be5ded120af759d19d8304f73
8d2a4d9ab5947113ce0737d4d4bed3e30a971026
7cdf26668cca22f28eee047d3fcf30cea8d97b1d8804fe2132728f26cd11558d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8629
x-amzn-requestid: cc20d28e-3937-4826-97ef-100fb5dd2645
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7LFn3oAMF61A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-6e764236604212fa26dab38a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GIAPTJF7sfpuubLSngEDMrowvBWW5c1xRlyVf7PQ3o6rGWdFITVioA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:15:10 GMT
etag: "8d2a4d9ab5947113ce0737d4d4bed3e30a971026"
content-type: image/jpeg
age: 39557
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F085f1306-f595-4e1a-8162-7d3d1f959ac3.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F085f1306-f595-4e1a-8162-7d3d1f959ac3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7dbe304b5138a360ff07a9842bcf6a7f
00572f7667e322c9ef34bc35b7998c1c172dd34c
d63c58d6c96e23c61b92272de8c2aab01f4cf85f3420cc434c05447d355b1c77
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F085f1306-f595-4e1a-8162-7d3d1f959ac3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9108
x-amzn-requestid: a3bffa19-86ce-4a59-b826-551deddb3e9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fostZG2xIAMF0wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9c188-18acd7311c6190c9486e86ac;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 01:34:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: D3DmTtciv2wzm5T0eQJopJiXCkHWZc1PlbVdbsBbJaquGcT1HoIZhg==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 08:40:04 GMT
age: 2063
etag: "00572f7667e322c9ef34bc35b7998c1c172dd34c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92b2ed55-154e-4ed7-a7ab-1418742cdf6e.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92b2ed55-154e-4ed7-a7ab-1418742cdf6e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7543be9bef0afb8f61344286b7136dd7
e1537aa408cde39d2a314cc2a14f7f7a04a84eb1
162f0898f88d84c8d06542e48e8ff6a903e638f2a837f32681ae1f5e28ae40d7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92b2ed55-154e-4ed7-a7ab-1418742cdf6e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7303
x-amzn-requestid: 081c79e9-2b23-47ad-8b7d-7197c5515c0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f58kdHMvIAMFdzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a7b5-66fca524070e374310920915;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:09:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CV8Q0EwlleoBURF3IvwUGDm_ANrg_SINlUR3cl6OhqySJPejP6T0hg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 08:10:04 GMT
age: 3863
etag: "e1537aa408cde39d2a314cc2a14f7f7a04a84eb1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F308abacb-8d5b-49bf-9e2b-59b6b40157cb.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F308abacb-8d5b-49bf-9e2b-59b6b40157cb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2bf626b824fefec1ecaceb9243f2e5ec
f222976d76d889a0cd767bfd73075ee114c531ce
3f981850c6e6628245be7f7e26418d8b945dbeaf45e06492d8e2ee9409245195
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F308abacb-8d5b-49bf-9e2b-59b6b40157cb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12772
x-amzn-requestid: a4603c5c-c842-4a1d-bf09-550f160e1082
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7OEz8oAMFbOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-763b7ecf50411a4d13dd8a25;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ECAdRS7as57pL15HxK4Ep0YOho8Kba8RFhMVnXGdJuKYItQHNf2yHA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:53:57 GMT
age: 40830
etag: "f222976d76d889a0cd767bfd73075ee114c531ce"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 845e4e4051f1162b20d3df5f208e8d3e
076462f67531c60b31ec768a275c96317292306d
40996d8929ab92f342328fc018518d6131c6222b0ec23051775eda276a602026
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4168
x-amzn-requestid: 24814225-0063-49fb-86ff-e78869538b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjQFS_IAMFtLQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47b-67307c42182089b3096e98b5;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: f90qZAgSmdYFuW_BDTZVivBlk_c5SrirTSeJmvoysOmCcOjxtFZrbA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:42:03 GMT
age: 41544
etag: "076462f67531c60b31ec768a275c96317292306d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 62682535c439a55b781222ec36a7fd3a
1d751ec0b7599f4fc9b80e876cf52f1427a70c23
623daa175f96467b32eeed5e2d2c6152265c8e6f7df3d2fbaa7462902471a006
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "623DAA175F96467B32EEED5E2D2C6152265C8E6F7DF3D2FBAA7462902471A006"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3596
Expires: Wed, 08 Feb 2023 10:14:24 GMT
Date: Wed, 08 Feb 2023 09:14:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 9c14e228f19415f2af825294ff401241
dabb4fa3c22980b27aa873fd8aa429366655c95e
df9ed274a8026ea08f348145695717b6f8a11fa8f3c14e60b30b4cd60f7e2fde
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF9ED274A8026EA08F348145695717B6F8A11FA8F3C14E60B30B4CD60F7E2FDE"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3515
Expires: Wed, 08 Feb 2023 10:13:03 GMT
Date: Wed, 08 Feb 2023 09:14:28 GMT
Connection: keep-alive
my.rtmark.net/gid.js?userId=f66f08793072410f969d8ad7ab4dc400
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=f66f08793072410f969d8ad7ab4dc400
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash d50dcfb999488093736c2c933a67e6de
ade989fd235a614f34ac9d149ba24f390ce2d3be
4081a02163bc3550520409b456ebfcdf0351d7fa81444726c862ff9d05d28709
GET /gid.js?userId=f66f08793072410f969d8ad7ab4dc400 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=f66f08793072410f969d8ad7ab4dc400; expires=Thu, 08 Feb 2024 09:14:28 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 8f4fb4444ea49aad820b288f22467c1a
eedf347d8e17bbda185f44e0f1b268a07e6c647e
38515b8ef80e3c5be4cc9400d38de18d376ffc3a83851f50530be6431d2eaf32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "38515B8EF80E3C5BE4CC9400D38DE18D376FFC3A83851F50530BE6431D2EAF32"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9560
Expires: Wed, 08 Feb 2023 11:53:48 GMT
Date: Wed, 08 Feb 2023 09:14:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash f4007f5a7f8ae8f8f2a5512aeab92424
331c535bf6b89049136868d10ce149a14271a990
1fd8100e7ed65cfaa69fff725cae7b4d08b8ff29e70ec836193486dd02d86e6c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1FD8100E7ED65CFAA69FFF725CAE7B4D08B8FF29E70EC836193486DD02D86E6C"
Last-Modified: Tue, 07 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11881
Expires: Wed, 08 Feb 2023 12:32:29 GMT
Date: Wed, 08 Feb 2023 09:14:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash e6657bba96c516bd2ec6e55339e1fc95
a3eb624638dacf67bb0bf02b5edd9c1c6b2fe13b
ff7288fb49e683f6a0e559771dd8bcc9a329ed2be0ff2da049a1860d5d9e632b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF7288FB49E683F6A0E559771DD8BCC9A329ED2BE0FF2DA049A1860D5D9E632B"
Last-Modified: Tue, 07 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15691
Expires: Wed, 08 Feb 2023 13:35:59 GMT
Date: Wed, 08 Feb 2023 09:14:28 GMT
Connection: keep-alive
ibrapush.com/zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3=
139.45.197.250200 OK 664 B URL HTTP/2 ibrapush.com/zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (663)
Hash 924f83d583902548517c3327ff8e4493
7d5ea76f95d862b44558e6428f0a0d2bb20e2b0c
92e16e70459ff85e5803ded19d1f535cb6197a2b1eda7b254cb663b81908147c
GET /zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: 7978251dd4692412ae6707d7f359a05b
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
ibrapush.com/pfe/current/universal.min.js?v=3.1.418
139.45.197.250200 OK 34 kB URL HTTP/2 ibrapush.com/pfe/current/universal.min.js?v=3.1.418
IP 139.45.197.250:0
Hash e613b27b2684c8b5d35ccd874b8bfa2a
0c00288ae5d16490ffdb3a77e9dc3a877aaea162
be3d2a0068dab12ddbc6f9750aec0cd026d4c047f35477b4ada2253a85016933
GET /pfe/current/universal.min.js?v=3.1.418 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: application/javascript
last-modified: Tue, 07 Feb 2023 14:32:42 GMT
etag: W/"63e2610a-19082"
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
ibrapush.com/pfe/current/tag.min.js?z=5307590
139.45.197.250200 OK 6.0 kB URL HTTP/2 ibrapush.com/pfe/current/tag.min.js?z=5307590
IP 139.45.197.250:0
Hash cd2b699d9326fe01b82b6aa13b757c86
baca6391fe158b2aab05285d2dc1cbed4995e565
5080ada091cab016d7aa1cf3dc8077c5a341f730caf463cabd374c1dc883ccd4
GET /pfe/current/tag.min.js?z=5307590 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: application/javascript
last-modified: Tue, 07 Feb 2023 14:32:42 GMT
etag: W/"63e2610a-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
link: <https://my.rtmark.net>; rel=dns-prefetch;, <https://my.rtmark.net>; rel=preconnect
content-encoding: gzip
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 773
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: af485b354668b7db594c79ece2c44c54
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1211
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 08 Feb 2023 09:14:33 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://anonymfile.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
nanouwho.com/1?z=5307589
139.45.197.242200 OK 7.0 kB IP 139.45.197.242:0
File type ASCII text, with very long lines (17093)
Hash ef7032ceb80a05d927aa7c3ad58641aa
9c90e945382b02e0d08420ba5669b28502c9b72f
361633bd48660843c419bf3159ecd5fd6cf84cf74afbce780df2ca5e34e12049
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5307589 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: addcffd45c2586bb74f0f0e2c2ef57b8
access-control-expose-headers: X-Sc
x-sc: _-EpQP9S0_H44zDzKySHosgX-gKCOX7rPPnXAJVEuzHb1OxnDTjVFeUtR-j5JYnM1AP810zarxpPKLTUDraFqWWKjc4=
set-cookie: scm=1; expires=Thu, 08 Feb 2024 09:14:28 GMT; secure; SameSite=None
OAID=4cd43953ae0d4279a9c1791bf38576c3; expires=Thu, 08 Feb 2024 09:14:28 GMT; secure; SameSite=None
oaidts=1675847668; expires=Thu, 08 Feb 2024 09:14:28 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/27/2d5af85c6f57387d328e80fd371b500a
139.45.197.242200 OK 130 kB URL HTTP/2 nanouwho.com/27/2d5af85c6f57387d328e80fd371b500a
IP 139.45.197.242:0
File type ASCII text, with very long lines (65523)
Size 130 kB (130055 bytes)
Hash c0dfee6ed3875457fa06b9af6d5dd7a0
8696bc4708a096eb2dcaeebbbe56ec9056e87ab2
18611ccde99edd336db686b16469c62f4fe7cb76dfaaf35bc166affa932b4d1f
Analyzer Verdict Alert quad9 Sinkholed
GET /27/2d5af85c6f57387d328e80fd371b500a HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=4cd43953ae0d4279a9c1791bf38576c3; oaidts=1675847668
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Tue, 07 Feb 2023 11:34:00 GMT
expires: Tue, 09 Mar 2083 11:34:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=f66f08793072410f969d8ad7ab4dc400
139.45.197.242200 OK 2.7 kB URL HTTP/2 nanouwho.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=f66f08793072410f969d8ad7ab4dc400
IP 139.45.197.242:0
File type JSON data\012- , ASCII text, with very long lines (6534), with no line terminators
Hash 7d87f211e52dc7c55c7189fed2bba7de
9895056ae4671cc9aae8d55bfa3d309686e7fe91
226e483fea1024b0a13ea3b102e6fa9eb2c5d68cefb86c869f47e09f4902e160
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=f66f08793072410f969d8ad7ab4dc400 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 121
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=4cd43953ae0d4279a9c1791bf38576c3; oaidts=1675847668
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: a22b2953ee2c46083b410ecec0bf91fa
access-control-expose-headers: X-Sc
set-cookie: OAID=f66f08793072410f969d8ad7ab4dc400; expires=Thu, 08 Feb 2024 09:14:28 GMT; secure; SameSite=None
oaidts=1675847668; expires=Thu, 08 Feb 2024 09:14:28 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
betotodilea.com/400/5307588
139.45.197.237200 OK 32 kB URL HTTP/2 betotodilea.com/400/5307588
IP 139.45.197.237:0
Hash 3cbe1b7dad0350ce22c4b61e8e48dfb8
3bf77bcaebdffde9c124b0c0e02abe9f4d9c799e
59b62dd0b48b54f3d9f3eb2d1b48ef08bc415e21b0d3261c35d12c76be1181e5
Analyzer Verdict Alert quad9 Sinkholed
GET /400/5307588 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: application/javascript
x-trace-id: 0e1e39341a3c6d531c57ee097a46126e
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=15527f1370a9406db258be5018402257; expires=Thu, 08 Feb 2024 09:14:28 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 31b43452695cd13fe96bc1d9972b319b
b31e47802e563f5260e243a7a06f1275a0dd1308
88127788e8947cc1d3664b8ca9ca8a549c4a1aad32a74110cec2a3d05e579705
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3260
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 09:14:28 GMT
Last-Modified: Wed, 08 Feb 2023 08:20:08 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
offerimage.com/www/images/7d763937692f59aea0578ffe58c10ee0.jpeg
104.22.33.172200 OK 14 kB URL HTTP/2 offerimage.com/www/images/7d763937692f59aea0578ffe58c10ee0.jpeg
IP 104.22.33.172:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 7d763937692f59aea0578ffe58c10ee0
b3a4cc4fd1a0d8319e59057e535b0b19f1a3b35b
2d7300c572db1683cbc8071be4bbaf31b00954193f6f82d453c99a7a58bd7620
GET /www/images/7d763937692f59aea0578ffe58c10ee0.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: image/jpeg
content-length: 13778
cache-control: max-age=86400
cf-bgj: h2pri
etag: "63888441-35d2"
expires: Wed, 08 Feb 2023 09:25:12 GMT
last-modified: Thu, 01 Dec 2022 10:38:57 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 85756
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79634159a8629930-ARN
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/36/d8/c2/9c866059b85b47752a6cc71b81/01636574006222.png
139.45.197.152200 OK 45 kB URL HTTP/2 interstitial-07.com/contents/s/36/d8/c2/9c866059b85b47752a6cc71b81/01636574006222.png
IP 139.45.197.152:0
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash 36d8c29c866059b85b47752a6cc71b81
2d877eabf6710f66f5d7a3e265de997cf258ba32
0bbd2d8d16b4fd96c0a0dabecbd05ca573b30cd7079950d73b5dd68bde69a27b
GET /contents/s/36/d8/c2/9c866059b85b47752a6cc71b81/01636574006222.png HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=9b0delICK3pIjOt&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3707124089%26z%3D5307589%26b%3D14148810%26c%3D5901940%26var%3D%26d%3Dhttps%253A%252F%252Fred.forexpeacearmy.com%252F62cddf3c85e2d000019d78f1%253Fsub1%253D%257Bzoneid%257D%2526sub2%253D%257Bcampaignid%257D%2526sub3%253D%257Bconnection.type%257D%2526sub4%253D%257Bbrowser%257D%2526sub5%253D%257Bos%257D%2526sub6%253D%257Bcountry%257D%2526sub7%253D%257Bbannerid%257D%2526sub8%253D%257Bisp%257D%2526sub9%253D%257Bdevice%257D%2526ref_id%253D%2524%257BSUBID%257D%2526cost%253D%257Bcost%257D%26cln%3D1%26btp%3D7%26rb%3DZxpVJMtwZZ2PzxaEa0xOEDAUxetQlMLjrjxnje0RC_JCBjLp9upqOZJgKUGgAF0cUlBSbkqVvrApEIZyWLLMaNmh3Acc6wbYfish9BgHVbPrwVXok_63zU-dfXILYB-XFlaAqJ4gIPSBDWM6l8ULtPtiAnjO-ugKyM-kwpUO-fiflS3cdx2-Ggw_nXNanL5aWPiO7nmMl2wx8ZSwx2bz7NLV5F_G19p1jNAzmDHxArtoW5r2qnEYzWnELB5zXh-Eup_v_LE-wnR1iBHYD0SU_rM0H67_Uc47ikbL8l9fkcRaulZuGZo2vM5Lg_y2jAt1g8GqbWJbQenoBHlUIg8mF0ckYlaarCU1rlhwwy06ZJMF1ljUsZp_vdhLKhkclVYeJLxf_lncjW630yJr1NHlXTRh6DwF9RLh1QjJ2-n1cXQd2PXfjn74MsFG1-7mihxKpgPSOSzy1JjADpGpFxRZdbfKG-VpD3M2xDqBnED4CQ7QMoJHutXPxw-BOqCyL0U99mhDj2dley_Nmdiqrh2Hi81dyEjH0d0mqNbSny3rYstqe8Hcj04A7yaaGD6HmKD_ixP0ju7Yd-f65dEIyQncxU8-Pff6b35TTW74_vAJJvF70u-3sXdFpoyllnE7uVIMP58IdfXattmF9CeJkXxu41ekGWJ5meBqaH2CLhn_sJF6vk0MC0ZvBA%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3D3818cbe3-38a1-4a76-aeff-1249f91dd332%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252F596Bj%252Ffivem-stellexec.rar%253FPageSpeed%253Dnoscript%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: image/png
content-length: 45133
last-modified: Thu, 14 Jul 2022 23:23:43 GMT
vary: Accept-Encoding
etag: "62d0a57f-b04d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.10200 OK 503 B IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
Hash 47114ee8db62314101353ef87c610f04
9f676acb42eeb3fc2808d2100f1411d7cc3ef239
cd1ca767877e877c1555495006b3422f2605e701a081550b6e1899a4b244a0c9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CD1CA767877E877C1555495006B3422F2605E701A081550B6E1899A4B244A0C9"
Last-Modified: Tue, 07 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11022
Expires: Wed, 08 Feb 2023 12:18:11 GMT
Date: Wed, 08 Feb 2023 09:14:29 GMT
Connection: keep-alive
interstitial-07.com/?l=9b0delICK3pIjOt&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3707124089%26z%3D5307589%26b%3D14148810%26c%3D5901940%26var%3D%26d%3Dhttps%253A%252F%252Fred.forexpeacearmy.com%252F62cddf3c85e2d000019d78f1%253Fsub1%253D%257Bzoneid%257D%2526sub2%253D%257Bcampaignid%257D%2526sub3%253D%257Bconnection.type%257D%2526sub4%253D%257Bbrowser%257D%2526sub5%253D%257Bos%257D%2526sub6%253D%257Bcountry%257D%2526sub7%253D%257Bbannerid%257D%2526sub8%253D%257Bisp%257D%2526sub9%253D%257Bdevice%257D%2526ref_id%253D%2524%257BSUBID%257D%2526cost%253D%257Bcost%257D%26cln%3D1%26btp%3D7%26rb%3DZxpVJMtwZZ2PzxaEa0xOEDAUxetQlMLjrjxnje0RC_JCBjLp9upqOZJgKUGgAF0cUlBSbkqVvrApEIZyWLLMaNmh3Acc6wbYfish9BgHVbPrwVXok_63zU-dfXILYB-XFlaAqJ4gIPSBDWM6l8ULtPtiAnjO-ugKyM-kwpUO-fiflS3cdx2-Ggw_nXNanL5aWPiO7nmMl2wx8ZSwx2bz7NLV5F_G19p1jNAzmDHxArtoW5r2qnEYzWnELB5zXh-Eup_v_LE-wnR1iBHYD0SU_rM0H67_Uc47ikbL8l9fkcRaulZuGZo2vM5Lg_y2jAt1g8GqbWJbQenoBHlUIg8mF0ckYlaarCU1rlhwwy06ZJMF1ljUsZp_vdhLKhkclVYeJLxf_lncjW630yJr1NHlXTRh6DwF9RLh1QjJ2-n1cXQd2PXfjn74MsFG1-7mihxKpgPSOSzy1JjADpGpFxRZdbfKG-VpD3M2xDqBnED4CQ7QMoJHutXPxw-BOqCyL0U99mhDj2dley_Nmdiqrh2Hi81dyEjH0d0mqNbSny3rYstqe8Hcj04A7yaaGD6HmKD_ixP0ju7Yd-f65dEIyQncxU8-Pff6b35TTW74_vAJJvF70u-3sXdFpoyllnE7uVIMP58IdfXattmF9CeJkXxu41ekGWJ5meBqaH2CLhn_sJF6vk0MC0ZvBA%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3D3818cbe3-38a1-4a76-aeff-1249f91dd332%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252F596Bj%252Ffivem-stellexec.rar%253FPageSpeed%253Dnoscript%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
139.45.197.152200 OK 199 kB URL HTTP/2 interstitial-07.com/?l=9b0delICK3pIjOt&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3707124089%26z%3D5307589%26b%3D14148810%26c%3D5901940%26var%3D%26d%3Dhttps%253A%252F%252Fred.forexpeacearmy.com%252F62cddf3c85e2d000019d78f1%253Fsub1%253D%257Bzoneid%257D%2526sub2%253D%257Bcampaignid%257D%2526sub3%253D%257Bconnection.type%257D%2526sub4%253D%257Bbrowser%257D%2526sub5%253D%257Bos%257D%2526sub6%253D%257Bcountry%257D%2526sub7%253D%257Bbannerid%257D%2526sub8%253D%257Bisp%257D%2526sub9%253D%257Bdevice%257D%2526ref_id%253D%2524%257BSUBID%257D%2526cost%253D%257Bcost%257D%26cln%3D1%26btp%3D7%26rb%3DZxpVJMtwZZ2PzxaEa0xOEDAUxetQlMLjrjxnje0RC_JCBjLp9upqOZJgKUGgAF0cUlBSbkqVvrApEIZyWLLMaNmh3Acc6wbYfish9BgHVbPrwVXok_63zU-dfXILYB-XFlaAqJ4gIPSBDWM6l8ULtPtiAnjO-ugKyM-kwpUO-fiflS3cdx2-Ggw_nXNanL5aWPiO7nmMl2wx8ZSwx2bz7NLV5F_G19p1jNAzmDHxArtoW5r2qnEYzWnELB5zXh-Eup_v_LE-wnR1iBHYD0SU_rM0H67_Uc47ikbL8l9fkcRaulZuGZo2vM5Lg_y2jAt1g8GqbWJbQenoBHlUIg8mF0ckYlaarCU1rlhwwy06ZJMF1ljUsZp_vdhLKhkclVYeJLxf_lncjW630yJr1NHlXTRh6DwF9RLh1QjJ2-n1cXQd2PXfjn74MsFG1-7mihxKpgPSOSzy1JjADpGpFxRZdbfKG-VpD3M2xDqBnED4CQ7QMoJHutXPxw-BOqCyL0U99mhDj2dley_Nmdiqrh2Hi81dyEjH0d0mqNbSny3rYstqe8Hcj04A7yaaGD6HmKD_ixP0ju7Yd-f65dEIyQncxU8-Pff6b35TTW74_vAJJvF70u-3sXdFpoyllnE7uVIMP58IdfXattmF9CeJkXxu41ekGWJ5meBqaH2CLhn_sJF6vk0MC0ZvBA%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3D3818cbe3-38a1-4a76-aeff-1249f91dd332%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252F596Bj%252Ffivem-stellexec.rar%253FPageSpeed%253Dnoscript%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP 139.45.197.152:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1689)
Size 199 kB (198903 bytes)
Hash 6a001c64123e3e324584a08db7f4bebb
36b51dc21fd3abb83ab09140b62dc9f4c6592e64
7ab049e723a095167e8e5ee606cd48ea6508a1d335c8665c0e3cf267b82e5363
GET /?l=9b0delICK3pIjOt&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3707124089%26z%3D5307589%26b%3D14148810%26c%3D5901940%26var%3D%26d%3Dhttps%253A%252F%252Fred.forexpeacearmy.com%252F62cddf3c85e2d000019d78f1%253Fsub1%253D%257Bzoneid%257D%2526sub2%253D%257Bcampaignid%257D%2526sub3%253D%257Bconnection.type%257D%2526sub4%253D%257Bbrowser%257D%2526sub5%253D%257Bos%257D%2526sub6%253D%257Bcountry%257D%2526sub7%253D%257Bbannerid%257D%2526sub8%253D%257Bisp%257D%2526sub9%253D%257Bdevice%257D%2526ref_id%253D%2524%257BSUBID%257D%2526cost%253D%257Bcost%257D%26cln%3D1%26btp%3D7%26rb%3DZxpVJMtwZZ2PzxaEa0xOEDAUxetQlMLjrjxnje0RC_JCBjLp9upqOZJgKUGgAF0cUlBSbkqVvrApEIZyWLLMaNmh3Acc6wbYfish9BgHVbPrwVXok_63zU-dfXILYB-XFlaAqJ4gIPSBDWM6l8ULtPtiAnjO-ugKyM-kwpUO-fiflS3cdx2-Ggw_nXNanL5aWPiO7nmMl2wx8ZSwx2bz7NLV5F_G19p1jNAzmDHxArtoW5r2qnEYzWnELB5zXh-Eup_v_LE-wnR1iBHYD0SU_rM0H67_Uc47ikbL8l9fkcRaulZuGZo2vM5Lg_y2jAt1g8GqbWJbQenoBHlUIg8mF0ckYlaarCU1rlhwwy06ZJMF1ljUsZp_vdhLKhkclVYeJLxf_lncjW630yJr1NHlXTRh6DwF9RLh1QjJ2-n1cXQd2PXfjn74MsFG1-7mihxKpgPSOSzy1JjADpGpFxRZdbfKG-VpD3M2xDqBnED4CQ7QMoJHutXPxw-BOqCyL0U99mhDj2dley_Nmdiqrh2Hi81dyEjH0d0mqNbSny3rYstqe8Hcj04A7yaaGD6HmKD_ixP0ju7Yd-f65dEIyQncxU8-Pff6b35TTW74_vAJJvF70u-3sXdFpoyllnE7uVIMP58IdfXattmF9CeJkXxu41ekGWJ5meBqaH2CLhn_sJF6vk0MC0ZvBA%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3D3818cbe3-38a1-4a76-aeff-1249f91dd332%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252F596Bj%252Ffivem-stellexec.rar%253FPageSpeed%253Dnoscript%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
set-cookie: reverse=ymj-1ulZG3Dcda7WChV38fhkXGrdHI-v3oL4q9QtF8o; expires=Wed, 08-Feb-2023 10:14:28 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2
unphionetor.com/fv.js?t=72747&cb=1736871566
139.45.197.236200 OK 2.2 kB URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=1736871566
IP 139.45.197.236:0
File type ASCII text, with very long lines (5213), with no line terminators
Hash 0254fb1dad74628b7ad0f97d304fac92
35f7af13a08eb87023ec7df4d3c35c21b2cde79d
47fb6ce428ca80ea69b772e4f66e4e5c622a4005db601746033d04511bd27536
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=72747&cb=1736871566 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:29 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 03acaba27919e60245315562fd8fb946
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 08 Feb 2023 09:14:29 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: d80610d43eb9000721b6135071f77444
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
betotodilea.com/impression/5295NZV1dfbzf_k47zxnJd0AIFZG5gXIjXBw3YkxqDNxdEAtL3NGJSZScpaMJ-R59Nwcvk1baM4WnEdOLu2yfZ2dt-iXsMUvFaROx4kEzkwyvYE4jVd1wTCN07N66sNc9hI7_XL0oZa15gQrowXVAdpJPuo9cJGmP1HEMEoSn7eg6blDCdQLXKUaRI9yCZgv5Lgj0EiGnrWjdCYGOv3xp4Y37YiFYATkx4-MbT_FswL0OZnHi29E-dU8X0pYqPF3T_nryCt5uEWTns_MFmDvmy-oerCp8N37FBxkGMizz-KBaqfDV1z7N-6zbpSHcQthLGj_yFYK6vu5Ijr47AFYtovSv9iIxaHTCcDPzMK28yx0CLY-UQSkhbfJSPYM3XMUofo9gX860rtIZj__ly0E6KOM2bvDzsvtiIY8KHBCe1kb19OwYSsy9NXDP7tzPphoB9ryPrzgUOLqEubcAqJU0reN-KrrORIp3_CJWkEV5isSJh6SJ8iXuRDpjt4QPop0HjVu_vWFyZ3-u9kdM-aYLCIKCDEccIIHNXTjBb9qEINtsqd2Cxonk-JZU5hO_oZryOWBIlNuCfHCsxNgEJ6R3g==?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 betotodilea.com/impression/5295NZV1dfbzf_k47zxnJd0AIFZG5gXIjXBw3YkxqDNxdEAtL3NGJSZScpaMJ-R59Nwcvk1baM4WnEdOLu2yfZ2dt-iXsMUvFaROx4kEzkwyvYE4jVd1wTCN07N66sNc9hI7_XL0oZa15gQrowXVAdpJPuo9cJGmP1HEMEoSn7eg6blDCdQLXKUaRI9yCZgv5Lgj0EiGnrWjdCYGOv3xp4Y37YiFYATkx4-MbT_FswL0OZnHi29E-dU8X0pYqPF3T_nryCt5uEWTns_MFmDvmy-oerCp8N37FBxkGMizz-KBaqfDV1z7N-6zbpSHcQthLGj_yFYK6vu5Ijr47AFYtovSv9iIxaHTCcDPzMK28yx0CLY-UQSkhbfJSPYM3XMUofo9gX860rtIZj__ly0E6KOM2bvDzsvtiIY8KHBCe1kb19OwYSsy9NXDP7tzPphoB9ryPrzgUOLqEubcAqJU0reN-KrrORIp3_CJWkEV5isSJh6SJ8iXuRDpjt4QPop0HjVu_vWFyZ3-u9kdM-aYLCIKCDEccIIHNXTjBb9qEINtsqd2Cxonk-JZU5hO_oZryOWBIlNuCfHCsxNgEJ6R3g==?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/5295NZV1dfbzf_k47zxnJd0AIFZG5gXIjXBw3YkxqDNxdEAtL3NGJSZScpaMJ-R59Nwcvk1baM4WnEdOLu2yfZ2dt-iXsMUvFaROx4kEzkwyvYE4jVd1wTCN07N66sNc9hI7_XL0oZa15gQrowXVAdpJPuo9cJGmP1HEMEoSn7eg6blDCdQLXKUaRI9yCZgv5Lgj0EiGnrWjdCYGOv3xp4Y37YiFYATkx4-MbT_FswL0OZnHi29E-dU8X0pYqPF3T_nryCt5uEWTns_MFmDvmy-oerCp8N37FBxkGMizz-KBaqfDV1z7N-6zbpSHcQthLGj_yFYK6vu5Ijr47AFYtovSv9iIxaHTCcDPzMK28yx0CLY-UQSkhbfJSPYM3XMUofo9gX860rtIZj__ly0E6KOM2bvDzsvtiIY8KHBCe1kb19OwYSsy9NXDP7tzPphoB9ryPrzgUOLqEubcAqJU0reN-KrrORIp3_CJWkEV5isSJh6SJ8iXuRDpjt4QPop0HjVu_vWFyZ3-u9kdM-aYLCIKCDEccIIHNXTjBb9qEINtsqd2Cxonk-JZU5hO_oZryOWBIlNuCfHCsxNgEJ6R3g==?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=f66f08793072410f969d8ad7ab4dc400
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:33 GMT
content-type: image/gif
content-length: 43
x-trace-id: 1fe457fb532f749a0eaf920c3c99c8bf
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
betotodilea.com/500/5307588?excludes=16368912&oaid=f66f08793072410f969d8ad7ab4dc400&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/5307588?excludes=16368912&oaid=f66f08793072410f969d8ad7ab4dc400&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5307588?excludes=16368912&oaid=f66f08793072410f969d8ad7ab4dc400&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:33 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
offerimage.com/www/images/1355aa125a385056845e0ee1d5384e9a.jpeg
104.22.33.172200 OK 13 kB URL HTTP/2 offerimage.com/www/images/1355aa125a385056845e0ee1d5384e9a.jpeg
IP 104.22.33.172:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 1355aa125a385056845e0ee1d5384e9a
cfa5fd1b2dd6b299c0aecdf19fec3532ce4392ea
248797fff982ee400ab78ff6831182372f9ef8a6916364192ca0f30556577733
GET /www/images/1355aa125a385056845e0ee1d5384e9a.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 09:14:33 GMT
content-type: image/jpeg
content-length: 13093
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6388849b-3325"
expires: Thu, 09 Feb 2023 04:58:38 GMT
last-modified: Thu, 01 Dec 2022 10:40:27 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 15355
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796341786d5d9930-ARN
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 417
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:34 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 6e3a0cace9fdab46385a771f41c8c608
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
anonymfile.com/sw.js
138.201.48.112404 Not Found 0 B IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/596Bj/fivem-stellexec.rar?PageSpeed=noscript
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImYvaHI2S3dFaVVpZVJNeXd0RmRIbmc9PSIsInZhbHVlIjoiUExQYmJuVjZtL1ZkSXhvU21oYTduaFBwSTVJTlR0eVVJRm9xNXN6cWNDZ0s3ZmRXZVVmb0IvaFFIOUJXUnh4MFNCbDI3dkFPR3dma3p2MDR5YkVmb1ZaOUFoQUtSNU9JRFJ3VTVDQlBEYkdyeUlRL2VlZlN3Vys4NFhyUGJZbWIiLCJtYWMiOiI5NmU0ZDA5ZjEwNmEyNDk0ZDQzNTlhZWMyNjliZDUyYzliMDBkYzYyYzQ4MzA3ZjExZDZkM2UwNDhkYzRiNWY3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6InhRT1djamtaTU5pZC9EOFA4VjRvNWc9PSIsInZhbHVlIjoiQUZTQmVoMzhvTENYMHowYUVwZitCeUZmWmw0aXY2cUxjMVFKN01mSnI4RWJnUWdLLzhhNml6TlN4KzRpaHdadjQ0MThvV3VUc0JFMlJsQmlPTGI0cnNnV214MVg2QmpOd3piQitxRm8xVHlyMGpHQU91bUVRemEvc0ptRXVvMHEiLCJtYWMiOiJlYmMxNGUwMzc2ZWNhMTNjNDM0Mjk3MjUxNjdjMGJiY2I0Y2Y3OTE5MTU1NDc1NTJkYWZhZjc5NWJmMjc0YjlkIiwidGFnIjoiIn0%3D; prefetchAd_5307591=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Wed, 08 Feb 2023 09:14:29 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
104.21.89.122200 OK 0 B IP 104.21.89.122:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: application/javascript
last-modified: Fri, 03 Feb 2023 16:30:52 GMT
etag: W/"63dd36bc-43b7"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2145
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ndil5Pcr%2Fv8PoLFoGhfGuA%2FPTr7pv9V0FRam391Stxoagqhhf4bjfH%2BqJvSnEkRyGNxf8VAkI6FvaPW7jQVZaTOaBdmjIP8pZvEYzF0%2F9l8rtgzixfiCdjP1%2FVF77A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796341563c28b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
betotodilea.com/500/5307588?excludes=&oaid=f66f08793072410f969d8ad7ab4dc400&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/5307588?excludes=&oaid=f66f08793072410f969d8ad7ab4dc400&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5307588?excludes=&oaid=f66f08793072410f969d8ad7ab4dc400&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=15527f1370a9406db258be5018402257
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: application/javascript
x-trace-id: 66be574c7beeaa5da6dd401b509023d3
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=f66f08793072410f969d8ad7ab4dc400; expires=Thu, 08 Feb 2024 09:14:28 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
onmarshtompor.com/?rb=NNn6nnT8byHyQ4szq7r-BwKDoY0Qb9Lk1Spzps4k29WFJHVN3ChQD-RmsSzYuOVpa4BUlnfDvMwRgnfOA22xRzK_CiriS-_z_bOCMQ5Sn7ie8uedBnk0ZEisJ0HDsS6Pm1nH5JfHMIQr9njTrUpdWaM9mNorle0ueVbgrwDKpqJEGVw3ecSDNFWFoZni1r2CK7G8tfrAGZnymUuz97VF8hubVrUQEC6cI20tdSH9JRg%3D&request_ab2=0&zoneid=5307591&js_build=iclick-v1.482.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.482.0&bs=613f0c86-7066-4d7e-884f-bc7b86d52d10&userId=f66f08793072410f969d8ad7ab4dc400&m=link
139.45.197.243200 OK 0 B URL HTTP/2 onmarshtompor.com/?rb=NNn6nnT8byHyQ4szq7r-BwKDoY0Qb9Lk1Spzps4k29WFJHVN3ChQD-RmsSzYuOVpa4BUlnfDvMwRgnfOA22xRzK_CiriS-_z_bOCMQ5Sn7ie8uedBnk0ZEisJ0HDsS6Pm1nH5JfHMIQr9njTrUpdWaM9mNorle0ueVbgrwDKpqJEGVw3ecSDNFWFoZni1r2CK7G8tfrAGZnymUuz97VF8hubVrUQEC6cI20tdSH9JRg%3D&request_ab2=0&zoneid=5307591&js_build=iclick-v1.482.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.482.0&bs=613f0c86-7066-4d7e-884f-bc7b86d52d10&userId=f66f08793072410f969d8ad7ab4dc400&m=link
IP 139.45.197.243:0
GET /?rb=NNn6nnT8byHyQ4szq7r-BwKDoY0Qb9Lk1Spzps4k29WFJHVN3ChQD-RmsSzYuOVpa4BUlnfDvMwRgnfOA22xRzK_CiriS-_z_bOCMQ5Sn7ie8uedBnk0ZEisJ0HDsS6Pm1nH5JfHMIQr9njTrUpdWaM9mNorle0ueVbgrwDKpqJEGVw3ecSDNFWFoZni1r2CK7G8tfrAGZnymUuz97VF8hubVrUQEC6cI20tdSH9JRg%3D&request_ab2=0&zoneid=5307591&js_build=iclick-v1.482.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.482.0&bs=613f0c86-7066-4d7e-884f-bc7b86d52d10&userId=f66f08793072410f969d8ad7ab4dc400&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:28 GMT
content-type: application/json
x-trace-id: a5307945ad5821302267dff6d18966e4
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=f66f08793072410f969d8ad7ab4dc400; expires=Thu, 08 Feb 2024 09:14:28 GMT; path=/; secure; SameSite=None
oaidts=1675847668; expires=Thu, 08 Feb 2024 09:14:28 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 15 Feb 2023 09:14:28 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
betotodilea.com/500/5307588?excludes=16368912&oaid=f66f08793072410f969d8ad7ab4dc400&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/5307588?excludes=16368912&oaid=f66f08793072410f969d8ad7ab4dc400&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5307588?excludes=16368912&oaid=f66f08793072410f969d8ad7ab4dc400&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F596Bj%2Ffivem-stellexec.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=f66f08793072410f969d8ad7ab4dc400
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 09:14:33 GMT
content-type: application/javascript
x-trace-id: d91c2070466d5e1ae79db8da6d79bdf2
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=f66f08793072410f969d8ad7ab4dc400; expires=Thu, 08 Feb 2024 09:14:33 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
anonymfile.com/596Bj/fivem-stellexec.rar?PageSpeed=noscript
138.201.48.112200 OK 0 B URL HTTP/2 anonymfile.com/596Bj/fivem-stellexec.rar?PageSpeed=noscript
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
GET /596Bj/fivem-stellexec.rar?PageSpeed=noscript HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: XSRF-TOKEN=eyJpdiI6ImYvaHI2S3dFaVVpZVJNeXd0RmRIbmc9PSIsInZhbHVlIjoiUExQYmJuVjZtL1ZkSXhvU21oYTduaFBwSTVJTlR0eVVJRm9xNXN6cWNDZ0s3ZmRXZVVmb0IvaFFIOUJXUnh4MFNCbDI3dkFPR3dma3p2MDR5YkVmb1ZaOUFoQUtSNU9JRFJ3VTVDQlBEYkdyeUlRL2VlZlN3Vys4NFhyUGJZbWIiLCJtYWMiOiI5NmU0ZDA5ZjEwNmEyNDk0ZDQzNTlhZWMyNjliZDUyYzliMDBkYzYyYzQ4MzA3ZjExZDZkM2UwNDhkYzRiNWY3IiwidGFnIjoiIn0%3D; expires=Wed, 08-Feb-2023 11:14:25 GMT; Max-Age=7200; path=/; samesite=lax
anonymfile_session=eyJpdiI6InhRT1djamtaTU5pZC9EOFA4VjRvNWc9PSIsInZhbHVlIjoiQUZTQmVoMzhvTENYMHowYUVwZitCeUZmWmw0aXY2cUxjMVFKN01mSnI4RWJnUWdLLzhhNml6TlN4KzRpaHdadjQ0MThvV3VUc0JFMlJsQmlPTGI0cnNnV214MVg2QmpOd3piQitxRm8xVHlyMGpHQU91bUVRemEvc0ptRXVvMHEiLCJtYWMiOiJlYmMxNGUwMzc2ZWNhMTNjNDM0Mjk3MjUxNjdjMGJiY2I0Y2Y3OTE5MTU1NDc1NTJkYWZhZjc5NWJmMjc0YjlkIiwidGFnIjoiIn0%3D; expires=Wed, 08-Feb-2023 11:14:25 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
date: Wed, 08 Feb 2023 09:14:25 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2
unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js
104.16.122.175302 Found 0 B URL HTTP/2 unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js
IP 104.16.122.175:0
GET /filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 08 Feb 2023 09:14:25 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GRR4SEZGXG40Y769CBEHN6AK-fra
cf-cache-status: HIT
age: 85
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 79634147def20afe-OSL
X-Firefox-Spdy: h2
inklinkor.com/tag.min.js
172.67.211.29200 OK 0 B IP 172.67.211.29:0
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 09:14:27 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: b66ea5eedd9996d7999a17dfc2592d8e
cache-control: max-age=86400
last-modified: Mon, 06 Feb 2023 12:51:14 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Thu, 09 Feb 2023 08:44:40 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 1787
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6KKg9v7U374rSWW6yBNXlSdaGb0OU05EfZlsB60ZedoHXVUNx3w1VcumG2MpnFlBUNTCoKrc3ezZvvJoTnU7kaWluglxMayaGnoRu4PPKmnnD0y4pqzytLhOa6InNxRE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796341531ffeb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unpkg.com/filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js
104.16.122.175200 OK 0 B URL HTTP/2 unpkg.com/filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js
IP 104.16.122.175:0
GET /filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 09:14:25 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1d07-1hxUHKzrTl3rNdhkJwK4kJGou0I"
via: 1.1 fly.io
fly-request-id: 01G2PJZCDRWWWP671QTKZ7W61J-fra
cf-cache-status: HIT
age: 23674617
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 796341480f250afe-OSL
content-encoding: br
X-Firefox-Spdy: h2
anonymfile.com/sw.js
138.201.48.112404 Not Found 0 B IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/596Bj/fivem-stellexec.rar?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6ImYvaHI2S3dFaVVpZVJNeXd0RmRIbmc9PSIsInZhbHVlIjoiUExQYmJuVjZtL1ZkSXhvU21oYTduaFBwSTVJTlR0eVVJRm9xNXN6cWNDZ0s3ZmRXZVVmb0IvaFFIOUJXUnh4MFNCbDI3dkFPR3dma3p2MDR5YkVmb1ZaOUFoQUtSNU9JRFJ3VTVDQlBEYkdyeUlRL2VlZlN3Vys4NFhyUGJZbWIiLCJtYWMiOiI5NmU0ZDA5ZjEwNmEyNDk0ZDQzNTlhZWMyNjliZDUyYzliMDBkYzYyYzQ4MzA3ZjExZDZkM2UwNDhkYzRiNWY3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6InhRT1djamtaTU5pZC9EOFA4VjRvNWc9PSIsInZhbHVlIjoiQUZTQmVoMzhvTENYMHowYUVwZitCeUZmWmw0aXY2cUxjMVFKN01mSnI4RWJnUWdLLzhhNml6TlN4KzRpaHdadjQ0MThvV3VUc0JFMlJsQmlPTGI0cnNnV214MVg2QmpOd3piQitxRm8xVHlyMGpHQU91bUVRemEvc0ptRXVvMHEiLCJtYWMiOiJlYmMxNGUwMzc2ZWNhMTNjNDM0Mjk3MjUxNjdjMGJiY2I0Y2Y3OTE5MTU1NDc1NTJkYWZhZjc5NWJmMjc0YjlkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Wed, 08 Feb 2023 09:14:27 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2
unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js
104.16.122.175302 Found 0 B URL HTTP/2 unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js
IP 104.16.122.175:0
GET /filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 08 Feb 2023 09:14:25 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GRR4JX5GCD55ZTG36FPGCSBP-fra
cf-cache-status: HIT
age: 299
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 79634147ef000afe-OSL
X-Firefox-Spdy: h2