Report - anonymfile.com/7LJJe/pack232.zip

Report Overview

Submitted URL
anonymfile.com/7LJJe/pack232.zip
IP
138.201.48.112
ASN
#24940 Hetzner Online GmbH
Submitted
2022-11-29 15:55:12
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	963 B	172.64.155.188
betotodilea.com	52465	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.5 kB	20 kB	139.45.197.237
offerimage.com	304078	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	418 B	11 kB	104.22.33.172
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.7 kB	12 kB	23.36.76.226
cdn.jsdelivr.net	439	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	369 B	19 kB	151.101.193.229
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	368 B	1.9 kB	104.18.20.226
tzegilo.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	356 B	6.6 kB	104.21.84.149
ibrapush.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	2.8 kB	139.45.197.250
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
unpkg.com	11693	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	842 B	32 kB	104.16.124.175
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.41.91.37
inklinkor.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	358 B	26 kB	172.67.211.29
nanouwho.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.4 kB	136 kB	139.45.197.242
bedrapiona.com	34930	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	417 B	2.6 kB	139.45.197.234
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	54 kB	34.120.237.76
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	3.9 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	137 kB	104.17.25.14
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	422 B	743 B	139.45.195.8
anonymfile.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.9 kB	272 kB	138.201.48.112
interstitial-07.com	36198	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.9 kB	78 kB	139.45.197.155
unphionetor.com	54035	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	4.3 kB	139.45.197.236

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-29	medium	nanouwho.com	Sinkholed
2022-11-29	medium	nanouwho.com	Sinkholed
2022-11-29	medium	nanouwho.com	Sinkholed
2022-11-29	medium	nanouwho.com	Sinkholed
2022-11-29	medium	betotodilea.com	Sinkholed
2022-11-29	medium	unphionetor.com	Sinkholed
2022-11-29	medium	unphionetor.com	Sinkholed
2022-11-29	medium	nanouwho.com	Sinkholed
2022-11-29	medium	unphionetor.com	Sinkholed
2022-11-29	medium	betotodilea.com	Sinkholed
2022-11-29	medium	betotodilea.com	Sinkholed
2022-11-29	medium	betotodilea.com	Sinkholed
2022-11-29	medium	betotodilea.com	Sinkholed
2022-11-29	medium	nanouwho.com	Sinkholed
2022-11-29	medium	betotodilea.com	Sinkholed

JavaScript (29)

	URL	Size	First Seen	Last Seen
	cdn.jsdelivr.net/npm/sweetalert2@11	64 kB	2023-03-11	2024-01-07
Pretty URL cdn.jsdelivr.net/npm/sweetalert2@11 IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 19:46:05 Last Seen2024-01-07 21:57:00 Times Seen15 Hash 25afc20bf69e421378f7c53e44ce4213 fbf759080a5066611e6186d1e5f03a4a7a6e2faf 56f7e1601df5d674340d20872f2cde285af5939e732db75219dd56377a106bc1 Loading...

	tzegilo.com/stattag.js	13 kB	2023-03-08	2023-03-12
Pretty URL tzegilo.com/stattag.js IP 104.21.84.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:59 Last Seen2023-03-12 10:48:49 Times Seen1 Hash d0de06f954f7dedba242231b0ec4052d 188d75bb9077832384f889dd15584845790bc146 efae63871ebdeb69e7d64c6782924f72584f962d540b8c55237cba93c026af16 Loading...

	interstitial-07.com/?l=4zRVEGT4TQSgCFP&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2927507587%26z%3D5307589%26b%3D15678895%26c%3D6310333%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1141%2526key%253D6d92cc76db26593ec9f35607e6e3051c%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D3HtcOd_-M8--D8pJhqXHjYifb8zC_UzslKyNbIxs9VeozITH2G4nHvGV40Q-Kf0tmfLXD6GyxkxMNNBZrbM1FhL_EO89Jkz1AGdjB2QuPSfxZBSzSLx-9OTHHPDA-vGwUaY2ah-_0RhSIb3DVzsxQ8wet7-cGFSqghodlVnS0ECrUECtfi64J2OnSPYHx8jpBRhrGmkIuZW7RcVGfMsCCSNrfZUSbkn_6BsDlgMy5_wbB_ICoGnCMCqIw9Eb32vX2kND9UNOufWncb8ptnkh9jcIDH3mvEylvdJ-BdSIdWYkj7LBAmWTRa-0ZmLkwS5lYwp96xX5kfXyJCgxeWKcuI4uBBXPOizM-vRyr1k8n-lFZHh0cb28w3rAU4AjqBePPfA-GQ_Kk5kWcsqOBcfuIBWXktWHhDg7Ps4M01e8NItD0XdEueL-pfkYxZGwYu1jp4EvsZKCsFNSLX9xURxtyoq6xa455hbpKJ0ykiMcC53djJJTAxJCcnrZM64onl-fbUDF001aFGQ8SK8wrlYLnfc4MNdtmhj5zPt50m1L0OZn8KBy3qkHoBLe4ff6KQujf45j2qQgRy-SprwIOV0R6pSbXxOWdZzXsYVRo3qVSNXzZn2_EY--7YDovx4zQIAof3uky55cJrdn5NhF%26bag%3DHBQRD2DVrBLxyGC0bJRK8w%3D%3D%26ruid%3De759df83-537a-43f4-bbb0-0b6d04166d18%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252F7LJJe%252Fpack232.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1	1.5 kB	2023-03-11	2023-03-11
Pretty URL interstitial-07.com/?l=4zRVEGT4TQSgCFP&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2927507587%26z%3D5307589%26b%3D15678895%26c%3D6310333%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1141%2526key%253D6d92cc76db26593ec9f35607e6e3051c%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D3HtcOd_-M8--D8pJhqXHjYifb8zC_UzslKyNbIxs9VeozITH2G4nHvGV40Q-Kf0tmfLXD6GyxkxMNNBZrbM1FhL_EO89Jkz1AGdjB2QuPSfxZBSzSLx-9OTHHPDA-vGwUaY2ah-_0RhSIb3DVzsxQ8wet7-cGFSqghodlVnS0ECrUECtfi64J2OnSPYHx8jpBRhrGmkIuZW7RcVGfMsCCSNrfZUSbkn_6BsDlgMy5_wbB_ICoGnCMCqIw9Eb32vX2kND9UNOufWncb8ptnkh9jcIDH3mvEylvdJ-BdSIdWYkj7LBAmWTRa-0ZmLkwS5lYwp96xX5kfXyJCgxeWKcuI4uBBXPOizM-vRyr1k8n-lFZHh0cb28w3rAU4AjqBePPfA-GQ_Kk5kWcsqOBcfuIBWXktWHhDg7Ps4M01e8NItD0XdEueL-pfkYxZGwYu1jp4EvsZKCsFNSLX9xURxtyoq6xa455hbpKJ0ykiMcC53djJJTAxJCcnrZM64onl-fbUDF001aFGQ8SK8wrlYLnfc4MNdtmhj5zPt50m1L0OZn8KBy3qkHoBLe4ff6KQujf45j2qQgRy-SprwIOV0R6pSbXxOWdZzXsYVRo3qVSNXzZn2_EY--7YDovx4zQIAof3uky55cJrdn5NhF%26bag%3DHBQRD2DVrBLxyGC0bJRK8w%3D%3D%26ruid%3De759df83-537a-43f4-bbb0-0b6d04166d18%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252F7LJJe%252Fpack232.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:28:40 Last Seen2023-03-11 22:28:40 Times Seen1 Hash 682b82f483fa70d7d92ee3f203715e5d e9e187fc1eef7d27e87ddf148e465b40468dd9e2 a15f546c348eabefa513c0a859f7c7ae89a671cbee541361ef2734acc74dc183 Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 03:06:45 Times Seen37081980 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js	19 kB	2023-03-07	2024-04-25
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-25 20:59:34 Times Seen2345 Hash 541aecc95a7faeef0fc27558070f3647 0ec7ca4778ba3ccb4d1b1688094720834fbe9ed3 f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd Loading...

	anonymfile.com/js/site.js	6.5 kB	2023-03-07	2023-12-13
Pretty URL anonymfile.com/js/site.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2023-12-13 20:16:01 Times Seen190 Hash 643fea0198e4fb9e271ddd811cf34f68 0d8277c1cde619b82a6867bc17cfdbbcd6674a46 f68f8db8d8fe95d02e60e2f4f97c74e4eb521d845cee1c7d53bec6159dc92ad5 Loading...

	http:text/javascript,var%20sTime%3Dnew%20Date().getTime()%3Bvar%20countDown%3D5%3Bfunction%20UpdateCountDownTime()%7Bvar%20cTime%3Dnew%20Date().getTime()%3Bvar%20diff%3DcTime-sTime%3Bvar%20timeStr%3D''%3Bvar%20seconds%3DcountDown-Math.floor(diff%2F1000)%3Bif(seconds%3E%3D0)%7Bvar%20hours%3DMath.floor(seconds%2F3600)%3Bvar%20minutes%3DMath.floor((seconds-(hours3600))%2F60)%3Bseconds-%3D(minutes60)%3Bif(seconds%3CcountDown)%7BtimeStr%3DtimeStr%2B%22%22%2Bseconds%3B%7Delse%7BtimeStr%3DtimeStr%2B%22%22%2Bseconds%3B%7Ddocument.getElementById(%22download%22).innerHTML%3D'%3Cbutton%20id%3D%22download_file%22%20class%3D%22download_file%20btn%20btn-secondary%20btn%20disabled%22%3EPlease%20wait%20%3Cstrong%3E'%2BtimeStr%2B'%3C%2Fstrong%3E%20seconds%3C%2Fbutton%3E'%3B%7Delse%7B%24('.download_file').remove()%3B%24('%23download').append('%3Ca%20href%3D%22https%3A%2F%2Fanonymfile.com%2Ff%2F73dc0dc5-0009-4f55-98ba-1d6254fd564e%22%20download%3D%22pack232.zip%22%20class%3D%22btn%20btn-warning%22%3EDownload%20(1.94%20MB)%3C%2Fa%3E')%3BclearInterval(counter)%3B%7D%7DUpdateCountDownTime()%3Bvar%20counter%3DsetInterval(UpdateCountDownTime%2C500)%3Bconst%20swalWithBootstrapButtons%3DSwal.mixin(%7BcustomClass%3A%7BconfirmButton%3A'btn%20btn-falcon-info%20m-1'%2CcancelButton%3A'btn%20btn-falcon-danger%20m-1'%2Cinput%3A'text-dark'%7D%2CbuttonsStyling%3Afalse%7D)%0A%24(document).on('click'%2C'.qrcode'%2Cfunction(e)%7Be.preventDefault()%3Bvar%20link%3D%24(this).data('link')%3BswalWithBootstrapButtons.fire(%7BimageUrl%3Alink%2CshowCancelButton%3Afalse%2Cbackground%3A'%23121e2d'%2C%7D)%3B%7D)%3B	1.2 kB	2023-03-11	2023-03-11
Pretty URL http:text/javascript,var%20sTime%3Dnew%20Date().getTime()%3Bvar%20countDown%3D5%3Bfunction%20UpdateCountDownTime()%7Bvar%20cTime%3Dnew%20Date().getTime()%3Bvar%20diff%3DcTime-sTime%3Bvar%20timeStr%3D''%3Bvar%20seconds%3DcountDown-Math.floor(diff%2F1000)%3Bif(seconds%3E%3D0)%7Bvar%20hours%3DMath.floor(seconds%2F3600)%3Bvar%20minutes%3DMath.floor((seconds-(hours3600))%2F60)%3Bseconds-%3D(minutes60)%3Bif(seconds%3CcountDown)%7BtimeStr%3DtimeStr%2B%22%22%2Bseconds%3B%7Delse%7BtimeStr%3DtimeStr%2B%22%22%2Bseconds%3B%7Ddocument.getElementById(%22download%22).innerHTML%3D'%3Cbutton%20id%3D%22download_file%22%20class%3D%22download_file%20btn%20btn-secondary%20btn%20disabled%22%3EPlease%20wait%20%3Cstrong%3E'%2BtimeStr%2B'%3C%2Fstrong%3E%20seconds%3C%2Fbutton%3E'%3B%7Delse%7B%24('.download_file').remove()%3B%24('%23download').append('%3Ca%20href%3D%22https%3A%2F%2Fanonymfile.com%2Ff%2F73dc0dc5-0009-4f55-98ba-1d6254fd564e%22%20download%3D%22pack232.zip%22%20class%3D%22btn%20btn-warning%22%3EDownload%20(1.94%20MB)%3C%2Fa%3E')%3BclearInterval(counter)%3B%7D%7DUpdateCountDownTime()%3Bvar%20counter%3DsetInterval(UpdateCountDownTime%2C500)%3Bconst%20swalWithBootstrapButtons%3DSwal.mixin(%7BcustomClass%3A%7BconfirmButton%3A'btn%20btn-falcon-info%20m-1'%2CcancelButton%3A'btn%20btn-falcon-danger%20m-1'%2Cinput%3A'text-dark'%7D%2CbuttonsStyling%3Afalse%7D)%0A%24(document).on('click'%2C'.qrcode'%2Cfunction(e)%7Be.preventDefault()%3Bvar%20link%3D%24(this).data('link')%3BswalWithBootstrapButtons.fire(%7BimageUrl%3Alink%2CshowCancelButton%3Afalse%2Cbackground%3A'%23121e2d'%2C%7D)%3B%7D)%3B IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:28:40 Last Seen2023-03-11 22:28:40 Times Seen1 Hash 723713b2a51ad8a1b5bf01f12796c48e aaeb89eb93d04491c03130f18831f7e54bea1a55 603cfbf496477f2f20f737b2601ff5ed980ef77991ed48c0d9909824cab8d490 Loading...

	anonymfile.com/7LJJe/pack232.zip	101 kB	2023-03-11	2023-03-11
Pretty URL anonymfile.com/7LJJe/pack232.zip IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:27:02 Last Seen2023-03-11 23:18:23 Times Seen1 Hash 82d7b19ce09c806cca17320d7c80a263 c825792547c6f6f944e00a4db342c7ad7cb723fa 82cd7b3af4bd70c57b34015df4861b8a9ab8ae272886b3c8a57bc45c06eda7c0 Loading...

	nanouwho.com/27/04ab1c44ee7c7870e42713e938fe14f2	378 kB	2023-03-11	2023-03-11
Pretty URL nanouwho.com/27/04ab1c44ee7c7870e42713e938fe14f2 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:51:42 Last Seen2023-03-11 23:28:34 Times Seen1 Hash 52be183cdb5e6471f54a1369f98c05d6 ba3d0a7a0bdae6334cc01eae6416ecab71251af6 8c58e8b552f299fafe1515d624093d24474c26793ee988df28e900fa52a44602 Loading...

	unphionetor.com/fv.js?t=72747&cb=1880195983	5.2 kB	2023-03-07	2024-04-24
Pretty URL unphionetor.com/fv.js?t=72747&cb=1880195983 IP 139.45.197.236 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-24 01:48:23 Times Seen2355 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	anonymfile.com/7LJJe/pack232.zip	4.0 kB	2023-03-11	2023-03-11
Pretty URL anonymfile.com/7LJJe/pack232.zip IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:28:40 Last Seen2023-03-11 22:28:40 Times Seen1 Hash f9bdb9d13e36730939b0591b04cf9996 d7cc7ca4d2d5657e99155a30caea49d9de9542be 863ca2e776385b58d2171cec43620173cbd07f36adade00c70b6fc768ad05ded Loading...

	http:text/javascript,document.write(new%20Date().getFullYear())	40 B	2023-03-07	2024-04-25
Pretty URL http:text/javascript,document.write(new%20Date().getFullYear()) IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:07 Last Seen2024-04-25 20:59:34 Times Seen4699 Hash 6bd43cf0ae158526c6ab93dc3be79f28 15c289e342bd3fdf5b1e95f7abf25a2bc78bf357 7a13d5ae0755d86c09084ec300c4a0f1a0a06921f74d9980eba9d966ff17ad38 Loading...

	http:text/javascript,window.pagespeed.psatemp%3D0%3B	27 B	2023-03-07	2024-04-04
Pretty URL http:text/javascript,window.pagespeed.psatemp%3D0%3B IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-04 06:40:42 Times Seen258 Hash f86030401d659579ca9f2dca91d7d691 bc05f88ca4d9dce8d78d6d39a3eed592ed714998 6d190c985949e8a0962ca2cede3c214de8085dc9d11c726af6c00c1ae5bb7ba9 Loading...

	unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js	7.4 kB	2023-03-07	2024-02-08
Pretty URL unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js IP 104.16.124.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-02-08 07:46:02 Times Seen604 Hash 6170d2a086cb1d5769c6fd1f76edf99b d61c541caceb4e5deb35d8642702b89091a8bb42 6fc678b64782a17a266b5675e195be5956efd7513fd228143901b427983df928 Loading...

	http:text/javascript,(function(s%2Cu%2Cz%2Cp)%7Bs.src%3Du%2Cs.setAttribute('data-zone'%2Cz)%2Cp.appendChild(s)%3B%7D)(document.createElement('script')%2C'https%3A%2F%2Finklinkor.com%2Ftag.min.js'%2C5307591%2Cdocument.body%7C%7Cdocument.documentElement)	193 B	2023-03-07	2024-01-15
Pretty URL http:text/javascript,(function(s%2Cu%2Cz%2Cp)%7Bs.src%3Du%2Cs.setAttribute('data-zone'%2Cz)%2Cp.appendChild(s)%3B%7D)(document.createElement('script')%2C'https%3A%2F%2Finklinkor.com%2Ftag.min.js'%2C5307591%2Cdocument.body%7C%7Cdocument.documentElement) IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-01-15 22:34:31 Times Seen141 Hash 4b7b08e36b07601453ef10bef59afe1e 1f0003567c5e86d6fc129bbf62384e04ca2a1a2f f54132e87f4227d9e6ccf534bb92ff7746c7fb734ab9eb7197c0810ea6b52c52 Loading...

	inklinkor.com/tag.min.js	73 kB	2023-03-11	2023-03-11
Pretty URL inklinkor.com/tag.min.js IP 172.67.211.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 16:17:02 Last Seen2023-03-11 23:31:48 Times Seen1 Hash 63761b977d8cb9d017f60f63aaca634b 172ac1cac1983f0ce6dd437b7f3217d64ade8291 bd48c41ac9699227ddf2783338474f177b437c948c342227b13de973c386e8dd Loading...

	ibrapush.com/pfe/current/tag.min.js?z=5307590	15 kB	2023-03-11	2023-03-11
Pretty URL ibrapush.com/pfe/current/tag.min.js?z=5307590 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:25:46 Last Seen2023-03-11 23:06:32 Times Seen1 Hash a82b5825b537689edcd8afc59205bb6f 2a9563885396a355cb1f78bc33de5d5f231cff93 f78e4d23daa40c88c4b9d8f74ef5d1529b08e9eea4ea370ba5bf2ccbd60fdd32 Loading...

	betotodilea.com/400/5307588	82 kB	2023-03-11	2023-03-11
Pretty URL betotodilea.com/400/5307588 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:28:40 Last Seen2023-03-11 22:28:40 Times Seen1 Hash 3f7f4f108753cd23ad600224465b9a33 765bcfd9ef67248f52f6ddfcae7e294948c56a2f d18636f93010d808d6afdfa8270750946c09d42aa087aa2196d8dbd5df9048ca Loading...

	anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js	12 kB	2023-03-07	2024-04-04
Pretty URL anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-04 06:40:42 Times Seen473 Hash 2387078eae8410f7e540e3866bcb2fda 324d38dcb7f7bcb16b355b6afdbbc87bd089422d 59dbda86041a5f394b83391ffe0b939341aabb817fa60a6ea78c80f5835596b5 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-26 03:00:35 Times Seen261526 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	http:text/javascript,let%20mode%3D'light'%3Blet%20theme%3DlocalStorage.getItem(%22theme%22)%3Bif(theme%3D%3Dnull)%7Bif(mode%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7D%7Delse%7Bif(theme%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7Delse%7B%24('.theme').removeClass('dark')%3B%7D%7D	213 B	2023-03-07	2023-08-29
Pretty URL http:text/javascript,let%20mode%3D'light'%3Blet%20theme%3DlocalStorage.getItem(%22theme%22)%3Bif(theme%3D%3Dnull)%7Bif(mode%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7D%7Delse%7Bif(theme%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7Delse%7B%24('.theme').removeClass('dark')%3B%7D%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2023-08-29 21:14:02 Times Seen131 Hash ccea0e1846102f4f1ed17644f6c6baa6 e43c87b583bef9f3e325ab7bf9ccf4a1f80bc35a e84714cb230edad68ac36e473976e94ca40d378d53fc1b7b539c03879f7ab887 Loading...

	cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js	59 kB	2023-03-07	2024-04-25
Pretty URL cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-25 20:59:34 Times Seen3276 Hash 259e416ef6833be43801b8b68a93b008 19080c3b817985336aab5e1ce6925c99803f2efd 70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce Loading...

	unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js	6.8 kB	2023-03-08	2024-04-25
Pretty URL unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js IP 104.16.124.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:46:17 Last Seen2024-04-25 20:59:34 Times Seen654 Hash 5ab1c9fe6f2ca02b78083699d8109be5 99aa73a69b0ee070162ff7a2a8b70005ebb48565 845b2368dce026b72f19715d6de81f03fef056e4a79c718a658161a1f7b03b3b Loading...

	cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js	11 kB	2023-03-07	2024-04-25
Pretty URL cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:42 Last Seen2024-04-25 20:59:34 Times Seen707 Hash 27784b7376dd992368c71b6c5559f358 f86d2ac408c4de0d5281cf91d6ddfb93e5e5d2ff 11be927cda59c8b6019ebbea838285c5beaf21183ea4b83dbd4e4fbf9413ce4a Loading...

	nanouwho.com/1?z=5307589	17 kB	2023-03-11	2023-03-11
Pretty URL nanouwho.com/1?z=5307589 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:28:40 Last Seen2023-03-11 22:28:40 Times Seen1 Hash 7730ae791ace7745d9191ceefea96f87 c669de7e6f70e94ea1c39618f6e3302272342a88 4b862a2395ddda4c2e1d5236e437b1c3cd7522a491d974ff016ba4a4fb7a31a4 Loading...

	anonymfile.com/7LJJe/pack232.zip	103 B	2023-03-11	2023-03-11
Pretty URL anonymfile.com/7LJJe/pack232.zip IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:28:40 Last Seen2023-03-11 22:28:40 Times Seen1 Hash 0219a05fb18fc6afb0f91f4466cd3889 06e1ae3ef46aa769ddfb4b05639d39401cb2cb46 60a5abf2e5024c5ec418ef89a740188a30b052f5861d487a8273fc4872988acb Loading...

		Size	First Seen	Last Seen
	#1 Eval - f96d83934e83b7c3439361709c1e29e0	82 B	2023-03-07	2024-02-12
Pretty Observations First Seen2023-03-07 01:23:52 Last Seen2024-02-12 04:31:14 Times Seen101 Hash f96d83934e83b7c3439361709c1e29e0 4885eab8ff5ca4b045c71e7dab5b30474774be97 00e41f092e36fcf832d3f2482e988d3d32d25444d754f76a13fc41d07a5e4586 Loading...

	#2 Eval - 56cec86d2062369c1181696d8e57079d	42 B	2023-03-07	2023-12-17
Pretty Observations First Seen2023-03-07 01:23:52 Last Seen2023-12-17 23:38:32 Times Seen150 Hash 56cec86d2062369c1181696d8e57079d a829bc3ec7acab468fc649127853881751b2e61d 2477b814b8ad1a91f87132c07e73e884d9448987538b5be15f5292327cbbca6f Loading...

	#3 Eval - 4691d3f19b0fb7eaea7b7024a318af6d	80 B	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 22:28:40 Last Seen2023-03-11 22:28:40 Times Seen1 Hash 4691d3f19b0fb7eaea7b7024a318af6d c7fafe7c6b0a5ec5079cdede9c3ea6da5641be9a bddd4c8676084450b29e94aa6ffae44370e6111b5947b8fea47d54b3881e0ecb Loading...

HTTP Transactions (80)

URL IP Response Size

anonymfile.com/7LJJe/pack232.zip

138.201.48.112

301 Moved Permanently

162 B

URL HTTP/1.1
anonymfile.com/7LJJe/pack232.zip
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /7LJJe/pack232.zip HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 29 Nov 2022 15:55:00 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://anonymfile.com/7LJJe/pack232.zip
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10640
Expires: Tue, 29 Nov 2022 18:52:20 GMT
Date: Tue, 29 Nov 2022 15:55:00 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3649
Cache-Control: max-age=157019
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 15:55:01 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 11:32:00 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 15:17:55 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2226
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5188
Expires: Tue, 29 Nov 2022 17:21:29 GMT
Date: Tue, 29 Nov 2022 15:55:01 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 4PpuUIaO06hPiXCWS61qCbTLwapbsirHZgGXhDmyYbznimZ/cV9ihVlFLoBIsK3KA0HHIE/4CrQ=
x-amz-request-id: RP5ANQG4G1ZPD2Y9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 15:45:31 GMT
age: 570
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:01 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

anonymfile.com/css/theme.min.css

138.201.48.112

200 OK

75 kB

URL HTTP/2
anonymfile.com/css/theme.min.css
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
75 kB (74661 bytes)
Hash
8b61cc26bfb7e13d1ebf3e9639914e51
7b8d4de2b1884b3c1654cfbde0e8a6f3885a3f66
f27b9cd4b89d6729e328f65b08114323077a61b6761865aa160785073f57bbb0

HTTP Headers

GET /css/theme.min.css HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/7LJJe/pack232.zip
Cookie: XSRF-TOKEN=eyJpdiI6IndCbjVMS0lkZW91RlMrVnFaeEt5aWc9PSIsInZhbHVlIjoiRzgvY3hhNlFIUEhVa3cvZjdINm5rdmE0enBLMEtRUGxleDcvOVoxQUU2SGJTRnBtS3NpLytKVFBXTW1aM24zWGt4dXVYQk11UVUyamJ3RHVaYXVmVnlnOW93TE1NTDRoMG1mL0d4TWtSclNzK2FKMmxlZ2E3VmhqTFRObG5tNkciLCJtYWMiOiJlOWM1ODUwOTUyODc5YjZkNjliZDVlNGNlMjRhMzYzNDZjYTJiNTBlNDcwN2VkODdiNDY4MjM4ZTcyNTBhNmZiIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6IitqcDFMMmpIT3dLVFYwUzFLQk1ZWlE9PSIsInZhbHVlIjoiNHN4YVdEZmc0bm5BR2JmZzFlRWFOSUt3bTg5bE52eTQyaS9SbEtNd0hnTVR5ZjFTdlRFVnNjYVdnRnB1d014SVh3NERVSjQxT01JZWFkL3JqbUZveVJBOW5rOGhwL1NnNHpIV0ZrQXFLSEgvQWg2Q0dLQVpqejFlOURyUTFNbTAiLCJtYWMiOiI1MWI0ZDJjMTlhMjg0Mzk3ZjU4MDk0ZTIwMDliZWVlYThlMWFiMTQ0MGY1MWUzNjA0NjJlN2JiYzg4MzUzNGU5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: text/css
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-original-content-length: 598523
vary: Accept-Encoding
content-encoding: gzip
content-length: 74661
etag: W/"PSA-aj-TDax0QZn8Y"
date: Tue, 29 Nov 2022 15:55:01 GMT
expires: Tue, 29 Nov 2022 15:55:58 GMT
cache-control: max-age=56
X-Firefox-Spdy: h2

anonymfile.com/img/logo-anon-warning.webp

138.201.48.112

200 OK

15 kB

URL HTTP/2
anonymfile.com/img/logo-anon-warning.webp
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
RIFF (little-endian) data, Web/P image\012- data
Size
15 kB (15344 bytes)
Hash
7b596f481388ac5ef6d74a15a351f6c3
6756e88c0b46cc981b7bbbdaf2ead77bd258a472
cd830cff1dfb9af2181dfe61645addbe21981954713fba54d5875a038e673972

HTTP Headers

GET /img/logo-anon-warning.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/7LJJe/pack232.zip
Cookie: XSRF-TOKEN=eyJpdiI6IndCbjVMS0lkZW91RlMrVnFaeEt5aWc9PSIsInZhbHVlIjoiRzgvY3hhNlFIUEhVa3cvZjdINm5rdmE0enBLMEtRUGxleDcvOVoxQUU2SGJTRnBtS3NpLytKVFBXTW1aM24zWGt4dXVYQk11UVUyamJ3RHVaYXVmVnlnOW93TE1NTDRoMG1mL0d4TWtSclNzK2FKMmxlZ2E3VmhqTFRObG5tNkciLCJtYWMiOiJlOWM1ODUwOTUyODc5YjZkNjliZDVlNGNlMjRhMzYzNDZjYTJiNTBlNDcwN2VkODdiNDY4MjM4ZTcyNTBhNmZiIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6IitqcDFMMmpIT3dLVFYwUzFLQk1ZWlE9PSIsInZhbHVlIjoiNHN4YVdEZmc0bm5BR2JmZzFlRWFOSUt3bTg5bE52eTQyaS9SbEtNd0hnTVR5ZjFTdlRFVnNjYVdnRnB1d014SVh3NERVSjQxT01JZWFkL3JqbUZveVJBOW5rOGhwL1NnNHpIV0ZrQXFLSEgvQWg2Q0dLQVpqejFlOURyUTFNbTAiLCJtYWMiOiI1MWI0ZDJjMTlhMjg0Mzk3ZjU4MDk0ZTIwMDliZWVlYThlMWFiMTQ0MGY1MWUzNjA0NjJlN2JiYzg4MzUzNGU5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
content-length: 15344
etag: "617d3713-3bf0"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ranges: bytes
date: Tue, 29 Nov 2022 15:50:16 GMT
expires: Tue, 29 Nov 2022 15:55:16 GMT
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4174
Cache-Control: max-age=152481
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 15:55:01 GMT
Etag: "6385cba8-1d7"
Expires: Thu, 01 Dec 2022 10:16:22 GMT
Last-Modified: Tue, 29 Nov 2022 09:06:48 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

anonymfile.com/img/main/footer.webp

138.201.48.112

200 OK

178 kB

URL HTTP/2
anonymfile.com/img/main/footer.webp
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
RIFF (little-endian) data, Web/P image\012- data
Size
178 kB (178070 bytes)
Hash
79ccb3a1b78412a1a530284f45ea7056
626d0494e1bd871e67ecffad44d04ac2343fb7e5
3d4e83b59664d7a779fa777d4ee0e17a1bc09302f9b9cde60815a3142256d8b8

HTTP Headers

GET /img/main/footer.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/7LJJe/pack232.zip
Cookie: XSRF-TOKEN=eyJpdiI6IndCbjVMS0lkZW91RlMrVnFaeEt5aWc9PSIsInZhbHVlIjoiRzgvY3hhNlFIUEhVa3cvZjdINm5rdmE0enBLMEtRUGxleDcvOVoxQUU2SGJTRnBtS3NpLytKVFBXTW1aM24zWGt4dXVYQk11UVUyamJ3RHVaYXVmVnlnOW93TE1NTDRoMG1mL0d4TWtSclNzK2FKMmxlZ2E3VmhqTFRObG5tNkciLCJtYWMiOiJlOWM1ODUwOTUyODc5YjZkNjliZDVlNGNlMjRhMzYzNDZjYTJiNTBlNDcwN2VkODdiNDY4MjM4ZTcyNTBhNmZiIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6IitqcDFMMmpIT3dLVFYwUzFLQk1ZWlE9PSIsInZhbHVlIjoiNHN4YVdEZmc0bm5BR2JmZzFlRWFOSUt3bTg5bE52eTQyaS9SbEtNd0hnTVR5ZjFTdlRFVnNjYVdnRnB1d014SVh3NERVSjQxT01JZWFkL3JqbUZveVJBOW5rOGhwL1NnNHpIV0ZrQXFLSEgvQWg2Q0dLQVpqejFlOURyUTFNbTAiLCJtYWMiOiI1MWI0ZDJjMTlhMjg0Mzk3ZjU4MDk0ZTIwMDliZWVlYThlMWFiMTQ0MGY1MWUzNjA0NjJlN2JiYzg4MzUzNGU5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
content-length: 178070
etag: "62f35b9c-2b796"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ranges: bytes
date: Tue, 29 Nov 2022 15:50:16 GMT
expires: Tue, 29 Nov 2022 15:55:16 GMT
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css

104.17.25.14

200 OK

14 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65345)
Size
14 kB (14374 bytes)
Hash
642445b86596bdeaa98e92faa2064fc6
6c5539660bf533d34e37b917973c941d1c963374
4a5a39e9f325c5578dccd880c1d516eae190ee39f7539f4a6c6c52d2eee4cbdf

HTTP Headers

GET /ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 29 Nov 2022 15:55:01 GMT
content-type: text/css; charset=utf-8
content-length: 14374
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61498362-3826"
last-modified: Tue, 21 Sep 2021 07:01:54 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 10617219
expires: Sun, 19 Nov 2023 15:55:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RLzDCTk5eBM73Jp3%2Biv8MF8AAmZm2UkqZSZ8D12yYXfGJltRSN%2BD2gvGC%2BsRAbtsiUUB9ToaYq1ldPLp3WqTZD%2FIkbnT4R5zgwk%2FzEqkuoWWbwGcrPhdlTXqgxN%2FpkSDoHj4ednO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 771c86771c21b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js

104.17.25.14

200 OK

30 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65370)
Size
30 kB (29707 bytes)
Hash
d18c98bb03dac8dd996130d56f3d8e8c
cc1777baef75c9438534927036a21f22e91e5578
89a5585efd3c48a3870d383705937d51bb2a3a776eb01805a2629dd7a28e3c2e

HTTP Headers

GET /ajax/libs/filepond/4.30.3/filepond.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 29 Nov 2022 15:55:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 29707
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "615c7e96-740b"
last-modified: Tue, 05 Oct 2021 16:34:30 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 10781189
expires: Sun, 19 Nov 2023 15:55:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Ftt5B2Xws%2B3vuJ3C2QJRtmvsORuIkH88YkT0ADpOSImhzwI3eIeMNU%2B5nqwsDkEUF2FRwdatvE8kaP1hDNo%2BtGqw4if6W%2BkClDW%2BN7h3OZ%2B6W%2BdcdLYCdSyiiKVc11l%2BB2jDxKZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 771c86775c63b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js

104.17.25.14

200 OK

6.0 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (18706)
Size
6.0 kB (6037 bytes)
Hash
3773d4bd82b03cdfd02c9fd691f80d78
c4d89a2de179c90944835571b45877048f3c1424
5d05303e3777fd4f588b7167d0a22cd5ca499c238f78ec0cecbb3a8786de332d

HTTP Headers

GET /ajax/libs/popper.js/2.10.2/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 29 Nov 2022 15:55:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 6037
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6155af49-1795"
last-modified: Thu, 30 Sep 2021 12:36:25 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1619241
expires: Sun, 19 Nov 2023 15:55:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BgrGogDE%2FeCYn6zIpqObFU1xhNV0t%2BXBl%2BcshH2pnUN%2BoLeLHnEWMwxviPUorhPoWXOvt59dnzkFzY%2BxHQGcpElzKlzE9r82bKc%2B%2F%2B2TUVped%2BZP4hziczARyTxD0z0FyVtW1peS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 771c86775c6fb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.25.14

200 OK

28 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65447)
Size
28 kB (27938 bytes)
Hash
d900ca08873ee57d40616d39a44cc0aa
7ab3ac8b1504b7b914a6e94c979b8390bb492f6a
1eea479cc0abe04a0846f41031207f9511f12ffef017a6109d4efb6f5523465b

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 29 Nov 2022 15:55:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1551026
expires: Sun, 19 Nov 2023 15:55:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0uEfG3HzGnuA9cirrIdj2AlxZ%2BdHsPc5qexRFQxX%2FrjG2V1Ikd1UY6pdw1NKkb9eF2i9HOCFhkGhDQ3nWLL4wbgXcvuYfuWfOqJfYtx987j%2Bc%2F7y%2F096GCrqAJdrJ1D%2B0FltwJYs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 771c86775c64b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js

104.17.25.14

200 OK

15 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (58940)
Size
15 kB (14584 bytes)
Hash
28dbaeb9aa2638e0c4e6d9ffd3d14e9d
3208ed3741e60986bbed3fd759cdfd3b4fa7cf06
ababbb021f57966e125b8e296f9515f38d906b462697f7835e6914465dd0d362

HTTP Headers

GET /ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 29 Nov 2022 15:55:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 14584
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6161dfe3-38f8"
last-modified: Sat, 09 Oct 2021 18:30:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1119042
expires: Sun, 19 Nov 2023 15:55:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J2XiXSPI%2BF32bi0lCMlkeEXbtzKRkiLAmBDyPCB8U4GMnUniE95Eojn9QumF6WQJxFWU%2FtQxglOEjBm3ydaJGROTZlTDtOGda2km5e28L1sCVY2r35QeM0ft6k%2BcV0SnF5OyhT%2BY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 771c86775c73b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js

104.17.25.14

200 OK

3.0 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (10584)
Size
3.0 kB (3000 bytes)
Hash
e34a4db0b42ca907e0b7a56cd4b145ec
2dc36a7dcdfc42d122b23ef91483d27865c4285f
4b2a908e8d2c23d19da5e9ef4c6c77e7c6e8823b7aeb93233723f366ff6d217a

HTTP Headers

GET /ajax/libs/clipboard.js/2.0.8/clipboard.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 29 Nov 2022 15:55:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 3000
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6049431e-29b4"
last-modified: Wed, 10 Mar 2021 22:07:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2327166
expires: Sun, 19 Nov 2023 15:55:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FBeraYjAxIDlgTT2cPO70Qj4plNcJYCgvyleKzlEXQYmFJnPtA%2FwAuISNiuvKUhLVufkO3sKjs31pqgYhYwg%2BB1PmlrWrgj66ApNEKcaYSSf5%2BZB8fQ63lCL85TMu%2FnkSQr6xRU7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 771c86777c90b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js

104.17.25.14

200 OK

30 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65370)
Size
30 kB (29707 bytes)
Hash
d18c98bb03dac8dd996130d56f3d8e8c
cc1777baef75c9438534927036a21f22e91e5578
89a5585efd3c48a3870d383705937d51bb2a3a776eb01805a2629dd7a28e3c2e

HTTP Headers

GET /ajax/libs/filepond/4.30.3/filepond.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 29 Nov 2022 15:55:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 29707
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "615c7e96-740b"
last-modified: Tue, 05 Oct 2021 16:34:30 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 10781189
expires: Sun, 19 Nov 2023 15:55:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PeomQTHqSoe9rVVscCuzPPT584sQ5YMZ8LY4IJB%2FcYCEuKyrUZs1K0q7m3pHIb4J6OYqMk%2BmwFzi0OWgsW3K6R3ziik6rMp2gyGEsVs7wUUg5Qit6c4JTWh3v8y1CXBT57%2FKOQ08"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 771c86777c98b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/filepond/4.29.1/filepond.min.css

104.17.25.14

200 OK

2.9 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/filepond/4.29.1/filepond.min.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
assembler source, ASCII text, with very long lines (17282)
Size
2.9 kB (2934 bytes)
Hash
78aabb09e30a9eb6f833cbb1b48bdb2e
e876ff16b6c511bc217973e51202aaaf23a4e936
8d76a29a92bc268043a7bd4d0b8f171fffd6c6c3c8e18aa314d6dac1aeb542ae

HTTP Headers

GET /ajax/libs/filepond/4.29.1/filepond.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 29 Nov 2022 15:55:01 GMT
content-type: text/css; charset=utf-8
content-length: 2934
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "613afc53-b76"
last-modified: Fri, 10 Sep 2021 06:33:55 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 530991
expires: Sun, 19 Nov 2023 15:55:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f2jizoES7lUPuPprXz470jNUgP3%2FqRe1bnf2uMYSmxWxpO2848wBrobRZbE%2FEcb%2F5g8STmJU7BNHaW2njcn48ik068RimQmtJMMtrdaWHq0xOmGilvmKIW8O44vDbPjw9k%2Frs7xX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 771c8677ace1b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
ebda5539b32fd20ab6af182e1bc1e20b
4dd11178830150371e491ff52718a5f32b7e6169
7dde43dd3acc5353cc49b96dbced0a6995e47f52b4a055c6d4b35ab44e8f5fca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5148
Cache-Control: max-age=87948
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 15:55:01 GMT
Etag: "6384cbc5-117"
Expires: Wed, 30 Nov 2022 16:20:49 GMT
Last-Modified: Mon, 28 Nov 2022 14:55:01 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
ebda5539b32fd20ab6af182e1bc1e20b
4dd11178830150371e491ff52718a5f32b7e6169
7dde43dd3acc5353cc49b96dbced0a6995e47f52b4a055c6d4b35ab44e8f5fca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5148
Cache-Control: max-age=87948
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 15:55:01 GMT
Etag: "6384cbc5-117"
Expires: Wed, 30 Nov 2022 16:20:49 GMT
Last-Modified: Mon, 28 Nov 2022 14:55:01 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 15:08:56 GMT
cache-control: public,max-age=3600
age: 2765
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/sweetalert2@11

151.101.193.229

200 OK

18 kB

URL HTTP/2
cdn.jsdelivr.net/npm/sweetalert2@11
IP
151.101.193.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (43295)
Size
18 kB (18033 bytes)
Hash
d1c014750780316b0165f72b7c5dbdfa
f6304c0a6d279485b2729de0213500a9cbcd5b5a
bfa1a4e1470d6f6bb522befcef6c60098ecfae855c4dfe9157c5a81ebac45bc6

HTTP Headers

GET /npm/sweetalert2@11 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.6.14
x-jsd-version-type: version
etag: W/"fb49-+/dZCApQZmEeYYbR5fA6SnpuL68"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 29 Nov 2022 15:55:01 GMT
age: 14422
x-served-by: cache-fra-eddf8230057-FRA, cache-bma1641-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18033
X-Firefox-Spdy: h2

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
0f1f735b8e92aaf4a6b1b08a137a7f14
508c529ffdaf42cb222b46a4c125c76c3fb08be9
a2a7c35e148022addd34da631734f564c16838162eddd1991ac1b59961b7cb46

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 15:55:01 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "AD3A864477924B95F5FE21415D0713BCBA1ECEC6"
Expires: Wed, 30 Nov 2022 03:00:00 GMT
Last-Modified: Tue, 29 Nov 2022 15:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2708
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771c86788e58fac4-OSL

unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js

104.16.124.175

302 Found

24 kB

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js
IP
104.16.124.175:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
24 kB (23996 bytes)
Hash
48de563fefecca841ddb3eca4e11bc4f
7dce4a24ffca5605b9f7506674ace11a56ab4bee
de5f521c04ecefa8e0b8b200880ffcc99d51e4f49b588128357658729f1f536f

HTTP Headers

GET /filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Tue, 29 Nov 2022 15:55:01 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GK21F4M6HFS9RE12F672F8DR-ams
cf-cache-status: HIT
age: 111
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 771c86780885b517-OSL
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.41.91.37

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.41.91.37:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3hFGvJA/CnHP061FWeCaHA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: l9vJKOT94RqxIhGSDktR1Bab/wU=

unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js

104.16.124.175

302 Found

7.0 kB

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js
IP
104.16.124.175:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
7.0 kB (6998 bytes)
Hash
47e945bb8d91396558262d9cf966883d
7d0e9f1c300d531c68f2ad0c9ce4a2aaf8058313
e509b569ce90b78dc3b039010a8f547c1533aa5e3b4ee4ba217288126e9a60bd

HTTP Headers

GET /filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Tue, 29 Nov 2022 15:55:01 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GK21F4R1YRQCJE8WKY2YQTQY-ams
cf-cache-status: HIT
age: 111
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 771c8678088db517-OSL
X-Firefox-Spdy: h2

inklinkor.com/tag.min.js

172.67.211.29

200 OK

25 kB

URL HTTP/2
inklinkor.com/tag.min.js
IP
172.67.211.29:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
25 kB (25132 bytes)
Hash
813e46d21a7281f8d1246a943534a36c
89f82c9eedfb4cf6f72190ab3215ec838d1829a1
1b9110a16e918fbf5803036a95dfb78b9ac79a4b2e71b38e14a6c261ab43e335

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 29 Nov 2022 15:55:02 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 2e7bf06cffaea65a222f2fc76422ca3d
cache-control: max-age=86400
last-modified: Wed, 23 Nov 2022 10:03:42 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Wed, 30 Nov 2022 15:41:54 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mSKFon9dnZxK%2F20SqQHUdS%2FbShwzB5GaQF0C40nGABVN2tILOS4gQTXEUmyegWWSCi2b72Oq9awBqMsbskRV4qY9tjZj3Bd6qRNIDg%2BzPMrvcJlb%2BTZR252FEw%2F%2B8aAM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771c867a99461c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b887c73aed6c3e40ff6c16c11c2e2922
50ef7184ea758cecbdb5c34450925611b6c95329
0027a2437a75c0ab78e2cd555d6c887ff972cfcd9f1406bcdecb4f5fd97e2dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0027A2437A75C0AB78E2CD555D6C887FF972CFCD9F1406BCDECB4F5FD97E2DAC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16830
Expires: Tue, 29 Nov 2022 20:35:32 GMT
Date: Tue, 29 Nov 2022 15:55:02 GMT
Connection: keep-alive

anonymfile.com/ngx_pagespeed_beacon?url=http%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip

138.201.48.112

204 No Content

0 B

URL HTTP/2
anonymfile.com/ngx_pagespeed_beacon?url=http%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ngx_pagespeed_beacon?url=http%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/7LJJe/pack232.zip
Cookie: XSRF-TOKEN=eyJpdiI6IndCbjVMS0lkZW91RlMrVnFaeEt5aWc9PSIsInZhbHVlIjoiRzgvY3hhNlFIUEhVa3cvZjdINm5rdmE0enBLMEtRUGxleDcvOVoxQUU2SGJTRnBtS3NpLytKVFBXTW1aM24zWGt4dXVYQk11UVUyamJ3RHVaYXVmVnlnOW93TE1NTDRoMG1mL0d4TWtSclNzK2FKMmxlZ2E3VmhqTFRObG5tNkciLCJtYWMiOiJlOWM1ODUwOTUyODc5YjZkNjliZDVlNGNlMjRhMzYzNDZjYTJiNTBlNDcwN2VkODdiNDY4MjM4ZTcyNTBhNmZiIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6IitqcDFMMmpIT3dLVFYwUzFLQk1ZWlE9PSIsInZhbHVlIjoiNHN4YVdEZmc0bm5BR2JmZzFlRWFOSUt3bTg5bE52eTQyaS9SbEtNd0hnTVR5ZjFTdlRFVnNjYVdnRnB1d014SVh3NERVSjQxT01JZWFkL3JqbUZveVJBOW5rOGhwL1NnNHpIV0ZrQXFLSEgvQWg2Q0dLQVpqejFlOURyUTFNbTAiLCJtYWMiOiI1MWI0ZDJjMTlhMjg0Mzk3ZjU4MDk0ZTIwMDliZWVlYThlMWFiMTQ0MGY1MWUzNjA0NjJlN2JiYzg4MzUzNGU5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Tue, 29 Nov 2022 15:55:02 GMT
cache-control: max-age=0, no-cache
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
dfd37ae2da5cc16d38d1d0ce5a3af6da
224117ab84ae9dbf57b1be06a30d21cc83dc9de8
2f5c21e10be7edc1f944bec4d1b1036b975bcfd1cc17606fe95c2b00c9fb15e2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4402
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 15:55:02 GMT
Last-Modified: Tue, 29 Nov 2022 14:41:41 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
dfd37ae2da5cc16d38d1d0ce5a3af6da
224117ab84ae9dbf57b1be06a30d21cc83dc9de8
2f5c21e10be7edc1f944bec4d1b1036b975bcfd1cc17606fe95c2b00c9fb15e2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4402
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 15:55:02 GMT
Last-Modified: Tue, 29 Nov 2022 14:41:41 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ab4aa08fae72ab5a3faf9881aaf21c6f
1e8d23b619b5073f45d5558c59070ed3b8462114
4f8e847be14db15d5bf0781846019a186afd7dd491dea427adf36e175939c467

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4F8E847BE14DB15D5BF0781846019A186AFD7DD491DEA427ADF36E175939C467"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9485
Expires: Tue, 29 Nov 2022 18:33:07 GMT
Date: Tue, 29 Nov 2022 15:55:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8e8c89c17e336cca7a61b55895462e74
e27f9646f415cb235ed8eef9de30639dd355fad1
3cf03691d11e79366511035adff2fabce3d362860e670f4de949794d3b6268ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3CF03691D11E79366511035ADFF2FABCE3D362860E670F4DE949794D3B6268BA"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19702
Expires: Tue, 29 Nov 2022 21:23:24 GMT
Date: Tue, 29 Nov 2022 15:55:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ae08e4ab68a9b974d100e32fb800900
4ce0f7cb3fe345a1e30a543b776520fe509578b2
e956d9afcbb5685fa484cd4fbb2a38dfbd84c888bec357e97c5b196d4ba4698b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E956D9AFCBB5685FA484CD4FBB2A38DFBD84C888BEC357E97C5B196D4BA4698B"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17520
Expires: Tue, 29 Nov 2022 20:47:02 GMT
Date: Tue, 29 Nov 2022 15:55:02 GMT
Connection: keep-alive

tzegilo.com/stattag.js

104.21.84.149

200 OK

5.7 kB

URL HTTP/2
tzegilo.com/stattag.js
IP
104.21.84.149:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (12966), with no line terminators
Size
5.7 kB (5735 bytes)
Hash
69844511ce0b78d7a455aa89221282af
e0c19f1fc8df5eb35915fb3a16f8358020121416
e22175313bb05ec31615f776d0d05d213ae4a52736212e876fa05f56830a67f1

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 29 Nov 2022 15:55:02 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5913
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KB5skMuHazn5hb5%2FpQpjXG1YpHUlPojySQbAUAkS%2FGdGFzh0McJKuPWrQOZIHJbrgza8M7%2Fg7uJZcG99iG0ukxB1sNPJGLX52YUYGddznJgXT6aPDKCRDuw5c01xDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771c867c7b831c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=7b33e5170dc54c28acbbcf7b6c8c985c

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?userId=7b33e5170dc54c28acbbcf7b6c8c985c
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
24ab94727d9dc4ff4ae2d6cf5463f1d7
efdaf99e31ec97ed4468724d1f1286c2f61eddfb
f0e453cb5ac8923dc207d64a0313d3e4c03509c9ec4dba7106890b5af75a4385

HTTP Headers

GET /gid.js?userId=7b33e5170dc54c28acbbcf7b6c8c985c HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:02 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=7b33e5170dc54c28acbbcf7b6c8c985c; expires=Wed, 29 Nov 2023 15:55:02 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ibrapush.com/zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3=

139.45.197.250

200 OK

664 B

URL HTTP/2
ibrapush.com/zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3=
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (663)
Size
664 B (664 bytes)
Hash
924f83d583902548517c3327ff8e4493
7d5ea76f95d862b44558e6428f0a0d2bb20e2b0c
92e16e70459ff85e5803ded19d1f535cb6197a2b1eda7b254cb663b81908147c

HTTP Headers

GET /zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:02 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: c06669cffb7f28aec62d6c6b783e955b
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3d3db1701969a90e0df7e3fed5bd9d15
3b21dad117223210baa37dcddb7e24a70693a980
db3baa5c8749ec64e209dafb551526f098b2063b5247d2e9d6ac81057281afbf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DB3BAA5C8749EC64E209DAFB551526F098B2063B5247D2E9D6AC81057281AFBF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4108
Expires: Tue, 29 Nov 2022 17:03:30 GMT
Date: Tue, 29 Nov 2022 15:55:02 GMT
Connection: keep-alive

nanouwho.com/1?z=5307589

139.45.197.242

200 OK

8.2 kB

URL HTTP/2
nanouwho.com/1?z=5307589
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (16471)
Size
8.2 kB (8209 bytes)
Hash
39e58666e39cbb785c3d09c7330dba27
08607d477ec4a7511d93918f7f0b2681eea1637e
4553ec098da1038e779b7c47f3724f6a259a3c00fd8ee69ecf0255c752ef2469

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1?z=5307589 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:02 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: d28b4f8cf23b6d5c4343fe27c6d98d70
access-control-expose-headers: X-Sc
x-sc: VS3dJ5u0W3brawsYFCu8c4tYXKodpG7GRKWexasgsUBCLN_B4OTQTJvuDAuIT7JgqazAtHNmTF4F2lONLSBVcgOfFUs=
set-cookie: scm=1; expires=Wed, 29 Nov 2023 15:55:02 GMT; secure; SameSite=None
OAID=9ec6361ec00f4443bcf4242869c0a045; expires=Wed, 29 Nov 2023 15:55:02 GMT; secure; SameSite=None
oaidts=1669737302; expires=Wed, 29 Nov 2023 15:55:02 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

nanouwho.com/27/04ab1c44ee7c7870e42713e938fe14f2

139.45.197.242

200 OK

123 kB

URL HTTP/2
nanouwho.com/27/04ab1c44ee7c7870e42713e938fe14f2
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (65523)
Size
123 kB (123395 bytes)
Hash
002c620ace9c4bc9e663e9559bb41ec2
9206e373196f6f83ed6f9d839bc234a4de8a76e4
9a40d66313a0699abba86d39e638cd20c20ad917c3722ae1852dd03e6c0e9047

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /27/04ab1c44ee7c7870e42713e938fe14f2 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=9ec6361ec00f4443bcf4242869c0a045; oaidts=1669737302
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:02 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Mon, 28 Nov 2022 04:04:40 GMT
expires: Mon, 28 Dec 2082 04:04:40 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 382
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:02 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 2295541e9bd6f3f93e433eefb2bb455a
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 763
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:02 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 679536918f72be88bd75947e6a660f28
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
081f27e87b02fb79b3453a116e731959
03e52819d86a0fa523e77ed24126e76e5369bd21
10283df9fce094267720532246e9d80b3c2061425f657497652e71de4c95de06

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 15:55:02 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 01:33:19 GMT
Expires: Tue, 06 Dec 2022 01:33:18 GMT
Etag: "03e52819d86a0fa523e77ed24126e76e5369bd21"
Cache-Control: max-age=552495,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771c867d8a480b45-OSL

bedrapiona.com/5/5307591/?oo=1&js_build=iclick-v1.454.0

139.45.197.234

200 OK

1.4 kB

URL HTTP/2
bedrapiona.com/5/5307591/?oo=1&js_build=iclick-v1.454.0
IP
139.45.197.234:0
ASN
#9002 RETN Limited

File type
data
Size
1.4 kB (1436 bytes)
Hash
7e6709899ae8f03aa50ace8cb35ea709
ce9262258f88ceb32cfc01a3d68aef40af0c5576
9f95990b1460b8c5fc2716fb78ca0b08c5cb4397f9ee7ef7de4e8449d0e3518c

HTTP Headers

GET /5/5307591/?oo=1&js_build=iclick-v1.454.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:02 GMT
content-type: application/json
x-trace-id: 40a3d0540ebf371ee59788efe2b1f6ef
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=7b33e5170dc54c28acbbcf7b6c8c985c; expires=Wed, 29 Nov 2023 15:55:02 GMT; path=/; secure; SameSite=None
oaidts=1669737302; expires=Wed, 29 Nov 2023 15:55:02 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

nanouwho.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=7b33e5170dc54c28acbbcf7b6c8c985c

139.45.197.242

204 No Content

0 B

URL HTTP/2
nanouwho.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=7b33e5170dc54c28acbbcf7b6c8c985c
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=7b33e5170dc54c28acbbcf7b6c8c985c HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Tue, 29 Nov 2022 15:55:02 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

nanouwho.com/11?rnd=3372972648&z=5307589&b=15678895&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=3HtcOd_-M8--D8pJhqXHjYifb8zC_UzslKyNbIxs9VeozITH2G4nHvGV40Q-Kf0tmfLXD6GyxkxMNNBZrbM1FhL_EO89Jkz1AGdjB2QuPSfxZBSzSLx-9OTHHPDA-vGwUaY2ah-_0RhSIb3DVzsxQ8wet7-cGFSqghodlVnS0ECrUECtfi64J2OnSPYHx8jpBRhrGmkIuZW7RcVGfMsCCSNrfZUSbkn_6BsDlgMy5_wbB_ICoGnCMCqIw9Eb32vX2kND9UNOufWncb8ptnkh9jcIDH3mvEylvdJ-BdSIdWYkj7LBAmWTRa-0ZmLkwS5lYwp96xX5kfXyJCgxeWKcuI4uBBXPOizM-vRyr1k8n-lFZHh0cb28w3rAU4AjqBePPfA-GQ_Kk5kWcsqOBcfuIBWXktWHhDg7Ps4M01e8NItD0XdEueL-pfkYxZGwYu1jp4EvsZKCsFNSLX9xURxtyoq6xa455hbpKJ0ykiMcC53djJJTAxJCcnrZM64onl-fbUDF001aFGQ8SK8wrlYLnfc4MNdtmhj5zPt50m1L0OZn8KBy3qkHoBLe4ff6KQujf45j2qQgRy-SprwIOV0R6pSbXxOWdZzXsYVRo3qVSNXzZn2_EY--7YDovx4zQIAof3uky55cJrdn5NhF&ruid=e759df83-537a-43f4-bbb0-0b6d04166d18&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=79

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/11?rnd=3372972648&z=5307589&b=15678895&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=3HtcOd_-M8--D8pJhqXHjYifb8zC_UzslKyNbIxs9VeozITH2G4nHvGV40Q-Kf0tmfLXD6GyxkxMNNBZrbM1FhL_EO89Jkz1AGdjB2QuPSfxZBSzSLx-9OTHHPDA-vGwUaY2ah-_0RhSIb3DVzsxQ8wet7-cGFSqghodlVnS0ECrUECtfi64J2OnSPYHx8jpBRhrGmkIuZW7RcVGfMsCCSNrfZUSbkn_6BsDlgMy5_wbB_ICoGnCMCqIw9Eb32vX2kND9UNOufWncb8ptnkh9jcIDH3mvEylvdJ-BdSIdWYkj7LBAmWTRa-0ZmLkwS5lYwp96xX5kfXyJCgxeWKcuI4uBBXPOizM-vRyr1k8n-lFZHh0cb28w3rAU4AjqBePPfA-GQ_Kk5kWcsqOBcfuIBWXktWHhDg7Ps4M01e8NItD0XdEueL-pfkYxZGwYu1jp4EvsZKCsFNSLX9xURxtyoq6xa455hbpKJ0ykiMcC53djJJTAxJCcnrZM64onl-fbUDF001aFGQ8SK8wrlYLnfc4MNdtmhj5zPt50m1L0OZn8KBy3qkHoBLe4ff6KQujf45j2qQgRy-SprwIOV0R6pSbXxOWdZzXsYVRo3qVSNXzZn2_EY--7YDovx4zQIAof3uky55cJrdn5NhF&ruid=e759df83-537a-43f4-bbb0-0b6d04166d18&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=79
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /11?rnd=3372972648&z=5307589&b=15678895&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=3HtcOd_-M8--D8pJhqXHjYifb8zC_UzslKyNbIxs9VeozITH2G4nHvGV40Q-Kf0tmfLXD6GyxkxMNNBZrbM1FhL_EO89Jkz1AGdjB2QuPSfxZBSzSLx-9OTHHPDA-vGwUaY2ah-_0RhSIb3DVzsxQ8wet7-cGFSqghodlVnS0ECrUECtfi64J2OnSPYHx8jpBRhrGmkIuZW7RcVGfMsCCSNrfZUSbkn_6BsDlgMy5_wbB_ICoGnCMCqIw9Eb32vX2kND9UNOufWncb8ptnkh9jcIDH3mvEylvdJ-BdSIdWYkj7LBAmWTRa-0ZmLkwS5lYwp96xX5kfXyJCgxeWKcuI4uBBXPOizM-vRyr1k8n-lFZHh0cb28w3rAU4AjqBePPfA-GQ_Kk5kWcsqOBcfuIBWXktWHhDg7Ps4M01e8NItD0XdEueL-pfkYxZGwYu1jp4EvsZKCsFNSLX9xURxtyoq6xa455hbpKJ0ykiMcC53djJJTAxJCcnrZM64onl-fbUDF001aFGQ8SK8wrlYLnfc4MNdtmhj5zPt50m1L0OZn8KBy3qkHoBLe4ff6KQujf45j2qQgRy-SprwIOV0R6pSbXxOWdZzXsYVRo3qVSNXzZn2_EY--7YDovx4zQIAof3uky55cJrdn5NhF&ruid=e759df83-537a-43f4-bbb0-0b6d04166d18&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=79 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=7b33e5170dc54c28acbbcf7b6c8c985c; oaidts=1669737302
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:03 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: b7ffd574a8dcd9ccefea18ef354a56ac
access-control-expose-headers: X-Sc
set-cookie: OAID=7b33e5170dc54c28acbbcf7b6c8c985c; expires=Wed, 29 Nov 2023 15:55:03 GMT; secure; SameSite=None
oaidts=1669737302; expires=Wed, 29 Nov 2023 15:55:03 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

betotodilea.com/500/5307588?excludes=&oaid=7b33e5170dc54c28acbbcf7b6c8c985c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5307588?excludes=&oaid=7b33e5170dc54c28acbbcf7b6c8c985c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /500/5307588?excludes=&oaid=7b33e5170dc54c28acbbcf7b6c8c985c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:03 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e4fd90ddd07011b51e9ef88955645554
6589b0a51a6bda338bd4cea26fe2ec74654f0f83
d5f3f6dbf4fa85d20e3d9d7a587f96632bd619998113b6ef373f1b91d4f89e7c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D5F3F6DBF4FA85D20E3D9D7A587F96632BD619998113B6EF373F1B91D4F89E7C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7939
Expires: Tue, 29 Nov 2022 18:07:22 GMT
Date: Tue, 29 Nov 2022 15:55:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20452
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 15:55:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20452
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 15:55:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20452
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 15:55:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20452
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 15:55:03 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20452
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 15:55:03 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10176 bytes)
Hash
03014221d7f49b50ffc2d1b0a0e75457
772d86ad983042a728ee3490630a9cf1134ad0dd
81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10176
x-amzn-requestid: c2231955-5c78-4073-8399-b8b90f1add78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMo3oHpSoAMF5Qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bb63-55a1cb004ac73c8b02f2fb8d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:08:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uGocx-Lv8ieJVvICjnTGQZyzaQzjVdICX2RZaNyBTQvUKeIcNxaCJQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 04:49:50 GMT
age: 39913
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4417 bytes)
Hash
a2a5c8d4113d282600462749315f2c4f
e2b4d2e15bb7c086333c0da438873e4c139ba931
9b5d0e5dd11d4cbf1c78a71730cd63544170c91ab635bf3cf917827ac84874e6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4417
x-amzn-requestid: 01de83c2-51d2-4329-98f6-09a0edf46942
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnGEcRIAMFaXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852960-34583b6c588a0e937fcfaa46;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wqEe45jzMOryT-E-vThc39-cLiZudKF4gn6cS3LBmeaJ2amJF5GPIA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:54 GMT
age: 65289
etag: "e2b4d2e15bb7c086333c0da438873e4c139ba931"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4916 bytes)
Hash
83c1fedec73299637cc7dc47c48af758
2e3f7326aeea6be8a34bf2c39b34862c07bfdc41
1fea143e23bb0156062f4c06569824900a67ed83cb99fd635d4c4ab968dc65e9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4916
x-amzn-requestid: b8c80a6c-e3f1-4f20-beb8-27b0af760692
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrELFoAMFaeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-155cfb365525173c0ede8adb;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Twtw6dO3pjTB9OLi0HliKKCDgCuHRqgtx4PFTczrZQ9f8JztgXZoSg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:18:11 GMT
age: 45412
etag: "2e3f7326aeea6be8a34bf2c39b34862c07bfdc41"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9430 bytes)
Hash
1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NMMuQ1NNks65LJK_HDAK69MfCJ3pS0Y6VzBs8_5Oku64v4FSWADCdw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 22:01:55 GMT
age: 64388
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3527eb28-888e-447d-90fd-1226d5b94433.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8921 bytes)
Hash
823e92f62ff7b3c2093828817d7f2866
c501de9eaa581a10b0b5fce40b54bb10f57f7c29
7d89669e23682f167b2fe1eff9edc5939112ec66b6b4e6389ef8aec78ccbdfe5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3527eb28-888e-447d-90fd-1226d5b94433.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8921
x-amzn-requestid: 98baf100-c007-4c44-89aa-b9cf55fa3f94
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnwFYToAMFoWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852964-1227b5a9100c206e0c64f4b2;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ivu6pzZ6dbt3I4tuFMg4oHcuPVdyNS-F3k_lQdmKoXFkdCfSseAEwQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:55 GMT
age: 65288
etag: "c501de9eaa581a10b0b5fce40b54bb10f57f7c29"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9376 bytes)
Hash
cce27a1fe8c0222811a5ce0e7f89e1cb
28c165bac8cf68cd1b0763c311aece00672cb3a5
4530e34a47ef78c2c2b0d34a0511253a61f1927b192ab42f82361002ff10819e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9376
x-amzn-requestid: c52b3092-90d2-4289-b6e0-ab99c9d4710a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPmz3EVUoAMFWUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382eb4b-39f46c89238eff696e9f2dba;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 04:44:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ofQEhaEiX1vE25a_1xHeab9Px9zgGpk8omlX_aHmLE1oN1aZTPzWxQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 10:09:32 GMT
age: 20731
etag: "28c165bac8cf68cd1b0763c311aece00672cb3a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

interstitial-07.com/contents/s/48/d5/69/b4e2304d0defb0ebfb28f0c177/0982711621690.jpeg

139.45.197.155

200 OK

22 kB

URL HTTP/2
interstitial-07.com/contents/s/48/d5/69/b4e2304d0defb0ebfb28f0c177/0982711621690.jpeg
IP
139.45.197.155:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Size
22 kB (22082 bytes)
Hash
48d569b4e2304d0defb0ebfb28f0c177
67f5ba42d04f3f6e866f5c3818eed999fc519078
4652008fea2da7487d039c47e2db3abc5e7d2d00860bd11823f218e1ecb84e3f

HTTP Headers

GET /contents/s/48/d5/69/b4e2304d0defb0ebfb28f0c177/0982711621690.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=4zRVEGT4TQSgCFP&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2927507587%26z%3D5307589%26b%3D15678895%26c%3D6310333%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1141%2526key%253D6d92cc76db26593ec9f35607e6e3051c%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D3HtcOd_-M8--D8pJhqXHjYifb8zC_UzslKyNbIxs9VeozITH2G4nHvGV40Q-Kf0tmfLXD6GyxkxMNNBZrbM1FhL_EO89Jkz1AGdjB2QuPSfxZBSzSLx-9OTHHPDA-vGwUaY2ah-_0RhSIb3DVzsxQ8wet7-cGFSqghodlVnS0ECrUECtfi64J2OnSPYHx8jpBRhrGmkIuZW7RcVGfMsCCSNrfZUSbkn_6BsDlgMy5_wbB_ICoGnCMCqIw9Eb32vX2kND9UNOufWncb8ptnkh9jcIDH3mvEylvdJ-BdSIdWYkj7LBAmWTRa-0ZmLkwS5lYwp96xX5kfXyJCgxeWKcuI4uBBXPOizM-vRyr1k8n-lFZHh0cb28w3rAU4AjqBePPfA-GQ_Kk5kWcsqOBcfuIBWXktWHhDg7Ps4M01e8NItD0XdEueL-pfkYxZGwYu1jp4EvsZKCsFNSLX9xURxtyoq6xa455hbpKJ0ykiMcC53djJJTAxJCcnrZM64onl-fbUDF001aFGQ8SK8wrlYLnfc4MNdtmhj5zPt50m1L0OZn8KBy3qkHoBLe4ff6KQujf45j2qQgRy-SprwIOV0R6pSbXxOWdZzXsYVRo3qVSNXzZn2_EY--7YDovx4zQIAof3uky55cJrdn5NhF%26bag%3DHBQRD2DVrBLxyGC0bJRK8w%3D%3D%26ruid%3De759df83-537a-43f4-bbb0-0b6d04166d18%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252F7LJJe%252Fpack232.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:03 GMT
content-type: image/jpeg
content-length: 22082
last-modified: Thu, 13 Oct 2022 07:23:39 GMT
vary: Accept-Encoding
etag: "6347bcfb-5642"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
614da8f925b88a5a7b662acd4eadffc2
024547cda47a0ae4b4fd9aa1b3637e1b4fcce46f
85177a491b51d70649cd6a7d6bc40f71bafd26f63ad522650f777fa733ebe498

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85177A491B51D70649CD6A7D6BC40F71BAFD26F63AD522650F777FA733EBE498"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10633
Expires: Tue, 29 Nov 2022 18:52:16 GMT
Date: Tue, 29 Nov 2022 15:55:03 GMT
Connection: keep-alive

interstitial-07.com/contents/s/cf/e3/c6/357c4eaea3ed3e2e344967417e/0425459167440.jpeg

139.45.197.155

200 OK

54 kB

URL HTTP/2
interstitial-07.com/contents/s/cf/e3/c6/357c4eaea3ed3e2e344967417e/0425459167440.jpeg
IP
139.45.197.155:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Size
54 kB (54466 bytes)
Hash
cfe3c6357c4eaea3ed3e2e344967417e
1d4d9f3ab0e0a6e3d346b3c2540ebbe07ebd6109
d0388861931b832e7f50a4cb01f46a670c370c0516ac8e5692d062c3c07ceba6

HTTP Headers

GET /contents/s/cf/e3/c6/357c4eaea3ed3e2e344967417e/0425459167440.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=4zRVEGT4TQSgCFP&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2927507587%26z%3D5307589%26b%3D15678895%26c%3D6310333%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1141%2526key%253D6d92cc76db26593ec9f35607e6e3051c%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D3HtcOd_-M8--D8pJhqXHjYifb8zC_UzslKyNbIxs9VeozITH2G4nHvGV40Q-Kf0tmfLXD6GyxkxMNNBZrbM1FhL_EO89Jkz1AGdjB2QuPSfxZBSzSLx-9OTHHPDA-vGwUaY2ah-_0RhSIb3DVzsxQ8wet7-cGFSqghodlVnS0ECrUECtfi64J2OnSPYHx8jpBRhrGmkIuZW7RcVGfMsCCSNrfZUSbkn_6BsDlgMy5_wbB_ICoGnCMCqIw9Eb32vX2kND9UNOufWncb8ptnkh9jcIDH3mvEylvdJ-BdSIdWYkj7LBAmWTRa-0ZmLkwS5lYwp96xX5kfXyJCgxeWKcuI4uBBXPOizM-vRyr1k8n-lFZHh0cb28w3rAU4AjqBePPfA-GQ_Kk5kWcsqOBcfuIBWXktWHhDg7Ps4M01e8NItD0XdEueL-pfkYxZGwYu1jp4EvsZKCsFNSLX9xURxtyoq6xa455hbpKJ0ykiMcC53djJJTAxJCcnrZM64onl-fbUDF001aFGQ8SK8wrlYLnfc4MNdtmhj5zPt50m1L0OZn8KBy3qkHoBLe4ff6KQujf45j2qQgRy-SprwIOV0R6pSbXxOWdZzXsYVRo3qVSNXzZn2_EY--7YDovx4zQIAof3uky55cJrdn5NhF%26bag%3DHBQRD2DVrBLxyGC0bJRK8w%3D%3D%26ruid%3De759df83-537a-43f4-bbb0-0b6d04166d18%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252F7LJJe%252Fpack232.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:03 GMT
content-type: image/jpeg
content-length: 54466
last-modified: Wed, 13 Apr 2022 02:17:27 GMT
vary: Accept-Encoding
etag: "625632b7-d4c2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

offerimage.com/www/images/2fed87d8d9131d075b72354b838c2d77.jpeg

104.22.33.172

200 OK

11 kB

URL HTTP/2
offerimage.com/www/images/2fed87d8d9131d075b72354b838c2d77.jpeg
IP
104.22.33.172:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 192x192, components 3\012- data
Size
11 kB (10853 bytes)
Hash
2fed87d8d9131d075b72354b838c2d77
69624c46c1556c35c67e85724451cce20ad405ec
8adac582983620ad0421a1be7648f58c731feaf3de0bf027ebefe412505b01ed

HTTP Headers

GET /www/images/2fed87d8d9131d075b72354b838c2d77.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 29 Nov 2022 15:55:03 GMT
content-type: image/jpeg
content-length: 10853
cache-control: max-age=86400
cf-bgj: h2pri
etag: "62b2c84c-2a65"
expires: Wed, 30 Nov 2022 08:26:08 GMT
last-modified: Wed, 22 Jun 2022 07:44:12 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 26935
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 771c86820e839924-ARN
X-Firefox-Spdy: h2

unphionetor.com/vctx?t=72747

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vctx?t=72747
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Tue, 29 Nov 2022 15:55:03 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: f090f01be26764b5d4a5488431aaaa0a
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Tue, 29 Nov 2022 15:55:03 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 0281cd055b53ce0539de6f25d19bd93c
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

nanouwho.com/15?rnd=2753011074&z=5307589&var=&rb=3HtcOd_-M8--D8pJhqXHjYifb8zC_UzslKyNbIxs9VeozITH2G4nHvGV40Q-Kf0tmfLXD6GyxkxMNNBZrbM1FhL_EO89Jkz1AGdjB2QuPSfxZBSzSLx-9OTHHPDA-vGwUaY2ah-_0RhSIb3DVzsxQ8wet7-cGFSqghodlVnS0ECrUECtfi64J2OnSPYHx8jpBRhrGmkIuZW7RcVGfMsCCSNrfZUSbkn_6BsDlgMy5_wbB_ICoGnCMCqIw9Eb32vX2kND9UNOufWncb8ptnkh9jcIDH3mvEylvdJ-BdSIdWYkj7LBAmWTRa-0ZmLkwS5lYwp96xX5kfXyJCgxeWKcuI4uBBXPOizM-vRyr1k8n-lFZHh0cb28w3rAU4AjqBePPfA-GQ_Kk5kWcsqOBcfuIBWXktWHhDg7Ps4M01e8NItD0XdEueL-pfkYxZGwYu1jp4EvsZKCsFNSLX9xURxtyoq6xa455hbpKJ0ykiMcC53djJJTAxJCcnrZM64onl-fbUDF001aFGQ8SK8wrlYLnfc4MNdtmhj5zPt50m1L0OZn8KBy3qkHoBLe4ff6KQujf45j2qQgRy-SprwIOV0R6pSbXxOWdZzXsYVRo3qVSNXzZn2_EY--7YDovx4zQIAof3uky55cJrdn5NhF&ruid=e759df83-537a-43f4-bbb0-0b6d04166d18&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.091%2C%22location%22%3A%22https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D

139.45.197.242

204 No Content

0 B

URL HTTP/2
nanouwho.com/15?rnd=2753011074&z=5307589&var=&rb=3HtcOd_-M8--D8pJhqXHjYifb8zC_UzslKyNbIxs9VeozITH2G4nHvGV40Q-Kf0tmfLXD6GyxkxMNNBZrbM1FhL_EO89Jkz1AGdjB2QuPSfxZBSzSLx-9OTHHPDA-vGwUaY2ah-_0RhSIb3DVzsxQ8wet7-cGFSqghodlVnS0ECrUECtfi64J2OnSPYHx8jpBRhrGmkIuZW7RcVGfMsCCSNrfZUSbkn_6BsDlgMy5_wbB_ICoGnCMCqIw9Eb32vX2kND9UNOufWncb8ptnkh9jcIDH3mvEylvdJ-BdSIdWYkj7LBAmWTRa-0ZmLkwS5lYwp96xX5kfXyJCgxeWKcuI4uBBXPOizM-vRyr1k8n-lFZHh0cb28w3rAU4AjqBePPfA-GQ_Kk5kWcsqOBcfuIBWXktWHhDg7Ps4M01e8NItD0XdEueL-pfkYxZGwYu1jp4EvsZKCsFNSLX9xURxtyoq6xa455hbpKJ0ykiMcC53djJJTAxJCcnrZM64onl-fbUDF001aFGQ8SK8wrlYLnfc4MNdtmhj5zPt50m1L0OZn8KBy3qkHoBLe4ff6KQujf45j2qQgRy-SprwIOV0R6pSbXxOWdZzXsYVRo3qVSNXzZn2_EY--7YDovx4zQIAof3uky55cJrdn5NhF&ruid=e759df83-537a-43f4-bbb0-0b6d04166d18&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.091%2C%22location%22%3A%22https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /15?rnd=2753011074&z=5307589&var=&rb=3HtcOd_-M8--D8pJhqXHjYifb8zC_UzslKyNbIxs9VeozITH2G4nHvGV40Q-Kf0tmfLXD6GyxkxMNNBZrbM1FhL_EO89Jkz1AGdjB2QuPSfxZBSzSLx-9OTHHPDA-vGwUaY2ah-_0RhSIb3DVzsxQ8wet7-cGFSqghodlVnS0ECrUECtfi64J2OnSPYHx8jpBRhrGmkIuZW7RcVGfMsCCSNrfZUSbkn_6BsDlgMy5_wbB_ICoGnCMCqIw9Eb32vX2kND9UNOufWncb8ptnkh9jcIDH3mvEylvdJ-BdSIdWYkj7LBAmWTRa-0ZmLkwS5lYwp96xX5kfXyJCgxeWKcuI4uBBXPOizM-vRyr1k8n-lFZHh0cb28w3rAU4AjqBePPfA-GQ_Kk5kWcsqOBcfuIBWXktWHhDg7Ps4M01e8NItD0XdEueL-pfkYxZGwYu1jp4EvsZKCsFNSLX9xURxtyoq6xa455hbpKJ0ykiMcC53djJJTAxJCcnrZM64onl-fbUDF001aFGQ8SK8wrlYLnfc4MNdtmhj5zPt50m1L0OZn8KBy3qkHoBLe4ff6KQujf45j2qQgRy-SprwIOV0R6pSbXxOWdZzXsYVRo3qVSNXzZn2_EY--7YDovx4zQIAof3uky55cJrdn5NhF&ruid=e759df83-537a-43f4-bbb0-0b6d04166d18&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.091%2C%22location%22%3A%22https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=7b33e5170dc54c28acbbcf7b6c8c985c; oaidts=1669737302
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Tue, 29 Nov 2022 15:55:04 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: a3a71b98f500c5ad928c7632e1b02dcd
access-control-expose-headers: X-Sc
set-cookie: OAID=7b33e5170dc54c28acbbcf7b6c8c985c; expires=Wed, 29 Nov 2023 15:55:04 GMT; secure; SameSite=None
oaidts=1669737302; expires=Wed, 29 Nov 2023 15:55:04 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

unphionetor.com/fv.js?t=72747&cb=1880195983

139.45.197.236

200 OK

2.2 kB

URL HTTP/2
unphionetor.com/fv.js?t=72747&cb=1880195983
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (5213), with no line terminators
Size
2.2 kB (2153 bytes)
Hash
0254fb1dad74628b7ad0f97d304fac92
35f7af13a08eb87023ec7df4d3c35c21b2cde79d
47fb6ce428ca80ea69b772e4f66e4e5c622a4005db601746033d04511bd27536

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fv.js?t=72747&cb=1880195983 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:03 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 4c2f474fde766d30ddb081f9e1596603
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

betotodilea.com/impression/HBBcdeDBPtTHRDpuMaJWMqNCe2uRsbjrCO8xBd4smZY6tfsAWy_w9ErJGnw_Yt8KAbQsEaTSbzBjrIvIb1tiDn8w320p_V88z2beqroP82kYf-Ww9T_zXPs-IY47lkqnvT61UVfVAh7u-WWfHSoQYlrNV2qDg0AgMufa7_keXKVxvudsSKkrmFKzNKOI1IXT4NpzgepJAzoTIpzUW0L2a_NURqBODNnRfuLLTO4fd1USpDUgVtCfzhsYUhimcBA-69xNEnlkMytH_xuXIRl115Pr7WCSrUS33FXOhKhrAgCM7HmkF1eIpkzvji9hqUJJU4NQG2QQfmTJ2DKBEm0RByuBHyIpdFGvdueo5Omqvkhwd3IOkJgrk_81OFz3ozN88FXGMokY3YgTPBUJeUXHLSET3id5J9bSIXrggtsItGuAHJjFKp-cXw1YwZi-CDDrONYjXReW2X0ISj1cLfnXNCrBnP7mmXJzUhiB8q3pK4guZTczI7BTtW97RGG5yLvOCuY_bfZDJAsTQIDcIp7zioKz12_72FP0TIhLT2AGseJ1dxK-ZMqnP2LXQILKjlcKO7QpQRsB3RsfBGXvntdpbILRM7bd4Qdk?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

43 B

URL HTTP/2
betotodilea.com/impression/HBBcdeDBPtTHRDpuMaJWMqNCe2uRsbjrCO8xBd4smZY6tfsAWy_w9ErJGnw_Yt8KAbQsEaTSbzBjrIvIb1tiDn8w320p_V88z2beqroP82kYf-Ww9T_zXPs-IY47lkqnvT61UVfVAh7u-WWfHSoQYlrNV2qDg0AgMufa7_keXKVxvudsSKkrmFKzNKOI1IXT4NpzgepJAzoTIpzUW0L2a_NURqBODNnRfuLLTO4fd1USpDUgVtCfzhsYUhimcBA-69xNEnlkMytH_xuXIRl115Pr7WCSrUS33FXOhKhrAgCM7HmkF1eIpkzvji9hqUJJU4NQG2QQfmTJ2DKBEm0RByuBHyIpdFGvdueo5Omqvkhwd3IOkJgrk_81OFz3ozN88FXGMokY3YgTPBUJeUXHLSET3id5J9bSIXrggtsItGuAHJjFKp-cXw1YwZi-CDDrONYjXReW2X0ISj1cLfnXNCrBnP7mmXJzUhiB8q3pK4guZTczI7BTtW97RGG5yLvOCuY_bfZDJAsTQIDcIp7zioKz12_72FP0TIhLT2AGseJ1dxK-ZMqnP2LXQILKjlcKO7QpQRsB3RsfBGXvntdpbILRM7bd4Qdk?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impression/HBBcdeDBPtTHRDpuMaJWMqNCe2uRsbjrCO8xBd4smZY6tfsAWy_w9ErJGnw_Yt8KAbQsEaTSbzBjrIvIb1tiDn8w320p_V88z2beqroP82kYf-Ww9T_zXPs-IY47lkqnvT61UVfVAh7u-WWfHSoQYlrNV2qDg0AgMufa7_keXKVxvudsSKkrmFKzNKOI1IXT4NpzgepJAzoTIpzUW0L2a_NURqBODNnRfuLLTO4fd1USpDUgVtCfzhsYUhimcBA-69xNEnlkMytH_xuXIRl115Pr7WCSrUS33FXOhKhrAgCM7HmkF1eIpkzvji9hqUJJU4NQG2QQfmTJ2DKBEm0RByuBHyIpdFGvdueo5Omqvkhwd3IOkJgrk_81OFz3ozN88FXGMokY3YgTPBUJeUXHLSET3id5J9bSIXrggtsItGuAHJjFKp-cXw1YwZi-CDDrONYjXReW2X0ISj1cLfnXNCrBnP7mmXJzUhiB8q3pK4guZTczI7BTtW97RGG5yLvOCuY_bfZDJAsTQIDcIp7zioKz12_72FP0TIhLT2AGseJ1dxK-ZMqnP2LXQILKjlcKO7QpQRsB3RsfBGXvntdpbILRM7bd4Qdk?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=7b33e5170dc54c28acbbcf7b6c8c985c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:07 GMT
content-type: image/gif
content-length: 43
x-trace-id: 121377a883711b1560a3b9edd59c25d3
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

betotodilea.com/500/5307588?excludes=15161934&oaid=7b33e5170dc54c28acbbcf7b6c8c985c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5307588?excludes=15161934&oaid=7b33e5170dc54c28acbbcf7b6c8c985c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /500/5307588?excludes=15161934&oaid=7b33e5170dc54c28acbbcf7b6c8c985c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:07 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

139.45.197.237

200 OK

16 kB

URL HTTP/2
betotodilea.com/500/5307588?excludes=15161934&oaid=7b33e5170dc54c28acbbcf7b6c8c985c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
16 kB (16013 bytes)
Hash
fd49cc7ca114765f07625577c54936df
980578e6c4e71ed493c67af88210244464a9fb4f
0e21971a55d277dc52028655a3251fe82c7c850332695957feebf7aba6fcea99

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /500/5307588?excludes=15161934&oaid=7b33e5170dc54c28acbbcf7b6c8c985c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=7b33e5170dc54c28acbbcf7b6c8c985c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:08 GMT
content-type: application/javascript
x-trace-id: 6b0ce76dd032edd2de1733ce872ce211
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=7b33e5170dc54c28acbbcf7b6c8c985c; expires=Wed, 29 Nov 2023 15:55:08 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5307588?excludes=&oaid=7b33e5170dc54c28acbbcf7b6c8c985c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /500/5307588?excludes=&oaid=7b33e5170dc54c28acbbcf7b6c8c985c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=1167c0f33b204b91a340fbf0c345bc0b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:03 GMT
content-type: application/javascript
x-trace-id: 00640e27b6a32a9a5cdc1f9cfa72ab99
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=7b33e5170dc54c28acbbcf7b6c8c985c; expires=Wed, 29 Nov 2023 15:55:03 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=7b33e5170dc54c28acbbcf7b6c8c985c
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F7LJJe%2Fpack232.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=7b33e5170dc54c28acbbcf7b6c8c985c HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 105
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=9ec6361ec00f4443bcf4242869c0a045; oaidts=1669737302
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:02 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: ddd9d9f069d21efa6c7f1e7d0be7d151
access-control-expose-headers: X-Sc
set-cookie: OAID=7b33e5170dc54c28acbbcf7b6c8c985c; expires=Wed, 29 Nov 2023 15:55:02 GMT; secure; SameSite=None
oaidts=1669737302; expires=Wed, 29 Nov 2023 15:55:02 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

ibrapush.com/pfe/current/tag.min.js?z=5307590

139.45.197.250

200 OK

0 B

URL HTTP/2
ibrapush.com/pfe/current/tag.min.js?z=5307590
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/tag.min.js?z=5307590 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:02 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 13:16:49 GMT
etag: W/"63860641-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
link: <https://my.rtmark.net>; rel=dns-prefetch;, <https://my.rtmark.net>; rel=preconnect
content-encoding: gzip
X-Firefox-Spdy: h2

anonymfile.com/sw.js

138.201.48.112

404 Not Found

0 B

URL HTTP/2
anonymfile.com/sw.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/7LJJe/pack232.zip
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IndCbjVMS0lkZW91RlMrVnFaeEt5aWc9PSIsInZhbHVlIjoiRzgvY3hhNlFIUEhVa3cvZjdINm5rdmE0enBLMEtRUGxleDcvOVoxQUU2SGJTRnBtS3NpLytKVFBXTW1aM24zWGt4dXVYQk11UVUyamJ3RHVaYXVmVnlnOW93TE1NTDRoMG1mL0d4TWtSclNzK2FKMmxlZ2E3VmhqTFRObG5tNkciLCJtYWMiOiJlOWM1ODUwOTUyODc5YjZkNjliZDVlNGNlMjRhMzYzNDZjYTJiNTBlNDcwN2VkODdiNDY4MjM4ZTcyNTBhNmZiIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6IitqcDFMMmpIT3dLVFYwUzFLQk1ZWlE9PSIsInZhbHVlIjoiNHN4YVdEZmc0bm5BR2JmZzFlRWFOSUt3bTg5bE52eTQyaS9SbEtNd0hnTVR5ZjFTdlRFVnNjYVdnRnB1d014SVh3NERVSjQxT01JZWFkL3JqbUZveVJBOW5rOGhwL1NnNHpIV0ZrQXFLSEgvQWg2Q0dLQVpqejFlOURyUTFNbTAiLCJtYWMiOiI1MWI0ZDJjMTlhMjg0Mzk3ZjU4MDk0ZTIwMDliZWVlYThlMWFiMTQ0MGY1MWUzNjA0NjJlN2JiYzg4MzUzNGU5IiwidGFnIjoiIn0%3D; prefetchAd_5307591=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Tue, 29 Nov 2022 15:55:02 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2

ibrapush.com/pfe/current/universal.min.js?v=3.1.407

139.45.197.250

200 OK

0 B

URL HTTP/2
ibrapush.com/pfe/current/universal.min.js?v=3.1.407
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.407 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:02 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 13:16:49 GMT
etag: W/"63860641-18b14"
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

betotodilea.com/400/5307588

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/400/5307588
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /400/5307588 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 15:55:02 GMT
content-type: application/javascript
x-trace-id: 307b3155395b08b7427d440a0459f80c
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=1167c0f33b204b91a340fbf0c345bc0b; expires=Wed, 29 Nov 2023 15:55:02 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

anonymfile.com/7LJJe/pack232.zip

138.201.48.112

200 OK

0 B

URL HTTP/2
anonymfile.com/7LJJe/pack232.zip
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /7LJJe/pack232.zip HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: XSRF-TOKEN=eyJpdiI6IndCbjVMS0lkZW91RlMrVnFaeEt5aWc9PSIsInZhbHVlIjoiRzgvY3hhNlFIUEhVa3cvZjdINm5rdmE0enBLMEtRUGxleDcvOVoxQUU2SGJTRnBtS3NpLytKVFBXTW1aM24zWGt4dXVYQk11UVUyamJ3RHVaYXVmVnlnOW93TE1NTDRoMG1mL0d4TWtSclNzK2FKMmxlZ2E3VmhqTFRObG5tNkciLCJtYWMiOiJlOWM1ODUwOTUyODc5YjZkNjliZDVlNGNlMjRhMzYzNDZjYTJiNTBlNDcwN2VkODdiNDY4MjM4ZTcyNTBhNmZiIiwidGFnIjoiIn0%3D; expires=Tue, 29-Nov-2022 17:55:01 GMT; Max-Age=7200; path=/; samesite=lax
anonymfile_session=eyJpdiI6IitqcDFMMmpIT3dLVFYwUzFLQk1ZWlE9PSIsInZhbHVlIjoiNHN4YVdEZmc0bm5BR2JmZzFlRWFOSUt3bTg5bE52eTQyaS9SbEtNd0hnTVR5ZjFTdlRFVnNjYVdnRnB1d014SVh3NERVSjQxT01JZWFkL3JqbUZveVJBOW5rOGhwL1NnNHpIV0ZrQXFLSEgvQWg2Q0dLQVpqejFlOURyUTFNbTAiLCJtYWMiOiI1MWI0ZDJjMTlhMjg0Mzk3ZjU4MDk0ZTIwMDliZWVlYThlMWFiMTQ0MGY1MWUzNjA0NjJlN2JiYzg4MzUzNGU5IiwidGFnIjoiIn0%3D; expires=Tue, 29-Nov-2022 17:55:01 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
date: Tue, 29 Nov 2022 15:55:01 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2

anonymfile.com/sw.js

138.201.48.112

404 Not Found

0 B

URL HTTP/2
anonymfile.com/sw.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/7LJJe/pack232.zip
Cookie: XSRF-TOKEN=eyJpdiI6IndCbjVMS0lkZW91RlMrVnFaeEt5aWc9PSIsInZhbHVlIjoiRzgvY3hhNlFIUEhVa3cvZjdINm5rdmE0enBLMEtRUGxleDcvOVoxQUU2SGJTRnBtS3NpLytKVFBXTW1aM24zWGt4dXVYQk11UVUyamJ3RHVaYXVmVnlnOW93TE1NTDRoMG1mL0d4TWtSclNzK2FKMmxlZ2E3VmhqTFRObG5tNkciLCJtYWMiOiJlOWM1ODUwOTUyODc5YjZkNjliZDVlNGNlMjRhMzYzNDZjYTJiNTBlNDcwN2VkODdiNDY4MjM4ZTcyNTBhNmZiIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6IitqcDFMMmpIT3dLVFYwUzFLQk1ZWlE9PSIsInZhbHVlIjoiNHN4YVdEZmc0bm5BR2JmZzFlRWFOSUt3bTg5bE52eTQyaS9SbEtNd0hnTVR5ZjFTdlRFVnNjYVdnRnB1d014SVh3NERVSjQxT01JZWFkL3JqbUZveVJBOW5rOGhwL1NnNHpIV0ZrQXFLSEgvQWg2Q0dLQVpqejFlOURyUTFNbTAiLCJtYWMiOiI1MWI0ZDJjMTlhMjg0Mzk3ZjU4MDk0ZTIwMDliZWVlYThlMWFiMTQ0MGY1MWUzNjA0NjJlN2JiYzg4MzUzNGU5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Tue, 29 Nov 2022 15:55:01 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2

anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js

138.201.48.112

200 OK

0 B

URL HTTP/2
anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pagespeed_static/js_defer.I4cHjq6EEP.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/7LJJe/pack232.zip
Cookie: XSRF-TOKEN=eyJpdiI6IndCbjVMS0lkZW91RlMrVnFaeEt5aWc9PSIsInZhbHVlIjoiRzgvY3hhNlFIUEhVa3cvZjdINm5rdmE0enBLMEtRUGxleDcvOVoxQUU2SGJTRnBtS3NpLytKVFBXTW1aM24zWGt4dXVYQk11UVUyamJ3RHVaYXVmVnlnOW93TE1NTDRoMG1mL0d4TWtSclNzK2FKMmxlZ2E3VmhqTFRObG5tNkciLCJtYWMiOiJlOWM1ODUwOTUyODc5YjZkNjliZDVlNGNlMjRhMzYzNDZjYTJiNTBlNDcwN2VkODdiNDY4MjM4ZTcyNTBhNmZiIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6IitqcDFMMmpIT3dLVFYwUzFLQk1ZWlE9PSIsInZhbHVlIjoiNHN4YVdEZmc0bm5BR2JmZzFlRWFOSUt3bTg5bE52eTQyaS9SbEtNd0hnTVR5ZjFTdlRFVnNjYVdnRnB1d014SVh3NERVSjQxT01JZWFkL3JqbUZveVJBOW5rOGhwL1NnNHpIV0ZrQXFLSEgvQWg2Q0dLQVpqejFlOURyUTFNbTAiLCJtYWMiOiI1MWI0ZDJjMTlhMjg0Mzk3ZjU4MDk0ZTIwMDliZWVlYThlMWFiMTQ0MGY1MWUzNjA0NjJlN2JiYzg4MzUzNGU5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
vary: Accept-Encoding
x-content-type-options: nosniff
date: Tue, 29 Nov 2022 15:55:01 GMT
last-modified: Tue, 29 Nov 2022 15:55:01 GMT
cache-control: max-age=31536000
etag: W/"0"
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (29)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP