anonymfile.com/OaeQQ/resources.zip
138.201.48.112301 Moved Permanently 162 B URL HTTP/1.1 anonymfile.com/OaeQQ/resources.zip
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /OaeQQ/resources.zip HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 15:24:56 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://anonymfile.com/OaeQQ/resources.zip
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2691
Expires: Thu, 01 Dec 2022 16:09:48 GMT
Date: Thu, 01 Dec 2022 15:24:57 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 782
Cache-Control: max-age=155957
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:24:57 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 10:44:14 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8132
Expires: Thu, 01 Dec 2022 17:40:29 GMT
Date: Thu, 01 Dec 2022 15:24:57 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 15:19:46 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 311
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: kkUnjKgaFa51zdKXDVAH6yCIK7W/uv3XjC1cc+V3Btfmw7XtkiJvxohM11eJtbjtyukYXdiWwAs=
x-amz-request-id: XHWT4HBKG4JM1XKV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 14:45:42 GMT
age: 2355
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
anonymfile.com/css/theme.min.css
138.201.48.112200 OK 75 kB URL HTTP/2 anonymfile.com/css/theme.min.css
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 65c31d311ae68e4aabece34b7545367b
7e4f7469233e4d26c716c6f8630e1d83a4625d20
6f3f8aa982c4b3661a2d02193f0b21b313a408076802980ea8662dcd6b42eee5
GET /css/theme.min.css HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/css
etag: W/"61727336-921fb"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
date: Thu, 01 Dec 2022 15:24:51 GMT
expires: Thu, 01 Dec 2022 15:29:51 GMT
vary: Accept-Encoding
x-original-content-length: 598523
content-encoding: gzip
content-length: 74764
cache-control: s-maxage=10
X-Firefox-Spdy: h2
anonymfile.com/img/logo-anon-warning.webp
138.201.48.112200 OK 15 kB URL HTTP/2 anonymfile.com/img/logo-anon-warning.webp
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7b596f481388ac5ef6d74a15a351f6c3
6756e88c0b46cc981b7bbbdaf2ead77bd258a472
cd830cff1dfb9af2181dfe61645addbe21981954713fba54d5875a038e673972
GET /img/logo-anon-warning.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
content-length: 15344
etag: "617d3713-3bf0"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ranges: bytes
date: Thu, 01 Dec 2022 15:24:51 GMT
expires: Thu, 01 Dec 2022 15:29:51 GMT
cache-control: s-maxage=10
X-Firefox-Spdy: h2
anonymfile.com/img/main/footer.webp
138.201.48.112200 OK 178 kB URL HTTP/2 anonymfile.com/img/main/footer.webp
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image\012- data
Size 178 kB (178070 bytes)
Hash 79ccb3a1b78412a1a530284f45ea7056
626d0494e1bd871e67ecffad44d04ac2343fb7e5
3d4e83b59664d7a779fa777d4ee0e17a1bc09302f9b9cde60815a3142256d8b8
GET /img/main/footer.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
content-length: 178070
etag: "62f35b9c-2b796"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ranges: bytes
date: Thu, 01 Dec 2022 15:24:52 GMT
expires: Thu, 01 Dec 2022 15:29:52 GMT
cache-control: s-maxage=10
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css
104.17.25.14200 OK 14 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (65345)
Hash 642445b86596bdeaa98e92faa2064fc6
6c5539660bf533d34e37b917973c941d1c963374
4a5a39e9f325c5578dccd880c1d516eae190ee39f7539f4a6c6c52d2eee4cbdf
GET /ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:24:57 GMT
content-type: text/css; charset=utf-8
content-length: 14374
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61498362-3826"
last-modified: Tue, 21 Sep 2021 07:01:54 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 10788215
expires: Tue, 21 Nov 2023 15:24:57 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q39hD3njYlXKiU9xGDg6kRU1O0KGv7Dvkay2%2Fhc7xh6XNGeR6gKDzq5aLsVb8VpH5wpyuz%2F4FX08tAuN4NtnuoXD%2FwDB9hUbbsOissIVldWD5eWZ5kw19Ug70lhxhWpcFlsTWNEL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 772cd52cfded0af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 15:08:56 GMT
cache-control: public,max-age=3600
age: 961
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
anonymfile.com/img/logo-anon-warning.png
138.201.48.112200 OK 41 kB URL HTTP/2 anonymfile.com/img/logo-anon-warning.png
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced\012- data
Hash d52ea6ebcd0b10dcf112a9d6c43ceee0
641e5277e2e079f0e88e2899879fda8882e58d28
77cb73f16f049b51c0a81c12ed878e11efe3b9a71c632a3bdb647d963059532e
GET /img/logo-anon-warning.png HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:57 GMT
content-type: image/png
content-length: 40729
last-modified: Fri, 29 Oct 2021 10:50:56 GMT
vary: Accept-Encoding
etag: "617bd210-9f19"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: s-maxage=10
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a7768a8a4d5f2b246e1c7184e4526eef
424a0bbdad4a58e0eeced80d976613d4925a8f55
6233da50858bbd760a4da93d72eaf8b0a3379184601e8eb76db9a306af568c71
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 707
Cache-Control: max-age=85309
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:24:57 GMT
Etag: "63876ec3-117"
Expires: Fri, 02 Dec 2022 15:06:46 GMT
Last-Modified: Wed, 30 Nov 2022 14:54:59 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279
anonymfile.com/js/site.js
138.201.48.112200 OK 2.0 kB URL HTTP/2 anonymfile.com/js/site.js
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (5640)
Hash a779d1605363c034784168e0553fee12
203adaeac5eec419f7bdf4ba6840c9378c9692e5
0ac5db7b1ae244540526d4c971799e4c8ba3f5921dda88b94d10d2cb6a730bc6
GET /js/site.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-original-content-length: 9351
vary: Accept-Encoding
content-encoding: gzip
content-length: 1993
etag: W/"PSA-aj-ZD_qAZjk-5"
date: Thu, 01 Dec 2022 15:24:57 GMT
expires: Thu, 01 Dec 2022 15:29:51 GMT
cache-control: max-age=293
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a7768a8a4d5f2b246e1c7184e4526eef
424a0bbdad4a58e0eeced80d976613d4925a8f55
6233da50858bbd760a4da93d72eaf8b0a3379184601e8eb76db9a306af568c71
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 707
Cache-Control: max-age=85309
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:24:57 GMT
Etag: "63876ec3-117"
Expires: Fri, 02 Dec 2022 15:06:46 GMT
Last-Modified: Wed, 30 Nov 2022 14:54:59 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279
cdn.jsdelivr.net/npm/sweetalert2@11
151.101.129.229200 OK 18 kB URL HTTP/2 cdn.jsdelivr.net/npm/sweetalert2@11
IP 151.101.129.229:0
File type ASCII text, with very long lines (43300)
Hash d9da418805bd4bde053bcaeed574c2b8
539ce9c1b8ebe1e176b1272f36553c50a49e3895
9c20ee20412a3722b10b67c4948f91fa28132f1fe97e2921a54f1216647b1cf7
GET /npm/sweetalert2@11 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.6.15
x-jsd-version-type: version
etag: W/"fb4e-WYlKfUugrs9UVDS0kTySiNuO9Yk"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 15:24:57 GMT
age: 11445
x-served-by: cache-fra-eddf8230057-FRA, cache-bma1659-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18036
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 820
Cache-Control: max-age=150932
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:24:57 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:20:29 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 09f8790d01c65f3daebb44ba615bba6f
6103e5c8fc869cb7285473c2ef0ce8f64fcc64dd
4e0a721c2eab45620a8826fad5912fcf94acce203b888f4cd19b1a1160056536
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 15:24:57 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "2C7FF39CB989D3020D074BE1E5B0D93C361759B8"
Expires: Fri, 02 Dec 2022 03:00:00 GMT
Last-Modified: Thu, 01 Dec 2022 15:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 704
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 772cd52e599db521-OSL
push.services.mozilla.com/
34.214.17.205101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.17.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: riJN+UfvVFxGpO3M3WIbxw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Rhgi81nJ8rVq0fr7M5mDO8yCIjg=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1a19c78fd084bcab9ea57e11f54f5de7
fb3350e4ed2dad48653fc8b10f18b2e758d06f2a
0cd9946b0578917f465725c52661012c953f27cac817af53fdeb7d03aa323ee1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3100
Cache-Control: max-age=98851
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:24:58 GMT
Etag: "63879a51-117"
Expires: Fri, 02 Dec 2022 18:52:29 GMT
Last-Modified: Wed, 30 Nov 2022 18:00:49 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279
inklinkor.com/tag.min.js
104.21.91.63200 OK 25 kB IP 104.21.91.63:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash bb1b61890347a1f81640af4ce0120024
bb17278bfaf878142d6982f0f9ec9f92673c9878
1f405d627a957a36c06745e89488372a5f600a0ac4e6634c3b741d4989cf4ba9
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 9d6a5fc312406034b56cc08b8321d581
cache-control: max-age=86400
last-modified: Thu, 01 Dec 2022 12:44:21 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Fri, 02 Dec 2022 13:43:50 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 6067
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7DhwOMlWmFHC5hk7A1rzH7KYKd0QuGY6uPTcxH%2F6jbsA%2BIfreVJJmUWmHCwCDw8ZG%2FrF1aOYoHYAPnYs8w1Lk6V%2FEYrnAd7DWskOgzr057rif6VRSFXBYZG%2FrAVib0zJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772cd5304c9cb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 84b8b1043a96c760a6b85bc0b3265b85
d9f0338ffcd6cfb3c96bc66966b898d33162f204
e24a64d19f091946caed011ebcf469be2d35168aa12f90b02d9c1c9326afd867
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E24A64D19F091946CAED011EBCF469BE2D35168AA12F90B02D9C1C9326AFD867"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2136
Expires: Thu, 01 Dec 2022 16:00:34 GMT
Date: Thu, 01 Dec 2022 15:24:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f096767caf45bd69af30f68d8c507657
d34449c54e15bd807141acda4b2ff56cf7448c8d
ac7763b62b265227a3004fc9ccaac8affe202e4556de67d649869f061fb75558
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC7763B62B265227A3004FC9CCAAC8AFFE202E4556DE67D649869F061FB75558"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15997
Expires: Thu, 01 Dec 2022 19:51:35 GMT
Date: Thu, 01 Dec 2022 15:24:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d11e8d3b84fa08a147488c0014516a9f
8b1c56559b9d24dee124ed4ee987e00b8b7ca2fb
f27a4dd42652e137fb0e4645934fefe14e622b7b72f9bdd36dd83c5f874b454f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27A4DD42652E137FB0E4645934FEFE14E622B7B72F9BDD36DD83C5F874B454F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10986
Expires: Thu, 01 Dec 2022 18:28:04 GMT
Date: Thu, 01 Dec 2022 15:24:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9caeefc49be26de4b50c14df1aace81f
ef836496e49f843f0e4c2dc991c314aad13f0f2e
83203278dadec9319a72ccb142c413696d8bd09a25f1b6c8d1edef20405e90f0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "83203278DADEC9319A72CCB142C413696D8BD09A25F1B6C8D1EDEF20405E90F0"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5317
Expires: Thu, 01 Dec 2022 16:53:35 GMT
Date: Thu, 01 Dec 2022 15:24:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b236a2114c2dc0510eddbb2792945ce2
f5c731f726a9295fac38f6e66d6efafceb5216bc
2051b04e443cc064016efe3a543d2e395bdefdcf9a59a95abaee6390a3566d97
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2051B04E443CC064016EFE3A543D2E395BDEFDCF9A59A95ABAEE6390A3566D97"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=802
Expires: Thu, 01 Dec 2022 15:38:20 GMT
Date: Thu, 01 Dec 2022 15:24:58 GMT
Connection: keep-alive
ibrapush.com/zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3=
139.45.197.250200 OK 664 B URL HTTP/2 ibrapush.com/zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (663)
Hash 924f83d583902548517c3327ff8e4493
7d5ea76f95d862b44558e6428f0a0d2bb20e2b0c
92e16e70459ff85e5803ded19d1f535cb6197a2b1eda7b254cb663b81908147c
GET /zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: b28eca37260ca0db1738b0b4c6eb63dc
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=cbfc69ef3adf484381e14bfbe92f7e2e
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=cbfc69ef3adf484381e14bfbe92f7e2e
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 4bb3f42015ee1b3ebf8cf5e091b0a997
e361b31e6008bfc2d7c4ae417c8afce53de4a3c0
bc1a39a1ce842c87dc22bb89b84ab5293e8545c7ac27fd636d6fb3b91d78b6d2
GET /gid.js?userId=cbfc69ef3adf484381e14bfbe92f7e2e HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=cbfc69ef3adf484381e14bfbe92f7e2e; expires=Fri, 01 Dec 2023 15:24:58 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1fc39d722889d2ea54dcb5cc2770e3ff
b4eac47bf1ffabb2ed39f320ab50cca8b47256b5
77651aa1d15538b031e15d35d906060964312b2c97098493d165e54e13c266f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "77651AA1D15538B031E15D35D906060964312B2C97098493D165E54E13C266F4"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13146
Expires: Thu, 01 Dec 2022 19:04:04 GMT
Date: Thu, 01 Dec 2022 15:24:58 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a40e191e2c32caa23c7ec1abea39e991
b03456fefb0156a48fae623cdc3c444c44d2481e
23abf43db4e7fafcd42f2114b823179fa4119c04f317cd0ee8c395e0688778cd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3685
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:24:58 GMT
Last-Modified: Thu, 01 Dec 2022 14:23:34 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279
ibrapush.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
nanouwho.com/27/9943481a9ac26c64561c8defae4d87aa
139.45.197.242200 OK 124 kB URL HTTP/2 nanouwho.com/27/9943481a9ac26c64561c8defae4d87aa
IP 139.45.197.242:0
Size 124 kB (123673 bytes)
Hash 50f48a33af32fb92b108d4ed3341a681
480616bae8ed383ec7a2f2232a7fd2ef72483d16
41db0d993023f994284c1f1274aa5eb386b2a1a0ff9108a42b1116e10c88d158
Analyzer Verdict Alert quad9 Sinkholed
GET /27/9943481a9ac26c64561c8defae4d87aa HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=b53a90d1e06c46f384528e38e6db4210; oaidts=1669908298
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 01 Dec 2022 06:54:12 GMT
expires: Thu, 31 Dec 2082 06:54:12 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 384
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 140fb86e6c39ed5b3de9e4037e9198db
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 765
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: bcd8332414021216041956068f15a948
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
anonymfile.com/sw.js
138.201.48.112404 Not Found 5.0 kB IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4320)
Hash e14208b02b819c3d6ff44af4bd215a94
5d62f5adc44afa70f7c5cfae7efbb5e8551fbbe8
26fac9c58629f79843a340c55fb5f1596f5a0b6501b67c83e7326a4fefdf892a
GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/OaeQQ/resources.zip
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D; prefetchAd_5307591=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Thu, 01 Dec 2022 15:24:58 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2
nanouwho.com/1?z=5307589
139.45.197.242200 OK 6.8 kB IP 139.45.197.242:0
File type ASCII text, with very long lines (16471)
Hash a3dcf590609151314dae503f48a12674
17565842c9c7d00344c937e324bb277fcb60960d
1bea1f806cd8b3bfa20eb828819cf3e788ddd3c55caae2a9e787eb778762c68d
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5307589 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 6817bfa159968020a8d2afc6be4cb345
access-control-expose-headers: X-Sc
x-sc: Slpkz0pEoZ41ECC5ECLWZkLUod3IMjj5-VHhI6CfB-oWdHfT5fAx7cUSqGatjWMRWdgVFXeE4Qw7YioRbbtbi_19ixU=
set-cookie: scm=1; expires=Fri, 01 Dec 2023 15:24:58 GMT; secure; SameSite=None
OAID=b53a90d1e06c46f384528e38e6db4210; expires=Fri, 01 Dec 2023 15:24:58 GMT; secure; SameSite=None
oaidts=1669908298; expires=Fri, 01 Dec 2023 15:24:58 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
bedrapiona.com/5/5307591/?oo=1&js_build=iclick-v1.456.0
139.45.197.234200 OK 1.4 kB URL HTTP/2 bedrapiona.com/5/5307591/?oo=1&js_build=iclick-v1.456.0
IP 139.45.197.234:0
File type JSON data\012- , ASCII text, with very long lines (2944), with no line terminators
Hash e55941a189ecfa8b4dd3b992058ae188
a296b6b8b6cc4fd62b1048bc1f33a4b567e6274c
4ea40cfd4d002e729a1c85f17e9d0bb864eeb0055ee0029b0848d29c3342f3e3
GET /5/5307591/?oo=1&js_build=iclick-v1.456.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/json
x-trace-id: 188d6ac1716a7697805a279000b6daae
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=cbfc69ef3adf484381e14bfbe92f7e2e; expires=Fri, 01 Dec 2023 15:24:58 GMT; path=/; secure; SameSite=None
oaidts=1669908298; expires=Fri, 01 Dec 2023 15:24:58 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash e7f182bc423c8e0b694072f316dfbf3c
cea3572598e1b5c8c5249cabf5ea99e56dc7e02d
02b4ac24bfa51f27fc2e507fb5d923751a9f6566eb98f3b8255a7d05f42d85c5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 15:24:59 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 12:52:22 GMT
Expires: Thu, 08 Dec 2022 12:52:21 GMT
Etag: "cea3572598e1b5c8c5249cabf5ea99e56dc7e02d"
Cache-Control: max-age=595041,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772cd5352e86fac0-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0f59a14a9434a185f2aa79465a9fead4
e35939caa08ff547d32dd943c56698c004bd07e9
c08948d152cf98f4edde687b116593709eeedb20f662e78762d7c8fbec21611a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C08948D152CF98F4EDDE687B116593709EEEDB20F662E78762D7C8FBEC21611A"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2785
Expires: Thu, 01 Dec 2022 16:11:24 GMT
Date: Thu, 01 Dec 2022 15:24:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2827
Expires: Thu, 01 Dec 2022 16:12:06 GMT
Date: Thu, 01 Dec 2022 15:24:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2827
Expires: Thu, 01 Dec 2022 16:12:06 GMT
Date: Thu, 01 Dec 2022 15:24:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2827
Expires: Thu, 01 Dec 2022 16:12:06 GMT
Date: Thu, 01 Dec 2022 15:24:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2827
Expires: Thu, 01 Dec 2022 16:12:06 GMT
Date: Thu, 01 Dec 2022 15:24:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2827
Expires: Thu, 01 Dec 2022 16:12:06 GMT
Date: Thu, 01 Dec 2022 15:24:59 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kZfRQsF_Fo2UtTqK0ByOPeQK-IzTQO9JtTmxIMlapmsd93SJk_4VYw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:47:30 GMT
age: 63449
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e1e6b6ba4f82221b41c3d9129008c76d
2f9532d698b4c28df23e18bbb66399ec776d5b9f
218c6f41a16e6087c611d4db5784a7cc1d027084d0bf2bd6dc3843ee5dfd560f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9459
x-amzn-requestid: 9e243a73-18ff-4abf-9b9c-442719960125
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpppFXjoAMFehg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bca3-47620f39181264772d2fb52d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:13:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _v5hatZyEWVRB4Tebygbb-QfE02oaFxE8CRfQsUY7I_ektxE3YeIpw==
via: 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 17:08:01 GMT
age: 80218
etag: "2f9532d698b4c28df23e18bbb66399ec776d5b9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ibrapush.com/pfe/current/universal.min.js?v=3.1.408
139.45.197.250200 OK 35 kB URL HTTP/2 ibrapush.com/pfe/current/universal.min.js?v=3.1.408
IP 139.45.197.250:0
Hash 2142d8c63107059e512a00b2419b35ba
92eb2675de4728a1c4e458dd9a7f122f5d034d9d
99ec44fca6e68b00ba9acdb28719c7e5593ebd08c292d7b4bcbf5a2b1a15f052
GET /pfe/current/universal.min.js?v=3.1.408 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 10:08:09 GMT
etag: W/"63887d09-18bbd"
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: c6c3e3dc-c9a2-4fda-a83b-cdd6ae81166b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uyE9CoAMF6Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc4-2c8940405044071a082ee678;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qykE_oaoqqPTgqGnfUo74mH29IOS97b5sZb_3VmB9yW7KUiJ1a7dnA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:58:06 GMT
age: 73613
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 925134ee-dd35-45ed-8da7-d60c9c484993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz80EHboAMFtmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-48de287757e82632291365ee;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I8qQQUMSVzFmXqjWM1n_F1XEE-ZQcpEF81OwJgf9i3Q5M8XiFAa8Zg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
age: 63179
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ym_L3s5E6MLy6BxqNkVxok6L6hA4c-ilSsEqt42j2IbiXYPb4c6-VQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:57 GMT
age: 63122
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d2dd5a4bcfd47db8f38544bf39ce3031
fa2217bae05b7beca2e12597eaad835298276b82
3266004f5e73af5359b71622eea31f1e28abb4bbc443b5f9e481b5a8b2e9249e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4762
x-amzn-requestid: 52b09ca3-705b-4c86-9f56-172637553f87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7TVG58oAMFQTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c15-4577a47243ad190672f8ac89;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Y0-NAp2LMMG5TjQQ9ENHwDyKXLObKTYqzPPOWvZhs7Y9WJIC6LoblQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 05:45:16 GMT
age: 34783
etag: "fa2217bae05b7beca2e12597eaad835298276b82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
betotodilea.com/500/5307588?excludes=&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 14 kB URL HTTP/2 betotodilea.com/500/5307588?excludes=&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash 6f675087cc5860f0e1206d9acdf1c952
e50cec8566a5e844d9d5a6d586fc6dcd83f6dd2a
944fd642533d5270d5c93d9f1651f436205909f92d2fbc6c0d2901b2f463d283
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5307588?excludes=&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=0bec6f653f194d219dedb27e7568f53d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:59 GMT
content-type: application/javascript
x-trace-id: 0e6a5175d97a7b49f4cc09d7f40cb6db
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=cbfc69ef3adf484381e14bfbe92f7e2e; expires=Fri, 01 Dec 2023 15:24:59 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg
172.67.22.216200 OK 11 kB URL HTTP/2 offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg
IP 172.67.22.216:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 96d73cf80f752e9319997c6e575c3b82
3dcf9d3b3e94698a842b1a98de17a02a8c3b4457
44dc0e0d92f12e669842f12722ca1a1848fb4be50deabd86c7d9deb64946db86
GET /www/images/96d73cf80f752e9319997c6e575c3b82.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:24:59 GMT
content-type: image/jpeg
content-length: 11449
cache-control: max-age=86400
cf-bgj: h2pri
etag: "627e5574-2cb9"
expires: Fri, 02 Dec 2022 12:38:25 GMT
last-modified: Fri, 13 May 2022 12:56:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 9994
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 772cd5378db8b51d-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ce4664ff78f43f330fe8110c920f96c8
8d95283944a9217b18b8aeb68c17992b79ab5638
a855f987a1c193780de746a84c4693da05cbc5b3dd9d97d769918441be33ea9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A855F987A1C193780DE746A84C4693DA05CBC5B3DD9D97D769918441BE33EA9B"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14029
Expires: Thu, 01 Dec 2022 19:18:48 GMT
Date: Thu, 01 Dec 2022 15:24:59 GMT
Connection: keep-alive
interstitial-07.com/contents/s/54/dd/f5/e95e60ab935e545b50ffa002ca/0975276558731.jpeg
139.45.197.151200 OK 54 kB URL HTTP/2 interstitial-07.com/contents/s/54/dd/f5/e95e60ab935e545b50ffa002ca/0975276558731.jpeg
IP 139.45.197.151:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Hash 54ddf5e95e60ab935e545b50ffa002ca
4285c9c5481ad2d0cc0f87cc05d3e0810d29573a
ea65923ca842ba0f5c9f6cf90659f8ebc651275dc24de3c061ea60e78ca1714f
GET /contents/s/54/dd/f5/e95e60ab935e545b50ffa002ca/0975276558731.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=oUP6pSarai40Ivr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3815566777%26z%3D5307589%26b%3D15938490%26c%3D6378646%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DAsw-oDie2Uev3AOSHdkkqCk9KPNBpK-sJ7iXOY6HMgjwjJYz262aD2v6cnu5adi5QCRHb_dY6w0-zqT7a-ggxLEIfMomETO7LoNJpmeQy_Hk396Peg41vWJgZ5bh2d2S2-qV0AxnK6L4u8Um3vhtUcAxLIqApRJlE_MnJjAzp6MAzBr-SxBt9OOEOHZfppPJvKQS17q7MaVGw6Ea3-N0-NqVs6eSM8Z5YuIqIT1xECPEbRg1_4sXzxsM3mQwDdQZDoicNtQLMl5sbF9IOGtqUPgb3IowwrYoqf4-sr454-YC5BfolqsoJ1S6ORiHgJjXF-GzM0vus1WI0Hyqqio0-dC1Du_0a_z7I9NEhZ4fo1teYxiu6zwUwDlf1f4MbhjSt7yMu_fbkXU4f7UTog0IIVO72VvV03KOhqFeM_VuWICkddn-nfk2CAHqe9t2a34k0H9Wzi71-PEaji8zEQkNwWPuswyPOrZ67jt2fs9IY_GkLrmDenthWY9tMjoYyC7n6q32YzT4F2nJCqf0pKWAfqOuuJxidRjDCOdoFKxt50dcMriGwUv_PMQwktNJaip8VxpH7_ipwW5XKA41kd1GZHt7NnTRgX_Yq291Q51FHZazLAkU24S4egXHolO9xAZeriZeunHk9ZbGQwspPYrdcw%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D28e18c16-e7fd-49bb-a737-b3bb071b4cc0%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FOaeQQ%252Fresources.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:59 GMT
content-type: image/jpeg
content-length: 54176
last-modified: Thu, 16 Dec 2021 06:39:29 GMT
vary: Accept-Encoding
etag: "61badf21-d3a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
interstitial-07.com/?l=oUP6pSarai40Ivr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3815566777%26z%3D5307589%26b%3D15938490%26c%3D6378646%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DAsw-oDie2Uev3AOSHdkkqCk9KPNBpK-sJ7iXOY6HMgjwjJYz262aD2v6cnu5adi5QCRHb_dY6w0-zqT7a-ggxLEIfMomETO7LoNJpmeQy_Hk396Peg41vWJgZ5bh2d2S2-qV0AxnK6L4u8Um3vhtUcAxLIqApRJlE_MnJjAzp6MAzBr-SxBt9OOEOHZfppPJvKQS17q7MaVGw6Ea3-N0-NqVs6eSM8Z5YuIqIT1xECPEbRg1_4sXzxsM3mQwDdQZDoicNtQLMl5sbF9IOGtqUPgb3IowwrYoqf4-sr454-YC5BfolqsoJ1S6ORiHgJjXF-GzM0vus1WI0Hyqqio0-dC1Du_0a_z7I9NEhZ4fo1teYxiu6zwUwDlf1f4MbhjSt7yMu_fbkXU4f7UTog0IIVO72VvV03KOhqFeM_VuWICkddn-nfk2CAHqe9t2a34k0H9Wzi71-PEaji8zEQkNwWPuswyPOrZ67jt2fs9IY_GkLrmDenthWY9tMjoYyC7n6q32YzT4F2nJCqf0pKWAfqOuuJxidRjDCOdoFKxt50dcMriGwUv_PMQwktNJaip8VxpH7_ipwW5XKA41kd1GZHt7NnTRgX_Yq291Q51FHZazLAkU24S4egXHolO9xAZeriZeunHk9ZbGQwspPYrdcw%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D28e18c16-e7fd-49bb-a737-b3bb071b4cc0%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FOaeQQ%252Fresources.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
139.45.197.151200 OK 4.7 kB URL HTTP/2 interstitial-07.com/?l=oUP6pSarai40Ivr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3815566777%26z%3D5307589%26b%3D15938490%26c%3D6378646%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DAsw-oDie2Uev3AOSHdkkqCk9KPNBpK-sJ7iXOY6HMgjwjJYz262aD2v6cnu5adi5QCRHb_dY6w0-zqT7a-ggxLEIfMomETO7LoNJpmeQy_Hk396Peg41vWJgZ5bh2d2S2-qV0AxnK6L4u8Um3vhtUcAxLIqApRJlE_MnJjAzp6MAzBr-SxBt9OOEOHZfppPJvKQS17q7MaVGw6Ea3-N0-NqVs6eSM8Z5YuIqIT1xECPEbRg1_4sXzxsM3mQwDdQZDoicNtQLMl5sbF9IOGtqUPgb3IowwrYoqf4-sr454-YC5BfolqsoJ1S6ORiHgJjXF-GzM0vus1WI0Hyqqio0-dC1Du_0a_z7I9NEhZ4fo1teYxiu6zwUwDlf1f4MbhjSt7yMu_fbkXU4f7UTog0IIVO72VvV03KOhqFeM_VuWICkddn-nfk2CAHqe9t2a34k0H9Wzi71-PEaji8zEQkNwWPuswyPOrZ67jt2fs9IY_GkLrmDenthWY9tMjoYyC7n6q32YzT4F2nJCqf0pKWAfqOuuJxidRjDCOdoFKxt50dcMriGwUv_PMQwktNJaip8VxpH7_ipwW5XKA41kd1GZHt7NnTRgX_Yq291Q51FHZazLAkU24S4egXHolO9xAZeriZeunHk9ZbGQwspPYrdcw%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D28e18c16-e7fd-49bb-a737-b3bb071b4cc0%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FOaeQQ%252Fresources.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
IP 139.45.197.151:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1455)
Hash 0ab6c232912585a46394b658808b653b
5487a2c00b5395092190e98a05f225a1ab99d7d7
ceaeb80d5aad9e0c9999066c73593a5fe6c2fbf77b239e737831ef5235bffc8d
GET /?l=oUP6pSarai40Ivr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3815566777%26z%3D5307589%26b%3D15938490%26c%3D6378646%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DAsw-oDie2Uev3AOSHdkkqCk9KPNBpK-sJ7iXOY6HMgjwjJYz262aD2v6cnu5adi5QCRHb_dY6w0-zqT7a-ggxLEIfMomETO7LoNJpmeQy_Hk396Peg41vWJgZ5bh2d2S2-qV0AxnK6L4u8Um3vhtUcAxLIqApRJlE_MnJjAzp6MAzBr-SxBt9OOEOHZfppPJvKQS17q7MaVGw6Ea3-N0-NqVs6eSM8Z5YuIqIT1xECPEbRg1_4sXzxsM3mQwDdQZDoicNtQLMl5sbF9IOGtqUPgb3IowwrYoqf4-sr454-YC5BfolqsoJ1S6ORiHgJjXF-GzM0vus1WI0Hyqqio0-dC1Du_0a_z7I9NEhZ4fo1teYxiu6zwUwDlf1f4MbhjSt7yMu_fbkXU4f7UTog0IIVO72VvV03KOhqFeM_VuWICkddn-nfk2CAHqe9t2a34k0H9Wzi71-PEaji8zEQkNwWPuswyPOrZ67jt2fs9IY_GkLrmDenthWY9tMjoYyC7n6q32YzT4F2nJCqf0pKWAfqOuuJxidRjDCOdoFKxt50dcMriGwUv_PMQwktNJaip8VxpH7_ipwW5XKA41kd1GZHt7NnTRgX_Yq291Q51FHZazLAkU24S4egXHolO9xAZeriZeunHk9ZbGQwspPYrdcw%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D28e18c16-e7fd-49bb-a737-b3bb071b4cc0%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FOaeQQ%252Fresources.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
set-cookie: reverse=OsIeMaLeUexC0LSzBv2mcotkXCLpeaaXq5my8aHGaeU; expires=Thu, 01-Dec-2022 16:24:59 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 01 Dec 2022 15:24:59 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 9a74ad1d87db01e6ab1a4c3a677eb748
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
betotodilea.com/impression/y2dWBPd9VqW9deXcBNxCEDmkY-fiRKSxl1kd1cu5mZ3NMWiVH8hTuEF1p3C-h5Gd1DXiC6pj80FxaHX8jBlu3pKnfmzJGUU6yhG6lsINcgp712JrGqHCeX310_pYnqiXn1GaS4UDcjzX8smR1ZZMa7mZiBFAp7Oz5ajYSgp2-g3QM-CuzfjY-0wdl7FCsi5f6bRK4spmjrZgxzTMKME2fb8nszk431dDqrQfIV85oxVP6qHwCHV2PTprXfUybg-f8A2YnRmjGAAVyEZc4ZFD-v6JeptIYnsq_fyMCwOsG0shcHZ4SKq2SscoQWZIXc63LIvuuTDErQvsy9LncqLvTLt_uPgX8P0h-HwN1ip0AND4eKk5_eeyaJ3ULqvZCS4W5YiREIjKyxwglBSRbwLZuSSObxA_fooo8GGiPtgNL4WidcyOz54l3fb7UNovwiNoOhecZ9oOb6VZena8-PagqnvSX-96wKWCfmL44OsE3lZ_vAb0yIgpKWI6L0pMGZRFkXdxiELfCpxDWyrtz_tsRNPrsyItnfZwUlvnGt9NIyTQ0qqsKFtnpwC-v3k6OEAuBFo-7c1edZh4YiXVLmXGLCHhCGkSAN5c?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 betotodilea.com/impression/y2dWBPd9VqW9deXcBNxCEDmkY-fiRKSxl1kd1cu5mZ3NMWiVH8hTuEF1p3C-h5Gd1DXiC6pj80FxaHX8jBlu3pKnfmzJGUU6yhG6lsINcgp712JrGqHCeX310_pYnqiXn1GaS4UDcjzX8smR1ZZMa7mZiBFAp7Oz5ajYSgp2-g3QM-CuzfjY-0wdl7FCsi5f6bRK4spmjrZgxzTMKME2fb8nszk431dDqrQfIV85oxVP6qHwCHV2PTprXfUybg-f8A2YnRmjGAAVyEZc4ZFD-v6JeptIYnsq_fyMCwOsG0shcHZ4SKq2SscoQWZIXc63LIvuuTDErQvsy9LncqLvTLt_uPgX8P0h-HwN1ip0AND4eKk5_eeyaJ3ULqvZCS4W5YiREIjKyxwglBSRbwLZuSSObxA_fooo8GGiPtgNL4WidcyOz54l3fb7UNovwiNoOhecZ9oOb6VZena8-PagqnvSX-96wKWCfmL44OsE3lZ_vAb0yIgpKWI6L0pMGZRFkXdxiELfCpxDWyrtz_tsRNPrsyItnfZwUlvnGt9NIyTQ0qqsKFtnpwC-v3k6OEAuBFo-7c1edZh4YiXVLmXGLCHhCGkSAN5c?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/y2dWBPd9VqW9deXcBNxCEDmkY-fiRKSxl1kd1cu5mZ3NMWiVH8hTuEF1p3C-h5Gd1DXiC6pj80FxaHX8jBlu3pKnfmzJGUU6yhG6lsINcgp712JrGqHCeX310_pYnqiXn1GaS4UDcjzX8smR1ZZMa7mZiBFAp7Oz5ajYSgp2-g3QM-CuzfjY-0wdl7FCsi5f6bRK4spmjrZgxzTMKME2fb8nszk431dDqrQfIV85oxVP6qHwCHV2PTprXfUybg-f8A2YnRmjGAAVyEZc4ZFD-v6JeptIYnsq_fyMCwOsG0shcHZ4SKq2SscoQWZIXc63LIvuuTDErQvsy9LncqLvTLt_uPgX8P0h-HwN1ip0AND4eKk5_eeyaJ3ULqvZCS4W5YiREIjKyxwglBSRbwLZuSSObxA_fooo8GGiPtgNL4WidcyOz54l3fb7UNovwiNoOhecZ9oOb6VZena8-PagqnvSX-96wKWCfmL44OsE3lZ_vAb0yIgpKWI6L0pMGZRFkXdxiELfCpxDWyrtz_tsRNPrsyItnfZwUlvnGt9NIyTQ0qqsKFtnpwC-v3k6OEAuBFo-7c1edZh4YiXVLmXGLCHhCGkSAN5c?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=cbfc69ef3adf484381e14bfbe92f7e2e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:25:03 GMT
content-type: image/gif
content-length: 43
x-trace-id: d4f23f353a05d509681ddf2f767b3ac0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
betotodilea.com/500/5307588?excludes=15938520&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/5307588?excludes=15938520&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5307588?excludes=15938520&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:25:04 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
offerimage.com/www/images/2fed87d8d9131d075b72354b838c2d77.jpeg
172.67.22.216200 OK 11 kB URL HTTP/2 offerimage.com/www/images/2fed87d8d9131d075b72354b838c2d77.jpeg
IP 172.67.22.216:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 192x192, components 3\012- data
Hash 2fed87d8d9131d075b72354b838c2d77
69624c46c1556c35c67e85724451cce20ad405ec
8adac582983620ad0421a1be7648f58c731feaf3de0bf027ebefe412505b01ed
GET /www/images/2fed87d8d9131d075b72354b838c2d77.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:25:04 GMT
content-type: image/jpeg
content-length: 10853
cache-control: max-age=86400
cf-bgj: h2pri
etag: "62b2c84c-2a65"
expires: Fri, 02 Dec 2022 09:29:28 GMT
last-modified: Wed, 22 Jun 2022 07:44:12 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 21336
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 772cd5554c6bb51d-OSL
X-Firefox-Spdy: h2
anonymfile.com/sw.js
138.201.48.112404 Not Found 0 B IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Thu, 01 Dec 2022 15:24:57 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2
betotodilea.com/400/5307588
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/400/5307588
IP 139.45.197.237:0
Analyzer Verdict Alert quad9 Sinkholed
GET /400/5307588 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/javascript
x-trace-id: 2424227f17207e2f1e19346bf5d503df
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=0bec6f653f194d219dedb27e7568f53d; expires=Fri, 01 Dec 2023 15:24:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
anonymfile.com/OaeQQ/resources.zip
138.201.48.112200 OK 0 B URL HTTP/2 anonymfile.com/OaeQQ/resources.zip
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
GET /OaeQQ/resources.zip HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; expires=Thu, 01-Dec-2022 17:24:57 GMT; Max-Age=7200; path=/; samesite=lax
anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D; expires=Thu, 01-Dec-2022 17:24:57 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
date: Thu, 01 Dec 2022 15:24:57 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2
anonymfile.com/pagespeed_static/1.JiBnMqyl6S.gif
138.201.48.112200 OK 0 B URL HTTP/2 anonymfile.com/pagespeed_static/1.JiBnMqyl6S.gif
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
GET /pagespeed_static/1.JiBnMqyl6S.gif HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/gif
date: Thu, 01 Dec 2022 15:24:57 GMT
last-modified: Thu, 01 Dec 2022 15:24:57 GMT
cache-control: max-age=31536000
etag: W/"0"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
unpkg.com/filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js
104.16.126.175200 OK 0 B URL HTTP/2 unpkg.com/filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js
IP 104.16.126.175:0
GET /filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:24:57 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1a7f-mapzppsO4HAWL/eiqLcABeu0hWU"
via: 1.1 fly.io
fly-request-id: 01GJZ5C0MRVMZFWGTQD5XR207X-ams
cf-cache-status: HIT
age: 267679
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772cd52e5ad7b529-OSL
content-encoding: br
X-Firefox-Spdy: h2
betotodilea.com/500/5307588?excludes=15938520&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/5307588?excludes=15938520&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5307588?excludes=15938520&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=cbfc69ef3adf484381e14bfbe92f7e2e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:25:04 GMT
content-type: application/javascript
x-trace-id: f8be3b8355375288c670f71a83473d0e
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=cbfc69ef3adf484381e14bfbe92f7e2e; expires=Fri, 01 Dec 2023 15:25:04 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js
138.201.48.112200 OK 0 B URL HTTP/2 anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
GET /pagespeed_static/js_defer.I4cHjq6EEP.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript
vary: Accept-Encoding
x-content-type-options: nosniff
date: Thu, 01 Dec 2022 15:24:57 GMT
last-modified: Thu, 01 Dec 2022 15:24:57 GMT
cache-control: max-age=31536000
etag: W/"0"
content-encoding: br
X-Firefox-Spdy: h2
unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js
104.16.126.175302 Found 0 B URL HTTP/2 unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js
IP 104.16.126.175:0
GET /filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 01 Dec 2022 15:24:57 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GK747SZE2MXQ4WA0RTBB6VQJ-fra
cf-cache-status: HIT
age: 430
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772cd52dca0ab529-OSL
X-Firefox-Spdy: h2
unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js
104.16.126.175302 Found 0 B URL HTTP/2 unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js
IP 104.16.126.175:0
GET /filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 01 Dec 2022 15:24:57 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GK74G596NN2GN1NZP6R1NGB3-fra
cf-cache-status: HIT
age: 156
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772cd52dca25b529-OSL
X-Firefox-Spdy: h2
anonymfile.com/sw.js
138.201.48.112404 Not Found 0 B IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Thu, 01 Dec 2022 15:24:58 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2
ibrapush.com/pfe/current/tag.min.js?z=5307590
139.45.197.250200 OK 0 B URL HTTP/2 ibrapush.com/pfe/current/tag.min.js?z=5307590
IP 139.45.197.250:0
GET /pfe/current/tag.min.js?z=5307590 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 10:08:09 GMT
etag: W/"63887d09-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
link: <https://my.rtmark.net>; rel=dns-prefetch;, <https://my.rtmark.net>; rel=preconnect
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=cbfc69ef3adf484381e14bfbe92f7e2e
139.45.197.242200 OK 0 B URL HTTP/2 nanouwho.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=cbfc69ef3adf484381e14bfbe92f7e2e
IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=cbfc69ef3adf484381e14bfbe92f7e2e HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 109
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=b53a90d1e06c46f384528e38e6db4210; oaidts=1669908298
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:59 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: f045fb33889c222765d2633ded3bdea5
access-control-expose-headers: X-Sc
set-cookie: OAID=cbfc69ef3adf484381e14bfbe92f7e2e; expires=Fri, 01 Dec 2023 15:24:59 GMT; secure; SameSite=None
oaidts=1669908298; expires=Fri, 01 Dec 2023 15:24:59 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.67.194.45200 OK 0 B IP 172.67.194.45:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4045
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tOrLpPY8DqtXAkmQodSi9yqRGOpm2eCCK7CwZR0X0ecqxACS4hRk1t0ugpV%2BMtldIIWzMNH3hPjctGjiwRc7Znem2sqtQI0MoRKDWMXUHd%2BemzXCD79r4bbP%2FJxy6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772cd5344b350afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2