Report - anonymfile.com/OaeQQ/resources.zip

Report Overview

Submitted URL
anonymfile.com/OaeQQ/resources.zip
IP
138.201.48.112
ASN
#24940 Hetzner Online GmbH
Submitted
2022-12-01 15:25:08
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
anonymfile.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	321 kB	138.201.48.112
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	3.9 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	422 B	743 B	139.45.195.8
offerimage.com	304078	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	850 B	23 kB	172.67.22.216
unphionetor.com	54035	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	464 B	694 B	139.45.197.236
unpkg.com	11693	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	1.7 kB	104.16.126.175
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
cdn.jsdelivr.net	439	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	369 B	19 kB	151.101.129.229
inklinkor.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	358 B	26 kB	104.21.91.63
ibrapush.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	39 kB	139.45.197.250
bedrapiona.com	34930	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	417 B	2.6 kB	139.45.197.234
interstitial-07.com	36198	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	60 kB	139.45.197.151
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.1 kB	13 kB	23.36.77.32
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	419 B	16 kB	104.17.25.14
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	368 B	1.9 kB	104.18.21.226
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	964 B	104.18.32.68
betotodilea.com	52465	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	17 kB	139.45.197.237
tzegilo.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	356 B	828 B	172.67.194.45
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.214.17.205
nanouwho.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	133 kB	139.45.197.242
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	68 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-01	medium	nanouwho.com	Sinkholed
2022-12-01	medium	nanouwho.com	Sinkholed
2022-12-01	medium	betotodilea.com	Sinkholed
2022-12-01	medium	unphionetor.com	Sinkholed
2022-12-01	medium	betotodilea.com	Sinkholed
2022-12-01	medium	betotodilea.com	Sinkholed
2022-12-01	medium	betotodilea.com	Sinkholed
2022-12-01	medium	betotodilea.com	Sinkholed
2022-12-01	medium	nanouwho.com	Sinkholed

JavaScript (28)

	URL	Size	First Seen	Last Seen
	http:text/javascript,document.write(new%20Date().getFullYear())	40 B	2023-03-07	2024-04-24
Pretty URL http:text/javascript,document.write(new%20Date().getFullYear()) IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:07 Last Seen2024-04-24 17:37:12 Times Seen4680 Hash 6bd43cf0ae158526c6ab93dc3be79f28 15c289e342bd3fdf5b1e95f7abf25a2bc78bf357 7a13d5ae0755d86c09084ec300c4a0f1a0a06921f74d9980eba9d966ff17ad38 Loading...

	http:text/javascript,window.pagespeed.psatemp%3D0%3B	27 B	2023-03-07	2024-04-04
Pretty URL http:text/javascript,window.pagespeed.psatemp%3D0%3B IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-04 06:40:42 Times Seen258 Hash f86030401d659579ca9f2dca91d7d691 bc05f88ca4d9dce8d78d6d39a3eed592ed714998 6d190c985949e8a0962ca2cede3c214de8085dc9d11c726af6c00c1ae5bb7ba9 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-24 18:29:26 Times Seen260974 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	anonymfile.com/OaeQQ/resources.zip	103 B	2023-03-11	2023-03-11
Pretty URL anonymfile.com/OaeQQ/resources.zip IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:39:10 Last Seen2023-03-11 23:39:10 Times Seen1 Hash a2bf459d5375c2afc9131630f165031d 4f3cf120d49827fb03a7f921e38a373b418c71ad 1c47488051fa2df46ef1508f653e3ed0397d3547413d1ccf09b072367619980f Loading...

	unphionetor.com/fv.js?t=72747&cb=765044345	5.2 kB	2023-03-07	2024-04-24
Pretty URL unphionetor.com/fv.js?t=72747&cb=765044345 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-24 01:48:23 Times Seen2355 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	http:text/javascript,(function(s%2Cu%2Cz%2Cp)%7Bs.src%3Du%2Cs.setAttribute('data-zone'%2Cz)%2Cp.appendChild(s)%3B%7D)(document.createElement('script')%2C'https%3A%2F%2Finklinkor.com%2Ftag.min.js'%2C5307591%2Cdocument.body%7C%7Cdocument.documentElement)	193 B	2023-03-07	2024-01-15
Pretty URL http:text/javascript,(function(s%2Cu%2Cz%2Cp)%7Bs.src%3Du%2Cs.setAttribute('data-zone'%2Cz)%2Cp.appendChild(s)%3B%7D)(document.createElement('script')%2C'https%3A%2F%2Finklinkor.com%2Ftag.min.js'%2C5307591%2Cdocument.body%7C%7Cdocument.documentElement) IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-01-15 22:34:31 Times Seen141 Hash 4b7b08e36b07601453ef10bef59afe1e 1f0003567c5e86d6fc129bbf62384e04ca2a1a2f f54132e87f4227d9e6ccf534bb92ff7746c7fb734ab9eb7197c0810ea6b52c52 Loading...

	nanouwho.com/1?z=5307589	17 kB	2023-03-11	2023-03-11
Pretty URL nanouwho.com/1?z=5307589 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:39:10 Last Seen2023-03-11 23:39:10 Times Seen1 Hash a0c528686808d30d5ae5cd0b1cc82aa0 dd48115459ba98912b2b0f3ec41a681a85be8603 71acf46b2546367b2a5ad67db12d7fbacb5af17cacafcf8963afa23b6b6a9e29 Loading...

	anonymfile.com/OaeQQ/resources.zip	101 kB	2023-03-11	2023-03-11
Pretty URL anonymfile.com/OaeQQ/resources.zip IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:36:31 Last Seen2023-03-11 23:39:10 Times Seen1 Hash 7a11b8caa961e94cf769ff7c35649baa 95f0adf2d8651854ccf3db22355cce2ce217c938 ce1bbba7e87dfc9e03420aa55a8a52536b33304efce8f280ddfbefd25a7f9812 Loading...

	cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js	118 kB	2023-03-07	2024-04-21
Pretty URL cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-21 00:54:15 Times Seen1058 Hash 516f35ea42aa797b3b106a8f108edb88 9b1313b221c5d59835c31da0327f4273a2647174 9677264de392aeedd3b391fe53578415c87835405d14068380f9bf3970a48286 Loading...

	http:text/javascript,let%20mode%3D'light'%3Blet%20theme%3DlocalStorage.getItem(%22theme%22)%3Bif(theme%3D%3Dnull)%7Bif(mode%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7D%7Delse%7Bif(theme%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7Delse%7B%24('.theme').removeClass('dark')%3B%7D%7D	213 B	2023-03-07	2023-08-29
Pretty URL http:text/javascript,let%20mode%3D'light'%3Blet%20theme%3DlocalStorage.getItem(%22theme%22)%3Bif(theme%3D%3Dnull)%7Bif(mode%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7D%7Delse%7Bif(theme%3D%3D'dark')%7B%24('.theme').addClass('dark')%3B%7Delse%7B%24('.theme').removeClass('dark')%3B%7D%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2023-08-29 21:14:02 Times Seen131 Hash ccea0e1846102f4f1ed17644f6c6baa6 e43c87b583bef9f3e325ab7bf9ccf4a1f80bc35a e84714cb230edad68ac36e473976e94ca40d378d53fc1b7b539c03879f7ab887 Loading...

	cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js	59 kB	2023-03-07	2024-04-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-24 18:19:29 Times Seen3272 Hash 259e416ef6833be43801b8b68a93b008 19080c3b817985336aab5e1ce6925c99803f2efd 70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce Loading...

	cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js	11 kB	2023-03-07	2024-04-21
Pretty URL cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:42 Last Seen2024-04-21 00:54:15 Times Seen706 Hash 27784b7376dd992368c71b6c5559f358 f86d2ac408c4de0d5281cf91d6ddfb93e5e5d2ff 11be927cda59c8b6019ebbea838285c5beaf21183ea4b83dbd4e4fbf9413ce4a Loading...

	cdn.jsdelivr.net/npm/sweetalert2@11	64 kB	2023-03-08	2023-10-27
Pretty URL cdn.jsdelivr.net/npm/sweetalert2@11 IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:46:01 Last Seen2023-10-27 14:14:13 Times Seen16 Hash 17b4fbe7defc316f6eb2b3a82ed6d8c5 59894a7d4ba0aecf545434b4913c9288db8ef589 b76533851af891a27433d6ed3ab58ad54b9af660d3655ad7cae0bd951b6a0309 Loading...

	nanouwho.com/27/9943481a9ac26c64561c8defae4d87aa	378 kB	2023-03-08	2023-03-11
Pretty URL nanouwho.com/27/9943481a9ac26c64561c8defae4d87aa IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:42 Last Seen2023-03-11 23:45:04 Times Seen1 Hash eef4f305f75eefb61d7753b2513ff965 734f7600790e4125be87cf768b67cd36adc90ce5 95be486e89e4fc23d38d5bc074c3094569decb5c7d88123e0b2214b7118c23a7 Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js	19 kB	2023-03-07	2024-04-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-24 18:19:29 Times Seen2343 Hash 541aecc95a7faeef0fc27558070f3647 0ec7ca4778ba3ccb4d1b1688094720834fbe9ed3 f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd Loading...

	anonymfile.com/js/site.js	6.5 kB	2023-03-07	2023-12-13
Pretty URL anonymfile.com/js/site.js IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2023-12-13 20:16:01 Times Seen190 Hash 643fea0198e4fb9e271ddd811cf34f68 0d8277c1cde619b82a6867bc17cfdbbcd6674a46 f68f8db8d8fe95d02e60e2f4f97c74e4eb521d845cee1c7d53bec6159dc92ad5 Loading...

	http:text/javascript,var%20sTime%3Dnew%20Date().getTime()%3Bvar%20countDown%3D5%3Bfunction%20UpdateCountDownTime()%7Bvar%20cTime%3Dnew%20Date().getTime()%3Bvar%20diff%3DcTime-sTime%3Bvar%20timeStr%3D''%3Bvar%20seconds%3DcountDown-Math.floor(diff%2F1000)%3Bif(seconds%3E%3D0)%7Bvar%20hours%3DMath.floor(seconds%2F3600)%3Bvar%20minutes%3DMath.floor((seconds-(hours3600))%2F60)%3Bseconds-%3D(minutes60)%3Bif(seconds%3CcountDown)%7BtimeStr%3DtimeStr%2B%22%22%2Bseconds%3B%7Delse%7BtimeStr%3DtimeStr%2B%22%22%2Bseconds%3B%7Ddocument.getElementById(%22download%22).innerHTML%3D'%3Cbutton%20id%3D%22download_file%22%20class%3D%22download_file%20btn%20btn-secondary%20btn%20disabled%22%3EPlease%20wait%20%3Cstrong%3E'%2BtimeStr%2B'%3C%2Fstrong%3E%20seconds%3C%2Fbutton%3E'%3B%7Delse%7B%24('.download_file').remove()%3B%24('%23download').append('%3Ca%20href%3D%22https%3A%2F%2Fanonymfile.com%2Ff%2F82fed61e-70ae-490d-930a-49d1dbaf431a%22%20download%3D%22resources.zip%22%20class%3D%22btn%20btn-warning%22%3EDownload%20(226.30%20MB)%3C%2Fa%3E')%3BclearInterval(counter)%3B%7D%7DUpdateCountDownTime()%3Bvar%20counter%3DsetInterval(UpdateCountDownTime%2C500)%3Bconst%20swalWithBootstrapButtons%3DSwal.mixin(%7BcustomClass%3A%7BconfirmButton%3A'btn%20btn-falcon-info%20m-1'%2CcancelButton%3A'btn%20btn-falcon-danger%20m-1'%2Cinput%3A'text-dark'%7D%2CbuttonsStyling%3Afalse%7D)%0A%24(document).on('click'%2C'.qrcode'%2Cfunction(e)%7Be.preventDefault()%3Bvar%20link%3D%24(this).data('link')%3BswalWithBootstrapButtons.fire(%7BimageUrl%3Alink%2CshowCancelButton%3Afalse%2Cbackground%3A'%23121e2d'%2C%7D)%3B%7D)%3B	1.3 kB	2023-03-11	2023-03-11
Pretty URL http:text/javascript,var%20sTime%3Dnew%20Date().getTime()%3Bvar%20countDown%3D5%3Bfunction%20UpdateCountDownTime()%7Bvar%20cTime%3Dnew%20Date().getTime()%3Bvar%20diff%3DcTime-sTime%3Bvar%20timeStr%3D''%3Bvar%20seconds%3DcountDown-Math.floor(diff%2F1000)%3Bif(seconds%3E%3D0)%7Bvar%20hours%3DMath.floor(seconds%2F3600)%3Bvar%20minutes%3DMath.floor((seconds-(hours3600))%2F60)%3Bseconds-%3D(minutes60)%3Bif(seconds%3CcountDown)%7BtimeStr%3DtimeStr%2B%22%22%2Bseconds%3B%7Delse%7BtimeStr%3DtimeStr%2B%22%22%2Bseconds%3B%7Ddocument.getElementById(%22download%22).innerHTML%3D'%3Cbutton%20id%3D%22download_file%22%20class%3D%22download_file%20btn%20btn-secondary%20btn%20disabled%22%3EPlease%20wait%20%3Cstrong%3E'%2BtimeStr%2B'%3C%2Fstrong%3E%20seconds%3C%2Fbutton%3E'%3B%7Delse%7B%24('.download_file').remove()%3B%24('%23download').append('%3Ca%20href%3D%22https%3A%2F%2Fanonymfile.com%2Ff%2F82fed61e-70ae-490d-930a-49d1dbaf431a%22%20download%3D%22resources.zip%22%20class%3D%22btn%20btn-warning%22%3EDownload%20(226.30%20MB)%3C%2Fa%3E')%3BclearInterval(counter)%3B%7D%7DUpdateCountDownTime()%3Bvar%20counter%3DsetInterval(UpdateCountDownTime%2C500)%3Bconst%20swalWithBootstrapButtons%3DSwal.mixin(%7BcustomClass%3A%7BconfirmButton%3A'btn%20btn-falcon-info%20m-1'%2CcancelButton%3A'btn%20btn-falcon-danger%20m-1'%2Cinput%3A'text-dark'%7D%2CbuttonsStyling%3Afalse%7D)%0A%24(document).on('click'%2C'.qrcode'%2Cfunction(e)%7Be.preventDefault()%3Bvar%20link%3D%24(this).data('link')%3BswalWithBootstrapButtons.fire(%7BimageUrl%3Alink%2CshowCancelButton%3Afalse%2Cbackground%3A'%23121e2d'%2C%7D)%3B%7D)%3B IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:39:10 Last Seen2023-03-11 23:39:10 Times Seen1 Hash 12a7d3f1a57784be5e247f0ed7b429e1 372630237ec41af57f3bf579d9634603c18bb452 093106751f552591d8128c63b25dda11a68d96ba6dbe02ace75cfc3a2cc5d9b9 Loading...

	ibrapush.com/pfe/current/tag.min.js?z=5307590	15 kB	2023-03-11	2023-03-11
Pretty URL ibrapush.com/pfe/current/tag.min.js?z=5307590 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:32:20 Last Seen2023-03-11 23:39:10 Times Seen1 Hash cca262dd7c26faa81bf1a93f129b666c 7d3a26a6e23a5e72bac993b92ee159b773746364 492a7c65cc5fbff3d3cb9d5368c9becd1a803557ac8c74a846903ecabe77a5c0 Loading...

	interstitial-07.com/?l=oUP6pSarai40Ivr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3815566777%26z%3D5307589%26b%3D15938490%26c%3D6378646%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DAsw-oDie2Uev3AOSHdkkqCk9KPNBpK-sJ7iXOY6HMgjwjJYz262aD2v6cnu5adi5QCRHb_dY6w0-zqT7a-ggxLEIfMomETO7LoNJpmeQy_Hk396Peg41vWJgZ5bh2d2S2-qV0AxnK6L4u8Um3vhtUcAxLIqApRJlE_MnJjAzp6MAzBr-SxBt9OOEOHZfppPJvKQS17q7MaVGw6Ea3-N0-NqVs6eSM8Z5YuIqIT1xECPEbRg1_4sXzxsM3mQwDdQZDoicNtQLMl5sbF9IOGtqUPgb3IowwrYoqf4-sr454-YC5BfolqsoJ1S6ORiHgJjXF-GzM0vus1WI0Hyqqio0-dC1Du_0a_z7I9NEhZ4fo1teYxiu6zwUwDlf1f4MbhjSt7yMu_fbkXU4f7UTog0IIVO72VvV03KOhqFeM_VuWICkddn-nfk2CAHqe9t2a34k0H9Wzi71-PEaji8zEQkNwWPuswyPOrZ67jt2fs9IY_GkLrmDenthWY9tMjoYyC7n6q32YzT4F2nJCqf0pKWAfqOuuJxidRjDCOdoFKxt50dcMriGwUv_PMQwktNJaip8VxpH7_ipwW5XKA41kd1GZHt7NnTRgX_Yq291Q51FHZazLAkU24S4egXHolO9xAZeriZeunHk9ZbGQwspPYrdcw%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D28e18c16-e7fd-49bb-a737-b3bb071b4cc0%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FOaeQQ%252Fresources.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1	1.4 kB	2023-03-11	2023-03-11
Pretty URL interstitial-07.com/?l=oUP6pSarai40Ivr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3815566777%26z%3D5307589%26b%3D15938490%26c%3D6378646%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DAsw-oDie2Uev3AOSHdkkqCk9KPNBpK-sJ7iXOY6HMgjwjJYz262aD2v6cnu5adi5QCRHb_dY6w0-zqT7a-ggxLEIfMomETO7LoNJpmeQy_Hk396Peg41vWJgZ5bh2d2S2-qV0AxnK6L4u8Um3vhtUcAxLIqApRJlE_MnJjAzp6MAzBr-SxBt9OOEOHZfppPJvKQS17q7MaVGw6Ea3-N0-NqVs6eSM8Z5YuIqIT1xECPEbRg1_4sXzxsM3mQwDdQZDoicNtQLMl5sbF9IOGtqUPgb3IowwrYoqf4-sr454-YC5BfolqsoJ1S6ORiHgJjXF-GzM0vus1WI0Hyqqio0-dC1Du_0a_z7I9NEhZ4fo1teYxiu6zwUwDlf1f4MbhjSt7yMu_fbkXU4f7UTog0IIVO72VvV03KOhqFeM_VuWICkddn-nfk2CAHqe9t2a34k0H9Wzi71-PEaji8zEQkNwWPuswyPOrZ67jt2fs9IY_GkLrmDenthWY9tMjoYyC7n6q32YzT4F2nJCqf0pKWAfqOuuJxidRjDCOdoFKxt50dcMriGwUv_PMQwktNJaip8VxpH7_ipwW5XKA41kd1GZHt7NnTRgX_Yq291Q51FHZazLAkU24S4egXHolO9xAZeriZeunHk9ZbGQwspPYrdcw%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D28e18c16-e7fd-49bb-a737-b3bb071b4cc0%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FOaeQQ%252Fresources.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1 IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:39:10 Last Seen2023-03-11 23:39:10 Times Seen1 Hash bb8c305b9f7f3ac1ca5f491597f10b5c a0c2fffd8ec2372aca7fcf6b4c44f456216cce48 1edfbfea6c92079ce7439d7b2c1967f74fe51cf8ee1dfd892f33d40a44ecd0a8 Loading...

	betotodilea.com/400/5307588	83 kB	2023-03-11	2023-03-11
Pretty URL betotodilea.com/400/5307588 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:39:10 Last Seen2023-03-11 23:39:10 Times Seen1 Hash aec0550658620163bac348cc1374a480 b8e48f9326b007b03041d4fe56edb3305217ed4a 0466de5ff1b6477da30d8ab6527421b467fba7a1c009bf677d73e7bb360b6d56 Loading...

	tzegilo.com/stattag.js	13 kB	2023-03-08	2023-03-12
Pretty URL tzegilo.com/stattag.js IP 172.67.194.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:59 Last Seen2023-03-12 10:48:49 Times Seen1 Hash d0de06f954f7dedba242231b0ec4052d 188d75bb9077832384f889dd15584845790bc146 efae63871ebdeb69e7d64c6782924f72584f962d540b8c55237cba93c026af16 Loading...

	anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js	12 kB	2023-03-07	2024-04-04
Pretty URL anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-04 06:40:42 Times Seen473 Hash 2387078eae8410f7e540e3866bcb2fda 324d38dcb7f7bcb16b355b6afdbbc87bd089422d 59dbda86041a5f394b83391ffe0b939341aabb817fa60a6ea78c80f5835596b5 Loading...

	anonymfile.com/OaeQQ/resources.zip	3.5 kB	2023-03-07	2024-04-07
Pretty URL anonymfile.com/OaeQQ/resources.zip IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:12 Last Seen2024-04-07 18:55:14 Times Seen189 Hash c74a7ba5cdd5e9720b1e0ab486d38d9d d898f14ca2e929e89cc0e9d950a47af984188a8e e9ab7863db3cd0014a45d870de35e4be22b5bd547f5a5e7394fa7b9d5755c871 Loading...

	unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js	6.8 kB	2023-03-08	2024-04-21
Pretty URL unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js IP 104.16.126.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:46:17 Last Seen2024-04-21 00:54:15 Times Seen653 Hash 5ab1c9fe6f2ca02b78083699d8109be5 99aa73a69b0ee070162ff7a2a8b70005ebb48565 845b2368dce026b72f19715d6de81f03fef056e4a79c718a658161a1f7b03b3b Loading...

	unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js	7.4 kB	2023-03-07	2024-02-08
Pretty URL unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js IP 104.16.126.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-02-08 07:46:02 Times Seen604 Hash 6170d2a086cb1d5769c6fd1f76edf99b d61c541caceb4e5deb35d8642702b89091a8bb42 6fc678b64782a17a266b5675e195be5956efd7513fd228143901b427983df928 Loading...

	inklinkor.com/tag.min.js	74 kB	2023-03-11	2023-03-11
Pretty URL inklinkor.com/tag.min.js IP 104.21.91.63 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:39:10 Last Seen2023-03-11 23:39:22 Times Seen1 Hash 15cce3cacfc02f847821b552d9676001 f6d4e7b032e8ae4e9d86b7e68299340cbb52c8c2 714de93624d516c8c29224d77c8af3152fe4c7aa5209458ee2799c9f38ea8f65 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 56cec86d2062369c1181696d8e57079d	42 B	2023-03-07	2023-12-17
Pretty Observations First Seen2023-03-07 01:23:52 Last Seen2023-12-17 23:38:32 Times Seen150 Hash 56cec86d2062369c1181696d8e57079d a829bc3ec7acab468fc649127853881751b2e61d 2477b814b8ad1a91f87132c07e73e884d9448987538b5be15f5292327cbbca6f Loading...

	#2 Eval - 2b213b99e66eb5c83685eda577a09785	80 B	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 23:39:10 Last Seen2023-03-11 23:39:10 Times Seen1 Hash 2b213b99e66eb5c83685eda577a09785 0a4d35632902a182c96fe3997ec25c77ba933788 f25e38e1d5fa16968432fde055a0888abe908538ebb165944e6385aa8c1b8c51 Loading...

HTTP Transactions (75)

URL IP Response Size

anonymfile.com/OaeQQ/resources.zip

138.201.48.112

301 Moved Permanently

162 B

URL HTTP/1.1
anonymfile.com/OaeQQ/resources.zip
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /OaeQQ/resources.zip HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 15:24:56 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://anonymfile.com/OaeQQ/resources.zip
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2691
Expires: Thu, 01 Dec 2022 16:09:48 GMT
Date: Thu, 01 Dec 2022 15:24:57 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 782
Cache-Control: max-age=155957
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:24:57 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 10:44:14 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8132
Expires: Thu, 01 Dec 2022 17:40:29 GMT
Date: Thu, 01 Dec 2022 15:24:57 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 15:19:46 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 311
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: kkUnjKgaFa51zdKXDVAH6yCIK7W/uv3XjC1cc+V3Btfmw7XtkiJvxohM11eJtbjtyukYXdiWwAs=
x-amz-request-id: XHWT4HBKG4JM1XKV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 14:45:42 GMT
age: 2355
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

anonymfile.com/css/theme.min.css

138.201.48.112

200 OK

75 kB

URL HTTP/2
anonymfile.com/css/theme.min.css
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
75 kB (74764 bytes)
Hash
65c31d311ae68e4aabece34b7545367b
7e4f7469233e4d26c716c6f8630e1d83a4625d20
6f3f8aa982c4b3661a2d02193f0b21b313a408076802980ea8662dcd6b42eee5

HTTP Headers

GET /css/theme.min.css HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: text/css
etag: W/"61727336-921fb"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
date: Thu, 01 Dec 2022 15:24:51 GMT
expires: Thu, 01 Dec 2022 15:29:51 GMT
vary: Accept-Encoding
x-original-content-length: 598523
content-encoding: gzip
content-length: 74764
cache-control: s-maxage=10
X-Firefox-Spdy: h2

anonymfile.com/img/logo-anon-warning.webp

138.201.48.112

200 OK

15 kB

URL HTTP/2
anonymfile.com/img/logo-anon-warning.webp
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
RIFF (little-endian) data, Web/P image\012- data
Size
15 kB (15344 bytes)
Hash
7b596f481388ac5ef6d74a15a351f6c3
6756e88c0b46cc981b7bbbdaf2ead77bd258a472
cd830cff1dfb9af2181dfe61645addbe21981954713fba54d5875a038e673972

HTTP Headers

GET /img/logo-anon-warning.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
content-length: 15344
etag: "617d3713-3bf0"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ranges: bytes
date: Thu, 01 Dec 2022 15:24:51 GMT
expires: Thu, 01 Dec 2022 15:29:51 GMT
cache-control: s-maxage=10
X-Firefox-Spdy: h2

anonymfile.com/img/main/footer.webp

138.201.48.112

200 OK

178 kB

URL HTTP/2
anonymfile.com/img/main/footer.webp
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
RIFF (little-endian) data, Web/P image\012- data
Size
178 kB (178070 bytes)
Hash
79ccb3a1b78412a1a530284f45ea7056
626d0494e1bd871e67ecffad44d04ac2343fb7e5
3d4e83b59664d7a779fa777d4ee0e17a1bc09302f9b9cde60815a3142256d8b8

HTTP Headers

GET /img/main/footer.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
content-length: 178070
etag: "62f35b9c-2b796"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ranges: bytes
date: Thu, 01 Dec 2022 15:24:52 GMT
expires: Thu, 01 Dec 2022 15:29:52 GMT
cache-control: s-maxage=10
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css

104.17.25.14

200 OK

14 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65345)
Size
14 kB (14374 bytes)
Hash
642445b86596bdeaa98e92faa2064fc6
6c5539660bf533d34e37b917973c941d1c963374
4a5a39e9f325c5578dccd880c1d516eae190ee39f7539f4a6c6c52d2eee4cbdf

HTTP Headers

GET /ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:24:57 GMT
content-type: text/css; charset=utf-8
content-length: 14374
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61498362-3826"
last-modified: Tue, 21 Sep 2021 07:01:54 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 10788215
expires: Tue, 21 Nov 2023 15:24:57 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q39hD3njYlXKiU9xGDg6kRU1O0KGv7Dvkay2%2Fhc7xh6XNGeR6gKDzq5aLsVb8VpH5wpyuz%2F4FX08tAuN4NtnuoXD%2FwDB9hUbbsOissIVldWD5eWZ5kw19Ug70lhxhWpcFlsTWNEL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 772cd52cfded0af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 15:08:56 GMT
cache-control: public,max-age=3600
age: 961
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

anonymfile.com/img/logo-anon-warning.png

138.201.48.112

200 OK

41 kB

URL HTTP/2
anonymfile.com/img/logo-anon-warning.png
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced\012- data
Size
41 kB (40729 bytes)
Hash
d52ea6ebcd0b10dcf112a9d6c43ceee0
641e5277e2e079f0e88e2899879fda8882e58d28
77cb73f16f049b51c0a81c12ed878e11efe3b9a71c632a3bdb647d963059532e

HTTP Headers

GET /img/logo-anon-warning.png HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:57 GMT
content-type: image/png
content-length: 40729
last-modified: Fri, 29 Oct 2021 10:50:56 GMT
vary: Accept-Encoding
etag: "617bd210-9f19"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: s-maxage=10
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
a7768a8a4d5f2b246e1c7184e4526eef
424a0bbdad4a58e0eeced80d976613d4925a8f55
6233da50858bbd760a4da93d72eaf8b0a3379184601e8eb76db9a306af568c71

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 707
Cache-Control: max-age=85309
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:24:57 GMT
Etag: "63876ec3-117"
Expires: Fri, 02 Dec 2022 15:06:46 GMT
Last-Modified: Wed, 30 Nov 2022 14:54:59 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279

anonymfile.com/js/site.js

138.201.48.112

200 OK

2.0 kB

URL HTTP/2
anonymfile.com/js/site.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (5640)
Size
2.0 kB (1993 bytes)
Hash
a779d1605363c034784168e0553fee12
203adaeac5eec419f7bdf4ba6840c9378c9692e5
0ac5db7b1ae244540526d4c971799e4c8ba3f5921dda88b94d10d2cb6a730bc6

HTTP Headers

GET /js/site.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-original-content-length: 9351
vary: Accept-Encoding
content-encoding: gzip
content-length: 1993
etag: W/"PSA-aj-ZD_qAZjk-5"
date: Thu, 01 Dec 2022 15:24:57 GMT
expires: Thu, 01 Dec 2022 15:29:51 GMT
cache-control: max-age=293
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
a7768a8a4d5f2b246e1c7184e4526eef
424a0bbdad4a58e0eeced80d976613d4925a8f55
6233da50858bbd760a4da93d72eaf8b0a3379184601e8eb76db9a306af568c71

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 707
Cache-Control: max-age=85309
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:24:57 GMT
Etag: "63876ec3-117"
Expires: Fri, 02 Dec 2022 15:06:46 GMT
Last-Modified: Wed, 30 Nov 2022 14:54:59 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279

cdn.jsdelivr.net/npm/sweetalert2@11

151.101.129.229

200 OK

18 kB

URL HTTP/2
cdn.jsdelivr.net/npm/sweetalert2@11
IP
151.101.129.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (43300)
Size
18 kB (18036 bytes)
Hash
d9da418805bd4bde053bcaeed574c2b8
539ce9c1b8ebe1e176b1272f36553c50a49e3895
9c20ee20412a3722b10b67c4948f91fa28132f1fe97e2921a54f1216647b1cf7

HTTP Headers

GET /npm/sweetalert2@11 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.6.15
x-jsd-version-type: version
etag: W/"fb4e-WYlKfUugrs9UVDS0kTySiNuO9Yk"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 01 Dec 2022 15:24:57 GMT
age: 11445
x-served-by: cache-fra-eddf8230057-FRA, cache-bma1659-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18036
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 820
Cache-Control: max-age=150932
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:24:57 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:20:29 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1

104.18.21.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
09f8790d01c65f3daebb44ba615bba6f
6103e5c8fc869cb7285473c2ef0ce8f64fcc64dd
4e0a721c2eab45620a8826fad5912fcf94acce203b888f4cd19b1a1160056536

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 15:24:57 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "2C7FF39CB989D3020D074BE1E5B0D93C361759B8"
Expires: Fri, 02 Dec 2022 03:00:00 GMT
Last-Modified: Thu, 01 Dec 2022 15:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 704
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 772cd52e599db521-OSL

push.services.mozilla.com/

34.214.17.205

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.214.17.205:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: riJN+UfvVFxGpO3M3WIbxw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Rhgi81nJ8rVq0fr7M5mDO8yCIjg=

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
1a19c78fd084bcab9ea57e11f54f5de7
fb3350e4ed2dad48653fc8b10f18b2e758d06f2a
0cd9946b0578917f465725c52661012c953f27cac817af53fdeb7d03aa323ee1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3100
Cache-Control: max-age=98851
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:24:58 GMT
Etag: "63879a51-117"
Expires: Fri, 02 Dec 2022 18:52:29 GMT
Last-Modified: Wed, 30 Nov 2022 18:00:49 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279

inklinkor.com/tag.min.js

104.21.91.63

200 OK

25 kB

URL HTTP/2
inklinkor.com/tag.min.js
IP
104.21.91.63:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
25 kB (25311 bytes)
Hash
bb1b61890347a1f81640af4ce0120024
bb17278bfaf878142d6982f0f9ec9f92673c9878
1f405d627a957a36c06745e89488372a5f600a0ac4e6634c3b741d4989cf4ba9

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 9d6a5fc312406034b56cc08b8321d581
cache-control: max-age=86400
last-modified: Thu, 01 Dec 2022 12:44:21 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Fri, 02 Dec 2022 13:43:50 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 6067
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7DhwOMlWmFHC5hk7A1rzH7KYKd0QuGY6uPTcxH%2F6jbsA%2BIfreVJJmUWmHCwCDw8ZG%2FrF1aOYoHYAPnYs8w1Lk6V%2FEYrnAd7DWskOgzr057rif6VRSFXBYZG%2FrAVib0zJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772cd5304c9cb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
84b8b1043a96c760a6b85bc0b3265b85
d9f0338ffcd6cfb3c96bc66966b898d33162f204
e24a64d19f091946caed011ebcf469be2d35168aa12f90b02d9c1c9326afd867

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E24A64D19F091946CAED011EBCF469BE2D35168AA12F90B02D9C1C9326AFD867"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2136
Expires: Thu, 01 Dec 2022 16:00:34 GMT
Date: Thu, 01 Dec 2022 15:24:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f096767caf45bd69af30f68d8c507657
d34449c54e15bd807141acda4b2ff56cf7448c8d
ac7763b62b265227a3004fc9ccaac8affe202e4556de67d649869f061fb75558

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC7763B62B265227A3004FC9CCAAC8AFFE202E4556DE67D649869F061FB75558"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15997
Expires: Thu, 01 Dec 2022 19:51:35 GMT
Date: Thu, 01 Dec 2022 15:24:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d11e8d3b84fa08a147488c0014516a9f
8b1c56559b9d24dee124ed4ee987e00b8b7ca2fb
f27a4dd42652e137fb0e4645934fefe14e622b7b72f9bdd36dd83c5f874b454f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27A4DD42652E137FB0E4645934FEFE14E622B7B72F9BDD36DD83C5F874B454F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10986
Expires: Thu, 01 Dec 2022 18:28:04 GMT
Date: Thu, 01 Dec 2022 15:24:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9caeefc49be26de4b50c14df1aace81f
ef836496e49f843f0e4c2dc991c314aad13f0f2e
83203278dadec9319a72ccb142c413696d8bd09a25f1b6c8d1edef20405e90f0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "83203278DADEC9319A72CCB142C413696D8BD09A25F1B6C8D1EDEF20405E90F0"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5317
Expires: Thu, 01 Dec 2022 16:53:35 GMT
Date: Thu, 01 Dec 2022 15:24:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b236a2114c2dc0510eddbb2792945ce2
f5c731f726a9295fac38f6e66d6efafceb5216bc
2051b04e443cc064016efe3a543d2e395bdefdcf9a59a95abaee6390a3566d97

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2051B04E443CC064016EFE3A543D2E395BDEFDCF9A59A95ABAEE6390A3566D97"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=802
Expires: Thu, 01 Dec 2022 15:38:20 GMT
Date: Thu, 01 Dec 2022 15:24:58 GMT
Connection: keep-alive

ibrapush.com/zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3=

139.45.197.250

200 OK

664 B

URL HTTP/2
ibrapush.com/zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3=
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (663)
Size
664 B (664 bytes)
Hash
924f83d583902548517c3327ff8e4493
7d5ea76f95d862b44558e6428f0a0d2bb20e2b0c
92e16e70459ff85e5803ded19d1f535cb6197a2b1eda7b254cb663b81908147c

HTTP Headers

GET /zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: b28eca37260ca0db1738b0b4c6eb63dc
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=cbfc69ef3adf484381e14bfbe92f7e2e

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?userId=cbfc69ef3adf484381e14bfbe92f7e2e
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
4bb3f42015ee1b3ebf8cf5e091b0a997
e361b31e6008bfc2d7c4ae417c8afce53de4a3c0
bc1a39a1ce842c87dc22bb89b84ab5293e8545c7ac27fd636d6fb3b91d78b6d2

HTTP Headers

GET /gid.js?userId=cbfc69ef3adf484381e14bfbe92f7e2e HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=cbfc69ef3adf484381e14bfbe92f7e2e; expires=Fri, 01 Dec 2023 15:24:58 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1fc39d722889d2ea54dcb5cc2770e3ff
b4eac47bf1ffabb2ed39f320ab50cca8b47256b5
77651aa1d15538b031e15d35d906060964312b2c97098493d165e54e13c266f4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "77651AA1D15538B031E15D35D906060964312B2C97098493D165E54E13C266F4"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13146
Expires: Thu, 01 Dec 2022 19:04:04 GMT
Date: Thu, 01 Dec 2022 15:24:58 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
a40e191e2c32caa23c7ec1abea39e991
b03456fefb0156a48fae623cdc3c444c44d2481e
23abf43db4e7fafcd42f2114b823179fa4119c04f317cd0ee8c395e0688778cd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3685
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:24:58 GMT
Last-Modified: Thu, 01 Dec 2022 14:23:34 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279

ibrapush.com/custom

139.45.197.250

200 OK

0 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

nanouwho.com/27/9943481a9ac26c64561c8defae4d87aa

139.45.197.242

200 OK

124 kB

URL HTTP/2
nanouwho.com/27/9943481a9ac26c64561c8defae4d87aa
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
data
Size
124 kB (123673 bytes)
Hash
50f48a33af32fb92b108d4ed3341a681
480616bae8ed383ec7a2f2232a7fd2ef72483d16
41db0d993023f994284c1f1274aa5eb386b2a1a0ff9108a42b1116e10c88d158

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /27/9943481a9ac26c64561c8defae4d87aa HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=b53a90d1e06c46f384528e38e6db4210; oaidts=1669908298
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 01 Dec 2022 06:54:12 GMT
expires: Thu, 31 Dec 2082 06:54:12 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

0 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 384
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 140fb86e6c39ed5b3de9e4037e9198db
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 765
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: bcd8332414021216041956068f15a948
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

anonymfile.com/sw.js

138.201.48.112

404 Not Found

5.0 kB

URL HTTP/2
anonymfile.com/sw.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4320)
Size
5.0 kB (4952 bytes)
Hash
e14208b02b819c3d6ff44af4bd215a94
5d62f5adc44afa70f7c5cfae7efbb5e8551fbbe8
26fac9c58629f79843a340c55fb5f1596f5a0b6501b67c83e7326a4fefdf892a

HTTP Headers

GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/OaeQQ/resources.zip
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D; prefetchAd_5307591=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Thu, 01 Dec 2022 15:24:58 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2

nanouwho.com/1?z=5307589

139.45.197.242

200 OK

6.8 kB

URL HTTP/2
nanouwho.com/1?z=5307589
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (16471)
Size
6.8 kB (6791 bytes)
Hash
a3dcf590609151314dae503f48a12674
17565842c9c7d00344c937e324bb277fcb60960d
1bea1f806cd8b3bfa20eb828819cf3e788ddd3c55caae2a9e787eb778762c68d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1?z=5307589 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 6817bfa159968020a8d2afc6be4cb345
access-control-expose-headers: X-Sc
x-sc: Slpkz0pEoZ41ECC5ECLWZkLUod3IMjj5-VHhI6CfB-oWdHfT5fAx7cUSqGatjWMRWdgVFXeE4Qw7YioRbbtbi_19ixU=
set-cookie: scm=1; expires=Fri, 01 Dec 2023 15:24:58 GMT; secure; SameSite=None
OAID=b53a90d1e06c46f384528e38e6db4210; expires=Fri, 01 Dec 2023 15:24:58 GMT; secure; SameSite=None
oaidts=1669908298; expires=Fri, 01 Dec 2023 15:24:58 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

bedrapiona.com/5/5307591/?oo=1&js_build=iclick-v1.456.0

139.45.197.234

200 OK

1.4 kB

URL HTTP/2
bedrapiona.com/5/5307591/?oo=1&js_build=iclick-v1.456.0
IP
139.45.197.234:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (2944), with no line terminators
Size
1.4 kB (1421 bytes)
Hash
e55941a189ecfa8b4dd3b992058ae188
a296b6b8b6cc4fd62b1048bc1f33a4b567e6274c
4ea40cfd4d002e729a1c85f17e9d0bb864eeb0055ee0029b0848d29c3342f3e3

HTTP Headers

GET /5/5307591/?oo=1&js_build=iclick-v1.456.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/json
x-trace-id: 188d6ac1716a7697805a279000b6daae
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=cbfc69ef3adf484381e14bfbe92f7e2e; expires=Fri, 01 Dec 2023 15:24:58 GMT; path=/; secure; SameSite=None
oaidts=1669908298; expires=Fri, 01 Dec 2023 15:24:58 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
e7f182bc423c8e0b694072f316dfbf3c
cea3572598e1b5c8c5249cabf5ea99e56dc7e02d
02b4ac24bfa51f27fc2e507fb5d923751a9f6566eb98f3b8255a7d05f42d85c5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 15:24:59 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 12:52:22 GMT
Expires: Thu, 08 Dec 2022 12:52:21 GMT
Etag: "cea3572598e1b5c8c5249cabf5ea99e56dc7e02d"
Cache-Control: max-age=595041,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772cd5352e86fac0-OSL

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0f59a14a9434a185f2aa79465a9fead4
e35939caa08ff547d32dd943c56698c004bd07e9
c08948d152cf98f4edde687b116593709eeedb20f662e78762d7c8fbec21611a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C08948D152CF98F4EDDE687B116593709EEEDB20F662E78762D7C8FBEC21611A"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2785
Expires: Thu, 01 Dec 2022 16:11:24 GMT
Date: Thu, 01 Dec 2022 15:24:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2827
Expires: Thu, 01 Dec 2022 16:12:06 GMT
Date: Thu, 01 Dec 2022 15:24:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2827
Expires: Thu, 01 Dec 2022 16:12:06 GMT
Date: Thu, 01 Dec 2022 15:24:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2827
Expires: Thu, 01 Dec 2022 16:12:06 GMT
Date: Thu, 01 Dec 2022 15:24:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2827
Expires: Thu, 01 Dec 2022 16:12:06 GMT
Date: Thu, 01 Dec 2022 15:24:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2827
Expires: Thu, 01 Dec 2022 16:12:06 GMT
Date: Thu, 01 Dec 2022 15:24:59 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12898 bytes)
Hash
820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kZfRQsF_Fo2UtTqK0ByOPeQK-IzTQO9JtTmxIMlapmsd93SJk_4VYw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:47:30 GMT
age: 63449
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9459 bytes)
Hash
e1e6b6ba4f82221b41c3d9129008c76d
2f9532d698b4c28df23e18bbb66399ec776d5b9f
218c6f41a16e6087c611d4db5784a7cc1d027084d0bf2bd6dc3843ee5dfd560f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9459
x-amzn-requestid: 9e243a73-18ff-4abf-9b9c-442719960125
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpppFXjoAMFehg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bca3-47620f39181264772d2fb52d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:13:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _v5hatZyEWVRB4Tebygbb-QfE02oaFxE8CRfQsUY7I_ektxE3YeIpw==
via: 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 17:08:01 GMT
age: 80218
etag: "2f9532d698b4c28df23e18bbb66399ec776d5b9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ibrapush.com/pfe/current/universal.min.js?v=3.1.408

139.45.197.250

200 OK

35 kB

URL HTTP/2
ibrapush.com/pfe/current/universal.min.js?v=3.1.408
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
data
Size
35 kB (35419 bytes)
Hash
2142d8c63107059e512a00b2419b35ba
92eb2675de4728a1c4e458dd9a7f122f5d034d9d
99ec44fca6e68b00ba9acdb28719c7e5593ebd08c292d7b4bcbf5a2b1a15f052

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.408 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 10:08:09 GMT
etag: W/"63887d09-18bbd"
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8740 bytes)
Hash
26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: c6c3e3dc-c9a2-4fda-a83b-cdd6ae81166b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uyE9CoAMF6Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc4-2c8940405044071a082ee678;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qykE_oaoqqPTgqGnfUo74mH29IOS97b5sZb_3VmB9yW7KUiJ1a7dnA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:58:06 GMT
age: 73613
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16038 bytes)
Hash
ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 925134ee-dd35-45ed-8da7-d60c9c484993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz80EHboAMFtmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-48de287757e82632291365ee;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I8qQQUMSVzFmXqjWM1n_F1XEE-ZQcpEF81OwJgf9i3Q5M8XiFAa8Zg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
age: 63179
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9674 bytes)
Hash
5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ym_L3s5E6MLy6BxqNkVxok6L6hA4c-ilSsEqt42j2IbiXYPb4c6-VQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:57 GMT
age: 63122
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4762 bytes)
Hash
d2dd5a4bcfd47db8f38544bf39ce3031
fa2217bae05b7beca2e12597eaad835298276b82
3266004f5e73af5359b71622eea31f1e28abb4bbc443b5f9e481b5a8b2e9249e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4762
x-amzn-requestid: 52b09ca3-705b-4c86-9f56-172637553f87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7TVG58oAMFQTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c15-4577a47243ad190672f8ac89;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Y0-NAp2LMMG5TjQQ9ENHwDyKXLObKTYqzPPOWvZhs7Y9WJIC6LoblQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 05:45:16 GMT
age: 34783
etag: "fa2217bae05b7beca2e12597eaad835298276b82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

betotodilea.com/500/5307588?excludes=&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

14 kB

URL HTTP/2
betotodilea.com/500/5307588?excludes=&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
14 kB (14075 bytes)
Hash
6f675087cc5860f0e1206d9acdf1c952
e50cec8566a5e844d9d5a6d586fc6dcd83f6dd2a
944fd642533d5270d5c93d9f1651f436205909f92d2fbc6c0d2901b2f463d283

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /500/5307588?excludes=&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=0bec6f653f194d219dedb27e7568f53d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:59 GMT
content-type: application/javascript
x-trace-id: 0e6a5175d97a7b49f4cc09d7f40cb6db
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=cbfc69ef3adf484381e14bfbe92f7e2e; expires=Fri, 01 Dec 2023 15:24:59 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg

172.67.22.216

200 OK

11 kB

URL HTTP/2
offerimage.com/www/images/96d73cf80f752e9319997c6e575c3b82.jpeg
IP
172.67.22.216:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
11 kB (11449 bytes)
Hash
96d73cf80f752e9319997c6e575c3b82
3dcf9d3b3e94698a842b1a98de17a02a8c3b4457
44dc0e0d92f12e669842f12722ca1a1848fb4be50deabd86c7d9deb64946db86

HTTP Headers

GET /www/images/96d73cf80f752e9319997c6e575c3b82.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:24:59 GMT
content-type: image/jpeg
content-length: 11449
cache-control: max-age=86400
cf-bgj: h2pri
etag: "627e5574-2cb9"
expires: Fri, 02 Dec 2022 12:38:25 GMT
last-modified: Fri, 13 May 2022 12:56:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 9994
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 772cd5378db8b51d-OSL
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ce4664ff78f43f330fe8110c920f96c8
8d95283944a9217b18b8aeb68c17992b79ab5638
a855f987a1c193780de746a84c4693da05cbc5b3dd9d97d769918441be33ea9b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A855F987A1C193780DE746A84C4693DA05CBC5B3DD9D97D769918441BE33EA9B"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14029
Expires: Thu, 01 Dec 2022 19:18:48 GMT
Date: Thu, 01 Dec 2022 15:24:59 GMT
Connection: keep-alive

interstitial-07.com/contents/s/54/dd/f5/e95e60ab935e545b50ffa002ca/0975276558731.jpeg

139.45.197.151

200 OK

54 kB

URL HTTP/2
interstitial-07.com/contents/s/54/dd/f5/e95e60ab935e545b50ffa002ca/0975276558731.jpeg
IP
139.45.197.151:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Size
54 kB (54176 bytes)
Hash
54ddf5e95e60ab935e545b50ffa002ca
4285c9c5481ad2d0cc0f87cc05d3e0810d29573a
ea65923ca842ba0f5c9f6cf90659f8ebc651275dc24de3c061ea60e78ca1714f

HTTP Headers

GET /contents/s/54/dd/f5/e95e60ab935e545b50ffa002ca/0975276558731.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=oUP6pSarai40Ivr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3815566777%26z%3D5307589%26b%3D15938490%26c%3D6378646%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DAsw-oDie2Uev3AOSHdkkqCk9KPNBpK-sJ7iXOY6HMgjwjJYz262aD2v6cnu5adi5QCRHb_dY6w0-zqT7a-ggxLEIfMomETO7LoNJpmeQy_Hk396Peg41vWJgZ5bh2d2S2-qV0AxnK6L4u8Um3vhtUcAxLIqApRJlE_MnJjAzp6MAzBr-SxBt9OOEOHZfppPJvKQS17q7MaVGw6Ea3-N0-NqVs6eSM8Z5YuIqIT1xECPEbRg1_4sXzxsM3mQwDdQZDoicNtQLMl5sbF9IOGtqUPgb3IowwrYoqf4-sr454-YC5BfolqsoJ1S6ORiHgJjXF-GzM0vus1WI0Hyqqio0-dC1Du_0a_z7I9NEhZ4fo1teYxiu6zwUwDlf1f4MbhjSt7yMu_fbkXU4f7UTog0IIVO72VvV03KOhqFeM_VuWICkddn-nfk2CAHqe9t2a34k0H9Wzi71-PEaji8zEQkNwWPuswyPOrZ67jt2fs9IY_GkLrmDenthWY9tMjoYyC7n6q32YzT4F2nJCqf0pKWAfqOuuJxidRjDCOdoFKxt50dcMriGwUv_PMQwktNJaip8VxpH7_ipwW5XKA41kd1GZHt7NnTRgX_Yq291Q51FHZazLAkU24S4egXHolO9xAZeriZeunHk9ZbGQwspPYrdcw%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D28e18c16-e7fd-49bb-a737-b3bb071b4cc0%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FOaeQQ%252Fresources.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:59 GMT
content-type: image/jpeg
content-length: 54176
last-modified: Thu, 16 Dec 2021 06:39:29 GMT
vary: Accept-Encoding
etag: "61badf21-d3a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

interstitial-07.com/?l=oUP6pSarai40Ivr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3815566777%26z%3D5307589%26b%3D15938490%26c%3D6378646%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DAsw-oDie2Uev3AOSHdkkqCk9KPNBpK-sJ7iXOY6HMgjwjJYz262aD2v6cnu5adi5QCRHb_dY6w0-zqT7a-ggxLEIfMomETO7LoNJpmeQy_Hk396Peg41vWJgZ5bh2d2S2-qV0AxnK6L4u8Um3vhtUcAxLIqApRJlE_MnJjAzp6MAzBr-SxBt9OOEOHZfppPJvKQS17q7MaVGw6Ea3-N0-NqVs6eSM8Z5YuIqIT1xECPEbRg1_4sXzxsM3mQwDdQZDoicNtQLMl5sbF9IOGtqUPgb3IowwrYoqf4-sr454-YC5BfolqsoJ1S6ORiHgJjXF-GzM0vus1WI0Hyqqio0-dC1Du_0a_z7I9NEhZ4fo1teYxiu6zwUwDlf1f4MbhjSt7yMu_fbkXU4f7UTog0IIVO72VvV03KOhqFeM_VuWICkddn-nfk2CAHqe9t2a34k0H9Wzi71-PEaji8zEQkNwWPuswyPOrZ67jt2fs9IY_GkLrmDenthWY9tMjoYyC7n6q32YzT4F2nJCqf0pKWAfqOuuJxidRjDCOdoFKxt50dcMriGwUv_PMQwktNJaip8VxpH7_ipwW5XKA41kd1GZHt7NnTRgX_Yq291Q51FHZazLAkU24S4egXHolO9xAZeriZeunHk9ZbGQwspPYrdcw%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D28e18c16-e7fd-49bb-a737-b3bb071b4cc0%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FOaeQQ%252Fresources.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1

139.45.197.151

200 OK

4.7 kB

URL HTTP/2
interstitial-07.com/?l=oUP6pSarai40Ivr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3815566777%26z%3D5307589%26b%3D15938490%26c%3D6378646%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DAsw-oDie2Uev3AOSHdkkqCk9KPNBpK-sJ7iXOY6HMgjwjJYz262aD2v6cnu5adi5QCRHb_dY6w0-zqT7a-ggxLEIfMomETO7LoNJpmeQy_Hk396Peg41vWJgZ5bh2d2S2-qV0AxnK6L4u8Um3vhtUcAxLIqApRJlE_MnJjAzp6MAzBr-SxBt9OOEOHZfppPJvKQS17q7MaVGw6Ea3-N0-NqVs6eSM8Z5YuIqIT1xECPEbRg1_4sXzxsM3mQwDdQZDoicNtQLMl5sbF9IOGtqUPgb3IowwrYoqf4-sr454-YC5BfolqsoJ1S6ORiHgJjXF-GzM0vus1WI0Hyqqio0-dC1Du_0a_z7I9NEhZ4fo1teYxiu6zwUwDlf1f4MbhjSt7yMu_fbkXU4f7UTog0IIVO72VvV03KOhqFeM_VuWICkddn-nfk2CAHqe9t2a34k0H9Wzi71-PEaji8zEQkNwWPuswyPOrZ67jt2fs9IY_GkLrmDenthWY9tMjoYyC7n6q32YzT4F2nJCqf0pKWAfqOuuJxidRjDCOdoFKxt50dcMriGwUv_PMQwktNJaip8VxpH7_ipwW5XKA41kd1GZHt7NnTRgX_Yq291Q51FHZazLAkU24S4egXHolO9xAZeriZeunHk9ZbGQwspPYrdcw%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D28e18c16-e7fd-49bb-a737-b3bb071b4cc0%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FOaeQQ%252Fresources.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
IP
139.45.197.151:0
ASN
#9002 RETN Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1455)
Size
4.7 kB (4731 bytes)
Hash
0ab6c232912585a46394b658808b653b
5487a2c00b5395092190e98a05f225a1ab99d7d7
ceaeb80d5aad9e0c9999066c73593a5fe6c2fbf77b239e737831ef5235bffc8d

HTTP Headers

GET /?l=oUP6pSarai40Ivr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3815566777%26z%3D5307589%26b%3D15938490%26c%3D6378646%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DAsw-oDie2Uev3AOSHdkkqCk9KPNBpK-sJ7iXOY6HMgjwjJYz262aD2v6cnu5adi5QCRHb_dY6w0-zqT7a-ggxLEIfMomETO7LoNJpmeQy_Hk396Peg41vWJgZ5bh2d2S2-qV0AxnK6L4u8Um3vhtUcAxLIqApRJlE_MnJjAzp6MAzBr-SxBt9OOEOHZfppPJvKQS17q7MaVGw6Ea3-N0-NqVs6eSM8Z5YuIqIT1xECPEbRg1_4sXzxsM3mQwDdQZDoicNtQLMl5sbF9IOGtqUPgb3IowwrYoqf4-sr454-YC5BfolqsoJ1S6ORiHgJjXF-GzM0vus1WI0Hyqqio0-dC1Du_0a_z7I9NEhZ4fo1teYxiu6zwUwDlf1f4MbhjSt7yMu_fbkXU4f7UTog0IIVO72VvV03KOhqFeM_VuWICkddn-nfk2CAHqe9t2a34k0H9Wzi71-PEaji8zEQkNwWPuswyPOrZ67jt2fs9IY_GkLrmDenthWY9tMjoYyC7n6q32YzT4F2nJCqf0pKWAfqOuuJxidRjDCOdoFKxt50dcMriGwUv_PMQwktNJaip8VxpH7_ipwW5XKA41kd1GZHt7NnTRgX_Yq291Q51FHZazLAkU24S4egXHolO9xAZeriZeunHk9ZbGQwspPYrdcw%3D%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D28e18c16-e7fd-49bb-a737-b3bb071b4cc0%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FOaeQQ%252Fresources.zip%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
set-cookie: reverse=OsIeMaLeUexC0LSzBv2mcotkXCLpeaaXq5my8aHGaeU; expires=Thu, 01-Dec-2022 16:24:59 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 01 Dec 2022 15:24:59 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 9a74ad1d87db01e6ab1a4c3a677eb748
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

betotodilea.com/impression/y2dWBPd9VqW9deXcBNxCEDmkY-fiRKSxl1kd1cu5mZ3NMWiVH8hTuEF1p3C-h5Gd1DXiC6pj80FxaHX8jBlu3pKnfmzJGUU6yhG6lsINcgp712JrGqHCeX310_pYnqiXn1GaS4UDcjzX8smR1ZZMa7mZiBFAp7Oz5ajYSgp2-g3QM-CuzfjY-0wdl7FCsi5f6bRK4spmjrZgxzTMKME2fb8nszk431dDqrQfIV85oxVP6qHwCHV2PTprXfUybg-f8A2YnRmjGAAVyEZc4ZFD-v6JeptIYnsq_fyMCwOsG0shcHZ4SKq2SscoQWZIXc63LIvuuTDErQvsy9LncqLvTLt_uPgX8P0h-HwN1ip0AND4eKk5_eeyaJ3ULqvZCS4W5YiREIjKyxwglBSRbwLZuSSObxA_fooo8GGiPtgNL4WidcyOz54l3fb7UNovwiNoOhecZ9oOb6VZena8-PagqnvSX-96wKWCfmL44OsE3lZ_vAb0yIgpKWI6L0pMGZRFkXdxiELfCpxDWyrtz_tsRNPrsyItnfZwUlvnGt9NIyTQ0qqsKFtnpwC-v3k6OEAuBFo-7c1edZh4YiXVLmXGLCHhCGkSAN5c?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

43 B

URL HTTP/2
betotodilea.com/impression/y2dWBPd9VqW9deXcBNxCEDmkY-fiRKSxl1kd1cu5mZ3NMWiVH8hTuEF1p3C-h5Gd1DXiC6pj80FxaHX8jBlu3pKnfmzJGUU6yhG6lsINcgp712JrGqHCeX310_pYnqiXn1GaS4UDcjzX8smR1ZZMa7mZiBFAp7Oz5ajYSgp2-g3QM-CuzfjY-0wdl7FCsi5f6bRK4spmjrZgxzTMKME2fb8nszk431dDqrQfIV85oxVP6qHwCHV2PTprXfUybg-f8A2YnRmjGAAVyEZc4ZFD-v6JeptIYnsq_fyMCwOsG0shcHZ4SKq2SscoQWZIXc63LIvuuTDErQvsy9LncqLvTLt_uPgX8P0h-HwN1ip0AND4eKk5_eeyaJ3ULqvZCS4W5YiREIjKyxwglBSRbwLZuSSObxA_fooo8GGiPtgNL4WidcyOz54l3fb7UNovwiNoOhecZ9oOb6VZena8-PagqnvSX-96wKWCfmL44OsE3lZ_vAb0yIgpKWI6L0pMGZRFkXdxiELfCpxDWyrtz_tsRNPrsyItnfZwUlvnGt9NIyTQ0qqsKFtnpwC-v3k6OEAuBFo-7c1edZh4YiXVLmXGLCHhCGkSAN5c?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impression/y2dWBPd9VqW9deXcBNxCEDmkY-fiRKSxl1kd1cu5mZ3NMWiVH8hTuEF1p3C-h5Gd1DXiC6pj80FxaHX8jBlu3pKnfmzJGUU6yhG6lsINcgp712JrGqHCeX310_pYnqiXn1GaS4UDcjzX8smR1ZZMa7mZiBFAp7Oz5ajYSgp2-g3QM-CuzfjY-0wdl7FCsi5f6bRK4spmjrZgxzTMKME2fb8nszk431dDqrQfIV85oxVP6qHwCHV2PTprXfUybg-f8A2YnRmjGAAVyEZc4ZFD-v6JeptIYnsq_fyMCwOsG0shcHZ4SKq2SscoQWZIXc63LIvuuTDErQvsy9LncqLvTLt_uPgX8P0h-HwN1ip0AND4eKk5_eeyaJ3ULqvZCS4W5YiREIjKyxwglBSRbwLZuSSObxA_fooo8GGiPtgNL4WidcyOz54l3fb7UNovwiNoOhecZ9oOb6VZena8-PagqnvSX-96wKWCfmL44OsE3lZ_vAb0yIgpKWI6L0pMGZRFkXdxiELfCpxDWyrtz_tsRNPrsyItnfZwUlvnGt9NIyTQ0qqsKFtnpwC-v3k6OEAuBFo-7c1edZh4YiXVLmXGLCHhCGkSAN5c?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=cbfc69ef3adf484381e14bfbe92f7e2e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:25:03 GMT
content-type: image/gif
content-length: 43
x-trace-id: d4f23f353a05d509681ddf2f767b3ac0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

betotodilea.com/500/5307588?excludes=15938520&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5307588?excludes=15938520&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /500/5307588?excludes=15938520&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:25:04 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/2fed87d8d9131d075b72354b838c2d77.jpeg

172.67.22.216

200 OK

11 kB

URL HTTP/2
offerimage.com/www/images/2fed87d8d9131d075b72354b838c2d77.jpeg
IP
172.67.22.216:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 192x192, components 3\012- data
Size
11 kB (10853 bytes)
Hash
2fed87d8d9131d075b72354b838c2d77
69624c46c1556c35c67e85724451cce20ad405ec
8adac582983620ad0421a1be7648f58c731feaf3de0bf027ebefe412505b01ed

HTTP Headers

GET /www/images/2fed87d8d9131d075b72354b838c2d77.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:25:04 GMT
content-type: image/jpeg
content-length: 10853
cache-control: max-age=86400
cf-bgj: h2pri
etag: "62b2c84c-2a65"
expires: Fri, 02 Dec 2022 09:29:28 GMT
last-modified: Wed, 22 Jun 2022 07:44:12 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 21336
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 772cd5554c6bb51d-OSL
X-Firefox-Spdy: h2

anonymfile.com/sw.js

138.201.48.112

404 Not Found

0 B

URL HTTP/2
anonymfile.com/sw.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Thu, 01 Dec 2022 15:24:57 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2

betotodilea.com/400/5307588

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/400/5307588
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /400/5307588 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/javascript
x-trace-id: 2424227f17207e2f1e19346bf5d503df
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=0bec6f653f194d219dedb27e7568f53d; expires=Fri, 01 Dec 2023 15:24:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

anonymfile.com/OaeQQ/resources.zip

138.201.48.112

200 OK

0 B

URL HTTP/2
anonymfile.com/OaeQQ/resources.zip
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /OaeQQ/resources.zip HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; expires=Thu, 01-Dec-2022 17:24:57 GMT; Max-Age=7200; path=/; samesite=lax
anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D; expires=Thu, 01-Dec-2022 17:24:57 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
date: Thu, 01 Dec 2022 15:24:57 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2

anonymfile.com/pagespeed_static/1.JiBnMqyl6S.gif

138.201.48.112

200 OK

0 B

URL HTTP/2
anonymfile.com/pagespeed_static/1.JiBnMqyl6S.gif
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pagespeed_static/1.JiBnMqyl6S.gif HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/gif
date: Thu, 01 Dec 2022 15:24:57 GMT
last-modified: Thu, 01 Dec 2022 15:24:57 GMT
cache-control: max-age=31536000
etag: W/"0"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

unpkg.com/filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js

104.16.126.175

200 OK

0 B

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js
IP
104.16.126.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:24:57 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1a7f-mapzppsO4HAWL/eiqLcABeu0hWU"
via: 1.1 fly.io
fly-request-id: 01GJZ5C0MRVMZFWGTQD5XR207X-ams
cf-cache-status: HIT
age: 267679
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772cd52e5ad7b529-OSL
content-encoding: br
X-Firefox-Spdy: h2

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5307588?excludes=15938520&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /500/5307588?excludes=15938520&oaid=cbfc69ef3adf484381e14bfbe92f7e2e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=cbfc69ef3adf484381e14bfbe92f7e2e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:25:04 GMT
content-type: application/javascript
x-trace-id: f8be3b8355375288c670f71a83473d0e
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=cbfc69ef3adf484381e14bfbe92f7e2e; expires=Fri, 01 Dec 2023 15:25:04 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js

138.201.48.112

200 OK

0 B

URL HTTP/2
anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pagespeed_static/js_defer.I4cHjq6EEP.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
vary: Accept-Encoding
x-content-type-options: nosniff
date: Thu, 01 Dec 2022 15:24:57 GMT
last-modified: Thu, 01 Dec 2022 15:24:57 GMT
cache-control: max-age=31536000
etag: W/"0"
content-encoding: br
X-Firefox-Spdy: h2

unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js

104.16.126.175

302 Found

0 B

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js
IP
104.16.126.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Thu, 01 Dec 2022 15:24:57 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GK747SZE2MXQ4WA0RTBB6VQJ-fra
cf-cache-status: HIT
age: 430
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772cd52dca0ab529-OSL
X-Firefox-Spdy: h2

unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js

104.16.126.175

302 Found

0 B

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js
IP
104.16.126.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Thu, 01 Dec 2022 15:24:57 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GK74G596NN2GN1NZP6R1NGB3-fra
cf-cache-status: HIT
age: 156
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772cd52dca25b529-OSL
X-Firefox-Spdy: h2

anonymfile.com/sw.js

138.201.48.112

404 Not Found

0 B

URL HTTP/2
anonymfile.com/sw.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/OaeQQ/resources.zip
Cookie: XSRF-TOKEN=eyJpdiI6IkM0bmVoSTVldU56Rk9xaGNrNFFzUFE9PSIsInZhbHVlIjoiWTJ5VklDbSsxWTB0TlpIOE81RlF0ZzBOajRzS2ZvK1B5MElmdUcvK2pmcFJnTUhMSGRsTjU1aHBxV1VqNmJiM3p6K1pYZXJCWDlpU2g5a3huWW1FOFhVWlJVSWZKSjltUVVIbElUTzJ5ckR1ak51TmtFMVZVUzJCUFE0eDFZNHYiLCJtYWMiOiJlN2E1MmQyZjIwZmU3YzllYTdjM2JmOWE3OWNmZTA3ZGZhYTkzN2EyNTZhMTFlODE2ZWFjNDZhYmVkOWM3YWNmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ikh1MFBGZXJNT1RvQUtyYmpIV0FPVGc9PSIsInZhbHVlIjoiUHJRRTQ5ZnZOdk1iWDkxMmdkUmR5NkpIdkYrMjdUaDg0R3hwTGVaU1BMNnV3VFFQNWJnUWg5M1JSeUYwTTBXYTJaMFBJSUJjSWZUL21sMUcvSCtlb3ljY050N0pBcUFiY3BkY2owdnNSdjRpQWlBdUVCUVFmODRkZXFsZHhLM24iLCJtYWMiOiI0NzdiZDA1NWIyYjI2MjUxNzg5OTc0MDRjNTMxMWQxOWIzNzJhYmMyMmI4ZTgzYmU3OGZhZDRmNjFhNGFkYzJlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Thu, 01 Dec 2022 15:24:58 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2

ibrapush.com/pfe/current/tag.min.js?z=5307590

139.45.197.250

200 OK

0 B

URL HTTP/2
ibrapush.com/pfe/current/tag.min.js?z=5307590
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/tag.min.js?z=5307590 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 10:08:09 GMT
etag: W/"63887d09-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
link: <https://my.rtmark.net>; rel=dns-prefetch;, <https://my.rtmark.net>; rel=preconnect
content-encoding: gzip
X-Firefox-Spdy: h2

nanouwho.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=cbfc69ef3adf484381e14bfbe92f7e2e

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=cbfc69ef3adf484381e14bfbe92f7e2e
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FOaeQQ%2Fresources.zip&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=cbfc69ef3adf484381e14bfbe92f7e2e HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 109
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=b53a90d1e06c46f384528e38e6db4210; oaidts=1669908298
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:24:59 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: f045fb33889c222765d2633ded3bdea5
access-control-expose-headers: X-Sc
set-cookie: OAID=cbfc69ef3adf484381e14bfbe92f7e2e; expires=Fri, 01 Dec 2023 15:24:59 GMT; secure; SameSite=None
oaidts=1669908298; expires=Fri, 01 Dec 2023 15:24:59 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

172.67.194.45

200 OK

0 B

URL HTTP/2
tzegilo.com/stattag.js
IP
172.67.194.45:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:24:58 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4045
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tOrLpPY8DqtXAkmQodSi9yqRGOpm2eCCK7CwZR0X0ecqxACS4hRk1t0ugpV%2BMtldIIWzMNH3hPjctGjiwRc7Znem2sqtQI0MoRKDWMXUHd%2BemzXCD79r4bbP%2FJxy6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772cd5344b350afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (28)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations