anonymfile.com/2l5W/23092022-155003-tiktokcom.rar
138.201.48.112301 Moved Permanently 162 B URL HTTP/1.1 anonymfile.com/2l5W/23092022-155003-tiktokcom.rar
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /2l5W/23092022-155003-tiktokcom.rar HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 23 Sep 2022 23:11:33 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://anonymfile.com/2l5W/23092022-155003-tiktokcom.rar
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/
18.165.201.103200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.165.201.103:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 23:05:16 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 835f3c9e7c3bc0e7766edf13dac581de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: 7_DP824GF8505Ri8MvaOfn1L_5J6CZ6iJdFeokTx8I-2Mj6dX5r3rQ==
Age: 377
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4315
Expires: Sat, 24 Sep 2022 00:23:28 GMT
Date: Fri, 23 Sep 2022 23:11:33 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
108.156.28.102200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 108.156.28.102:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 04:13:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 890956aa1c00640d3d3a57403fa234d0.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: fky4CVNxWrHQRRqGlRyHQ8S2r4rdeNDzMK6LO-0mk7bFmEnvDmCXLg==
age: 68311
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:33 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
anonymfile.com/img/logo-anon-warning.webp
138.201.48.112200 OK 15 kB URL HTTP/2 anonymfile.com/img/logo-anon-warning.webp
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7b596f481388ac5ef6d74a15a351f6c3
6756e88c0b46cc981b7bbbdaf2ead77bd258a472
cd830cff1dfb9af2181dfe61645addbe21981954713fba54d5875a038e673972
GET /img/logo-anon-warning.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/2l5W/23092022-155003-tiktokcom.rar
Cookie: XSRF-TOKEN=eyJpdiI6InBmZmc2R2kxZm8ydkxIRm1rR2hUZlE9PSIsInZhbHVlIjoialdjd2JpMHc3TXJyRWl0UGp3TFAxMzZGZVJJUnRuOVpmdUw2ZDVnSFY3VEFpWmtjOFRjUDFLa1A5ajE5Uy85blZMMTJ2MUc0ekhMWm1DbnRJRm5ZUVZUb0pCL1NZUk1sT1RUcHNBczlDR09zM2diYWlqR040UlZpK1ZEdlk3WGIiLCJtYWMiOiI5OTc4YTE4ZWI2MGI4ZWRhMjAyZTNmYTgzNzU3Yjg1MjZlNDVlNzUyYTk3ZTY2MWRmMGNlOTc5NzM0N2FmNTlmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ik9nNG9Ta2hLWU1LQ3orbDdBSUN6eUE9PSIsInZhbHVlIjoiMDUxUmJlTlFJT1o3Y2JVYUdHME1NN1ZYaTBTQzlJb3JHRVFDa3RLcE9zUEdWMk1HbG9HUTNIMVJmSGk4cHE0dGNYK0RKaFdiYkZNSC9NRDJESHJMaFRYN1Nmc29pWUQ5bGRaRHY2Y3RHQ3NaZG5LS05qZXZ6SFV3UlFueUtSRFgiLCJtYWMiOiI1MDJkMDA5N2I4YzcwN2Y3M2FmNGExZmJmNzhkY2IwMzlmZGU2NmUzN2UyYWM5MWNhZWU0MmZhMmY5YThmNjAyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
content-length: 15344
etag: "617d3713-3bf0"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ranges: bytes
date: Fri, 23 Sep 2022 23:08:18 GMT
expires: Fri, 23 Sep 2022 23:13:18 GMT
X-Firefox-Spdy: h2
anonymfile.com/img/main/footer.webp
138.201.48.112200 OK 178 kB URL HTTP/2 anonymfile.com/img/main/footer.webp
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image\012- data
Size 178 kB (178070 bytes)
Hash 79ccb3a1b78412a1a530284f45ea7056
626d0494e1bd871e67ecffad44d04ac2343fb7e5
3d4e83b59664d7a779fa777d4ee0e17a1bc09302f9b9cde60815a3142256d8b8
GET /img/main/footer.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/2l5W/23092022-155003-tiktokcom.rar
Cookie: XSRF-TOKEN=eyJpdiI6InBmZmc2R2kxZm8ydkxIRm1rR2hUZlE9PSIsInZhbHVlIjoialdjd2JpMHc3TXJyRWl0UGp3TFAxMzZGZVJJUnRuOVpmdUw2ZDVnSFY3VEFpWmtjOFRjUDFLa1A5ajE5Uy85blZMMTJ2MUc0ekhMWm1DbnRJRm5ZUVZUb0pCL1NZUk1sT1RUcHNBczlDR09zM2diYWlqR040UlZpK1ZEdlk3WGIiLCJtYWMiOiI5OTc4YTE4ZWI2MGI4ZWRhMjAyZTNmYTgzNzU3Yjg1MjZlNDVlNzUyYTk3ZTY2MWRmMGNlOTc5NzM0N2FmNTlmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ik9nNG9Ta2hLWU1LQ3orbDdBSUN6eUE9PSIsInZhbHVlIjoiMDUxUmJlTlFJT1o3Y2JVYUdHME1NN1ZYaTBTQzlJb3JHRVFDa3RLcE9zUEdWMk1HbG9HUTNIMVJmSGk4cHE0dGNYK0RKaFdiYkZNSC9NRDJESHJMaFRYN1Nmc29pWUQ5bGRaRHY2Y3RHQ3NaZG5LS05qZXZ6SFV3UlFueUtSRFgiLCJtYWMiOiI1MDJkMDA5N2I4YzcwN2Y3M2FmNGExZmJmNzhkY2IwMzlmZGU2NmUzN2UyYWM5MWNhZWU0MmZhMmY5YThmNjAyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
content-length: 178070
etag: "62f35b9c-2b796"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ranges: bytes
date: Fri, 23 Sep 2022 23:08:50 GMT
expires: Fri, 23 Sep 2022 23:13:50 GMT
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.165.201.103200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.165.201.103:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Expires, Alert, Content-Length, ETag, Cache-Control, Content-Type, Backoff, Pragma, Last-Modified
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 23 Sep 2022 22:33:04 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 23 Sep 2022 22:37:13 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 04bb33465149b34afca4988622dca584.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: cXoE0qEtbyItJcQXLJPUlMDfGXlnZNejxVrFUf-PEXO29zfCYS_2mg==
Age: 2314
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css
104.17.24.14200 OK 14 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css
IP 104.17.24.14:0
File type ASCII text, with very long lines (65345)
Hash 642445b86596bdeaa98e92faa2064fc6
6c5539660bf533d34e37b917973c941d1c963374
4a5a39e9f325c5578dccd880c1d516eae190ee39f7539f4a6c6c52d2eee4cbdf
GET /ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 23:11:34 GMT
content-type: text/css; charset=utf-8
content-length: 14374
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61498362-3826"
last-modified: Tue, 21 Sep 2021 07:01:54 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 4854612
expires: Wed, 13 Sep 2023 23:11:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Ju54Xilz2hj1hR90PgK04ZLznNsTnP2d25rdu329Xe0OeB0CGF9UST7aM%2FEskwaRzoEgKxou03DD%2BXSs05dMi3rsBgCD1cRRv2gRCy%2F%2FJp9I0Z9mc3zwNK4WpcNputHj2n%2BGSPd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74f6f5cfdf54b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js
104.17.24.14200 OK 3.0 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js
IP 104.17.24.14:0
File type Unicode text, UTF-8 text, with very long lines (10584)
Hash e34a4db0b42ca907e0b7a56cd4b145ec
2dc36a7dcdfc42d122b23ef91483d27865c4285f
4b2a908e8d2c23d19da5e9ef4c6c77e7c6e8823b7aeb93233723f366ff6d217a
GET /ajax/libs/clipboard.js/2.0.8/clipboard.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 23:11:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 3000
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6049431e-29b4"
last-modified: Wed, 10 Mar 2021 22:07:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 363642
expires: Wed, 13 Sep 2023 23:11:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9zANJqpBlch2LTgAicq%2B8rQVQHTIkqjABE%2FyUyAg6hBmaFt6la1JPlimf9L5Xm96J0KqYr%2B3%2BzmpW3QzteMT720N%2BEmY0Z5wxRgNG0uOQh8ov4vbFfJ8lcZV%2BKfQ85PL%2FVt1VTXT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74f6f5cfdf56b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
104.17.24.14200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (65447)
Hash d900ca08873ee57d40616d39a44cc0aa
7ab3ac8b1504b7b914a6e94c979b8390bb492f6a
1eea479cc0abe04a0846f41031207f9511f12ffef017a6109d4efb6f5523465b
GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 23:11:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 5019915
expires: Wed, 13 Sep 2023 23:11:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9RPNS20c28eHHK2w1c%2BPEyJrddZI7bl3DYUjyffQsXRXuZSnDNT6EX8oKIlsVH%2Fw2GstnmfmZYL7B2U77bRd3KfBqII2I6MxH2bNTi%2F%2FPHpJZMLa0xlZnyPIquthFrt%2BXJRmNqaS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74f6f5cfef63b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js
104.17.24.14200 OK 30 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (65370)
Hash d18c98bb03dac8dd996130d56f3d8e8c
cc1777baef75c9438534927036a21f22e91e5578
89a5585efd3c48a3870d383705937d51bb2a3a776eb01805a2629dd7a28e3c2e
GET /ajax/libs/filepond/4.30.3/filepond.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 23:11:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 29707
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "615c7e96-740b"
last-modified: Tue, 05 Oct 2021 16:34:30 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 5018582
expires: Wed, 13 Sep 2023 23:11:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KekvA%2BRFLrL3X5q91mLXTfuSp6ARe9QRapy1S3MeNUVFc%2B392pTylIbzRWTALWCxYbRt1SvLm390tnJwMGNJLlIYn3GqHoqWMtziXi9nsrcCMROm9gIu71nIqnLfR%2B5eczfBg9t4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74f6f5cfef5eb506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js
104.17.24.14200 OK 6.0 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (18706)
Hash 3773d4bd82b03cdfd02c9fd691f80d78
c4d89a2de179c90944835571b45877048f3c1424
5d05303e3777fd4f588b7167d0a22cd5ca499c238f78ec0cecbb3a8786de332d
GET /ajax/libs/popper.js/2.10.2/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 23:11:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 6037
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6155af49-1795"
last-modified: Thu, 30 Sep 2021 12:36:25 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 7017503
expires: Wed, 13 Sep 2023 23:11:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cxoR8JdWMD5d87Df4MxyUpwbvEni6rWCM71bgtEu6mbhFwygmW9TAabGq0oh%2B86%2Fc026gHwOxK6A5GcuLOlVeAyDGKyV8etfMNIifjY98vDdSibZ9ITRYZF2fwLvFk1iI%2F5MMfhl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74f6f5cfff71b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js
104.17.24.14200 OK 15 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (58940)
Hash 28dbaeb9aa2638e0c4e6d9ffd3d14e9d
3208ed3741e60986bbed3fd759cdfd3b4fa7cf06
ababbb021f57966e125b8e296f9515f38d906b462697f7835e6914465dd0d362
GET /ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 23:11:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 14584
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6161dfe3-38f8"
last-modified: Sat, 09 Oct 2021 18:30:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 4417640
expires: Wed, 13 Sep 2023 23:11:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RJeGA6kv5s6ruQ5vH2OH1mo7%2FORGUbfCAyDrEEU4HYwdUDaHouvWWgq4XefB9OOVDtWWRVzIDbOoDBURG7%2FHdCPUoGGF7Lbm0mQoiT4qDna3I81kEtH9zdWNOwAdQvzIGNX5iUR0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74f6f5d00f74b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/filepond/4.29.1/filepond.min.css
104.17.24.14200 OK 2.9 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/filepond/4.29.1/filepond.min.css
IP 104.17.24.14:0
File type assembler source, ASCII text, with very long lines (17282)
Hash 78aabb09e30a9eb6f833cbb1b48bdb2e
e876ff16b6c511bc217973e51202aaaf23a4e936
8d76a29a92bc268043a7bd4d0b8f171fffd6c6c3c8e18aa314d6dac1aeb542ae
GET /ajax/libs/filepond/4.29.1/filepond.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 23:11:34 GMT
content-type: text/css; charset=utf-8
content-length: 2934
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "613afc53-b76"
last-modified: Fri, 10 Sep 2021 06:33:55 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1312910
expires: Wed, 13 Sep 2023 23:11:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F4YqV%2BXbu84HSDWlD%2FaxnIrUZwBBsaNev%2BfI56D4crVIg8rGncLnjf4%2BriisMZqaJHXmldy874Y3NNby44v2lHe8odK5d%2Fqyyis1dAQ%2FCwpOtf%2F2u60JWHYOuahD5t4UYScJRhXo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74f6f5d02f85b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js
104.17.24.14200 OK 30 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (65370)
Hash d18c98bb03dac8dd996130d56f3d8e8c
cc1777baef75c9438534927036a21f22e91e5578
89a5585efd3c48a3870d383705937d51bb2a3a776eb01805a2629dd7a28e3c2e
GET /ajax/libs/filepond/4.30.3/filepond.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 23:11:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 29707
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "615c7e96-740b"
last-modified: Tue, 05 Oct 2021 16:34:30 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 5018582
expires: Wed, 13 Sep 2023 23:11:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NwVc6ucSrM1PWOZbjW6OumXFRoCQWK%2FcsWq92%2BoqkHcV1RPdiFXd6Hujp6NaK0fSqOKSxywa3Ef5RthdY9UWocglboV0QRRZo%2FZYVtEIO04O0OtkqErMZOjENnCyyRG2LABBUGiZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74f6f5d0387eb52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash fb8236c488fd9e6fd167e83756c4820e
f6c39229ec3236b9eef88198b923785035d41f7c
10d01c21ad626a9f30d289431b07fda820257857fb943c7312e0dd6640b46cb5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4108
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 23:11:34 GMT
Last-Modified: Fri, 23 Sep 2022 22:03:06 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash fb8236c488fd9e6fd167e83756c4820e
f6c39229ec3236b9eef88198b923785035d41f7c
10d01c21ad626a9f30d289431b07fda820257857fb943c7312e0dd6640b46cb5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4812
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 23:11:34 GMT
Last-Modified: Fri, 23 Sep 2022 21:51:22 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 278
cdn.jsdelivr.net/npm/sweetalert2@11
151.101.85.229200 OK 19 kB URL HTTP/2 cdn.jsdelivr.net/npm/sweetalert2@11
IP 151.101.85.229:0
File type Unicode text, UTF-8 text, with very long lines (44435)
Hash dcba663c4abdb8ca0a7f4974af933322
e8d49335c7bdef21531b4ec6c95ae0ec9fe96e09
3dd1d4f839dd267f48585ebcfcb818a1320f6f52b1e8a4b8e752df3d8091631b
GET /npm/sweetalert2@11 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.4.33
x-jsd-version-type: version
etag: W/"1122c-J9H0DCRqMGO33uXpjie+s7dGIes"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 23 Sep 2022 23:11:34 GMT
age: 9440
x-served-by: cache-fra19183-FRA, cache-bma1640-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 19287
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 05c0b12f18db3c2997a1d1fa0b3a7be6
7ecbf440192b8dde888c8447df7b10673a828f40
513082c90198869eafebaef8bd61ebeaf971f037f0248d3fbc07f5b87cbd983d
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 23:11:34 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "2CC35C9FCE7B119F61C1D9AE31458D18DE45F49C"
Expires: Sat, 24 Sep 2022 10:00:00 GMT
Last-Modified: Fri, 23 Sep 2022 22:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1290
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f6f5d08bfcb511-OSL
anonymfile.com/sw.js
138.201.48.112404 Not Found 33 kB IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4320)
Hash 26a93b427d19683db834f9182577e4f0
440db1b6ad308ad068fa477b9ff537a0ea2d1fa4
f14e59076e65f05e18de0f6107fd69a5936eeb1b27281e804f5a860f0a8714ea
GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/2l5W/23092022-155003-tiktokcom.rar
Cookie: XSRF-TOKEN=eyJpdiI6InBmZmc2R2kxZm8ydkxIRm1rR2hUZlE9PSIsInZhbHVlIjoialdjd2JpMHc3TXJyRWl0UGp3TFAxMzZGZVJJUnRuOVpmdUw2ZDVnSFY3VEFpWmtjOFRjUDFLa1A5ajE5Uy85blZMMTJ2MUc0ekhMWm1DbnRJRm5ZUVZUb0pCL1NZUk1sT1RUcHNBczlDR09zM2diYWlqR040UlZpK1ZEdlk3WGIiLCJtYWMiOiI5OTc4YTE4ZWI2MGI4ZWRhMjAyZTNmYTgzNzU3Yjg1MjZlNDVlNzUyYTk3ZTY2MWRmMGNlOTc5NzM0N2FmNTlmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ik9nNG9Ta2hLWU1LQ3orbDdBSUN6eUE9PSIsInZhbHVlIjoiMDUxUmJlTlFJT1o3Y2JVYUdHME1NN1ZYaTBTQzlJb3JHRVFDa3RLcE9zUEdWMk1HbG9HUTNIMVJmSGk4cHE0dGNYK0RKaFdiYkZNSC9NRDJESHJMaFRYN1Nmc29pWUQ5bGRaRHY2Y3RHQ3NaZG5LS05qZXZ6SFV3UlFueUtSRFgiLCJtYWMiOiI1MDJkMDA5N2I4YzcwN2Y3M2FmNGExZmJmNzhkY2IwMzlmZGU2NmUzN2UyYWM5MWNhZWU0MmZhMmY5YThmNjAyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Fri, 23 Sep 2022 23:11:34 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f714931cf870bfa33815fd259b7246fd
38e411ef8ca1b31ead8415ee5f21d98bd9653a86
897675130112daff8bdf6fa25b56faa4b9fdb367daca2b2645ed65c83a2e423f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3823
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 23:11:34 GMT
Last-Modified: Fri, 23 Sep 2022 22:07:51 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
anonymfile.com/img/logo-anon-warning.png
138.201.48.112200 OK 41 kB URL HTTP/2 anonymfile.com/img/logo-anon-warning.png
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced\012- data
Hash d52ea6ebcd0b10dcf112a9d6c43ceee0
641e5277e2e079f0e88e2899879fda8882e58d28
77cb73f16f049b51c0a81c12ed878e11efe3b9a71c632a3bdb647d963059532e
GET /img/logo-anon-warning.png HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/2l5W/23092022-155003-tiktokcom.rar
Cookie: XSRF-TOKEN=eyJpdiI6InBmZmc2R2kxZm8ydkxIRm1rR2hUZlE9PSIsInZhbHVlIjoialdjd2JpMHc3TXJyRWl0UGp3TFAxMzZGZVJJUnRuOVpmdUw2ZDVnSFY3VEFpWmtjOFRjUDFLa1A5ajE5Uy85blZMMTJ2MUc0ekhMWm1DbnRJRm5ZUVZUb0pCL1NZUk1sT1RUcHNBczlDR09zM2diYWlqR040UlZpK1ZEdlk3WGIiLCJtYWMiOiI5OTc4YTE4ZWI2MGI4ZWRhMjAyZTNmYTgzNzU3Yjg1MjZlNDVlNzUyYTk3ZTY2MWRmMGNlOTc5NzM0N2FmNTlmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ik9nNG9Ta2hLWU1LQ3orbDdBSUN6eUE9PSIsInZhbHVlIjoiMDUxUmJlTlFJT1o3Y2JVYUdHME1NN1ZYaTBTQzlJb3JHRVFDa3RLcE9zUEdWMk1HbG9HUTNIMVJmSGk4cHE0dGNYK0RKaFdiYkZNSC9NRDJESHJMaFRYN1Nmc29pWUQ5bGRaRHY2Y3RHQ3NaZG5LS05qZXZ6SFV3UlFueUtSRFgiLCJtYWMiOiI1MDJkMDA5N2I4YzcwN2Y3M2FmNGExZmJmNzhkY2IwMzlmZGU2NmUzN2UyYWM5MWNhZWU0MmZhMmY5YThmNjAyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:34 GMT
content-type: image/png
content-length: 40729
last-modified: Fri, 29 Oct 2021 10:50:56 GMT
vary: Accept-Encoding
etag: "617bd210-9f19"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: s-maxage=10
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.89.20.60101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.20.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tYy3m8lhbfsHWV8tozimjA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: O7+iLraoY2wBFz8HIB3cYq0rasA=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 936c836fe49e0724b87ac82162f5047e
eb0156fd2ad894e68e02b341fc4aa57b21a42e85
3c7ddffb4f45fc048f9f0d1602cb60c3c5fadc4435c88f718fdc13902354abd6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C7DDFFB4F45FC048F9F0D1602CB60C3C5FADC4435C88F718FDC13902354ABD6"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19518
Expires: Sat, 24 Sep 2022 04:36:53 GMT
Date: Fri, 23 Sep 2022 23:11:35 GMT
Connection: keep-alive
anonymfile.com/ngx_pagespeed_beacon?url=http%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar
138.201.48.112204 No Content 0 B URL HTTP/2 anonymfile.com/ngx_pagespeed_beacon?url=http%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ngx_pagespeed_beacon?url=http%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/2l5W/23092022-155003-tiktokcom.rar
Cookie: XSRF-TOKEN=eyJpdiI6InBmZmc2R2kxZm8ydkxIRm1rR2hUZlE9PSIsInZhbHVlIjoialdjd2JpMHc3TXJyRWl0UGp3TFAxMzZGZVJJUnRuOVpmdUw2ZDVnSFY3VEFpWmtjOFRjUDFLa1A5ajE5Uy85blZMMTJ2MUc0ekhMWm1DbnRJRm5ZUVZUb0pCL1NZUk1sT1RUcHNBczlDR09zM2diYWlqR040UlZpK1ZEdlk3WGIiLCJtYWMiOiI5OTc4YTE4ZWI2MGI4ZWRhMjAyZTNmYTgzNzU3Yjg1MjZlNDVlNzUyYTk3ZTY2MWRmMGNlOTc5NzM0N2FmNTlmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ik9nNG9Ta2hLWU1LQ3orbDdBSUN6eUE9PSIsInZhbHVlIjoiMDUxUmJlTlFJT1o3Y2JVYUdHME1NN1ZYaTBTQzlJb3JHRVFDa3RLcE9zUEdWMk1HbG9HUTNIMVJmSGk4cHE0dGNYK0RKaFdiYkZNSC9NRDJESHJMaFRYN1Nmc29pWUQ5bGRaRHY2Y3RHQ3NaZG5LS05qZXZ6SFV3UlFueUtSRFgiLCJtYWMiOiI1MDJkMDA5N2I4YzcwN2Y3M2FmNGExZmJmNzhkY2IwMzlmZGU2NmUzN2UyYWM5MWNhZWU0MmZhMmY5YThmNjAyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
cache-control: max-age=0, no-cache
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 38030ee9599d0c4f1c356f466ccd31cd
a8c5ea8ca2695156b52922c224be78cd348211e0
85fc68415f6b4463ce26531e905d0bc49af4451db127ef340b1e9ddbbe06ab64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85FC68415F6B4463CE26531E905D0BC49AF4451DB127EF340B1E9DDBBE06AB64"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13021
Expires: Sat, 24 Sep 2022 02:48:36 GMT
Date: Fri, 23 Sep 2022 23:11:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c3823a2be66be2597ff7eb6d22e7cbc7
43062b6b902ca8d2d89ab925fd68ac9fbf04106d
e22534f24735ad10961b9794c54a615025ba88434b3208987f4ed19b7448de49
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E22534F24735AD10961B9794C54A615025BA88434B3208987F4ED19B7448DE49"
Last-Modified: Fri, 23 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5198
Expires: Sat, 24 Sep 2022 00:38:13 GMT
Date: Fri, 23 Sep 2022 23:11:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c289ec8e6c779928a84be9aed64a70f
025cc04969376aa9c10e5fe22828b71a909d9ac8
b83340a7ce11f26ec1ae615fa3255f25cafce097d4aa4c36990960e2fc8eb083
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B83340A7CE11F26EC1AE615FA3255F25CAFCE097D4AA4C36990960E2FC8EB083"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3734
Expires: Sat, 24 Sep 2022 00:13:49 GMT
Date: Fri, 23 Sep 2022 23:11:35 GMT
Connection: keep-alive
pseepsie.com/zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3=
139.45.197.250200 OK 664 B URL HTTP/2 pseepsie.com/zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (663)
Hash 924f83d583902548517c3327ff8e4493
7d5ea76f95d862b44558e6428f0a0d2bb20e2b0c
92e16e70459ff85e5803ded19d1f535cb6197a2b1eda7b254cb663b81908147c
GET /zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3= HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: ece0a18da3592072ab595d5b5e01ab3e
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
tovanillitechan.com/42/38?z=5307589
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/42/38?z=5307589
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /42/38?z=5307589 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=449386ff7abc4977a30a08a3cc0e6e21; oaidts=1663974695
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 97468cc61d2db84164122ab74af8929a
access-control-expose-headers: X-Sc
set-cookie: OAID=449386ff7abc4977a30a08a3cc0e6e21; expires=Sat, 23 Sep 2023 23:11:35 GMT; secure; SameSite=None
oaidts=1663974695; expires=Sat, 23 Sep 2023 23:11:35 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash af56ebb29d27fb6a049680fe85c8828b
235a3579a72192a6a1fc0366d6d8671e2630b9f5
68454f522f57ca84315459fbf178251544804533512e9bebb8a6e3f3bce12895
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 23:11:35 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Sep 2022 18:25:22 GMT
Expires: Thu, 29 Sep 2022 18:25:21 GMT
Etag: "235a3579a72192a6a1fc0366d6d8671e2630b9f5"
Cache-Control: max-age=500625,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f6f5d4dd700b69-OSL
my.rtmark.net/gid.js?userId=06af2f3f60ef4c14b40050353f0b51a6
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=06af2f3f60ef4c14b40050353f0b51a6
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 0e6a5f31aaf5c1931e7e1a1514545bee
02b46433075f8abb71d555452280ee401bb9ece4
c8e9a08b48d078752c386f4f69e37a8b130fb4b11087e3afc35d60f77285964a
GET /gid.js?userId=06af2f3f60ef4c14b40050353f0b51a6 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=06af2f3f60ef4c14b40050353f0b51a6; expires=Sat, 23 Sep 2023 23:11:35 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
anonymfile.com/sw.js
138.201.48.112404 Not Found 13 kB IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4320)
Hash e2e7dce83b764288f4f7e4e0797fdf6a
9a14a744ec60a4bd94d33cb7d03befddb2293c63
708a03d4be755df65c0a7ae1914fe050a82d03c1d81887315db6ae02b0b67a65
GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/2l5W/23092022-155003-tiktokcom.rar
Cookie: XSRF-TOKEN=eyJpdiI6InBmZmc2R2kxZm8ydkxIRm1rR2hUZlE9PSIsInZhbHVlIjoialdjd2JpMHc3TXJyRWl0UGp3TFAxMzZGZVJJUnRuOVpmdUw2ZDVnSFY3VEFpWmtjOFRjUDFLa1A5ajE5Uy85blZMMTJ2MUc0ekhMWm1DbnRJRm5ZUVZUb0pCL1NZUk1sT1RUcHNBczlDR09zM2diYWlqR040UlZpK1ZEdlk3WGIiLCJtYWMiOiI5OTc4YTE4ZWI2MGI4ZWRhMjAyZTNmYTgzNzU3Yjg1MjZlNDVlNzUyYTk3ZTY2MWRmMGNlOTc5NzM0N2FmNTlmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ik9nNG9Ta2hLWU1LQ3orbDdBSUN6eUE9PSIsInZhbHVlIjoiMDUxUmJlTlFJT1o3Y2JVYUdHME1NN1ZYaTBTQzlJb3JHRVFDa3RLcE9zUEdWMk1HbG9HUTNIMVJmSGk4cHE0dGNYK0RKaFdiYkZNSC9NRDJESHJMaFRYN1Nmc29pWUQ5bGRaRHY2Y3RHQ3NaZG5LS05qZXZ6SFV3UlFueUtSRFgiLCJtYWMiOiI1MDJkMDA5N2I4YzcwN2Y3M2FmNGExZmJmNzhkY2IwMzlmZGU2NmUzN2UyYWM5MWNhZWU0MmZhMmY5YThmNjAyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Fri, 23 Sep 2022 23:11:34 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.253200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.253:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://anonymfile.com
Content-Length: 1537
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 23 Sep 2022 23:11:35 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://anonymfile.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 825b2418e59f9f922455865d4142a84c
797e35706c702b37e3ddd1028aaac635248de9e7
adaf39b31abd0f2d4cd36805be0bad16f31ea4741b4d848c103c6384af711dc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADAF39B31ABD0F2D4CD36805BE0BAD16F31EA4741B4D848C103C6384AF711DC9"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7487
Expires: Sat, 24 Sep 2022 01:16:22 GMT
Date: Fri, 23 Sep 2022 23:11:35 GMT
Connection: keep-alive
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 399
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: dcd485d25c9a0af2a6e8593547cff30d
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 780
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: f6cf7545c7621d0c3ec187a2d5d7cbee
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
tovanillitechan.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=06af2f3f60ef4c14b40050353f0b51a6
139.45.197.239204 No Content 0 B URL HTTP/2 tovanillitechan.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=06af2f3f60ef4c14b40050353f0b51a6
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=06af2f3f60ef4c14b40050353f0b51a6 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
tovanillitechan.com/11?rnd=3527052519&z=5307589&b=14812988&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=KQBoTE1Qxbl630H1K0xmdmN3jwmV29IvtPKM7EgWYDPMb2Xeiy4Zj4qpWJhyQifZ6dUxmbtYPKVqw8W9GROsMe3J0nxOzH8PP1JuoJ-HXEWV0QhDtT-5zDL0HPliINF8fJ_hKwdxcX1CMRz--xRFnBs8qI306djhXiOlwB1_ujU5TlNne0vHqMy-2Znx_lFbM87aOCdqtFP1QdBi94bU86MievpCYE403yA7m0dFNncy1Jhu_7_u_Oq84QFGovAwoRTIlvMZJ6oz1XLztYnR4JYDJuEe5uYA0ZAeZJe547e-RkfuH0iLQmXNe089GpMhMnBSBFwaeSZYs3R0hw_UoPzyHE7Q8k0TDAkhQtad7hnmkMF0L24rWEL8QzZqsButvLKP7K-TRohPxTEBU2ZFmOnMzLhnGk7FBlsmeDsPfoys0A8iVdkF4dy3RCHXrfnm70mSzijxx4CKPxyf-1oZP6btbxiJm1wjyj7n5YuWTO1FiIe-2QgP9ev2vUW0U8kL2iLHqFooSSJ9NqauItOQZbmWueMj_GObitNKdCSvtttfNKA5G4rz7BCgFPBokKXBmxX3rzEmTeDHub_HA3J69TKAopVLp7mmMxwM9boLZpZb2E6X7HPbzkMRc5bYkTciKq48U6OyysJ4YDhv&ruid=ca2cf6eb-b3d1-410b-ad87-565111f056b2&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=78
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/11?rnd=3527052519&z=5307589&b=14812988&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=KQBoTE1Qxbl630H1K0xmdmN3jwmV29IvtPKM7EgWYDPMb2Xeiy4Zj4qpWJhyQifZ6dUxmbtYPKVqw8W9GROsMe3J0nxOzH8PP1JuoJ-HXEWV0QhDtT-5zDL0HPliINF8fJ_hKwdxcX1CMRz--xRFnBs8qI306djhXiOlwB1_ujU5TlNne0vHqMy-2Znx_lFbM87aOCdqtFP1QdBi94bU86MievpCYE403yA7m0dFNncy1Jhu_7_u_Oq84QFGovAwoRTIlvMZJ6oz1XLztYnR4JYDJuEe5uYA0ZAeZJe547e-RkfuH0iLQmXNe089GpMhMnBSBFwaeSZYs3R0hw_UoPzyHE7Q8k0TDAkhQtad7hnmkMF0L24rWEL8QzZqsButvLKP7K-TRohPxTEBU2ZFmOnMzLhnGk7FBlsmeDsPfoys0A8iVdkF4dy3RCHXrfnm70mSzijxx4CKPxyf-1oZP6btbxiJm1wjyj7n5YuWTO1FiIe-2QgP9ev2vUW0U8kL2iLHqFooSSJ9NqauItOQZbmWueMj_GObitNKdCSvtttfNKA5G4rz7BCgFPBokKXBmxX3rzEmTeDHub_HA3J69TKAopVLp7mmMxwM9boLZpZb2E6X7HPbzkMRc5bYkTciKq48U6OyysJ4YDhv&ruid=ca2cf6eb-b3d1-410b-ad87-565111f056b2&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=78
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=3527052519&z=5307589&b=14812988&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=KQBoTE1Qxbl630H1K0xmdmN3jwmV29IvtPKM7EgWYDPMb2Xeiy4Zj4qpWJhyQifZ6dUxmbtYPKVqw8W9GROsMe3J0nxOzH8PP1JuoJ-HXEWV0QhDtT-5zDL0HPliINF8fJ_hKwdxcX1CMRz--xRFnBs8qI306djhXiOlwB1_ujU5TlNne0vHqMy-2Znx_lFbM87aOCdqtFP1QdBi94bU86MievpCYE403yA7m0dFNncy1Jhu_7_u_Oq84QFGovAwoRTIlvMZJ6oz1XLztYnR4JYDJuEe5uYA0ZAeZJe547e-RkfuH0iLQmXNe089GpMhMnBSBFwaeSZYs3R0hw_UoPzyHE7Q8k0TDAkhQtad7hnmkMF0L24rWEL8QzZqsButvLKP7K-TRohPxTEBU2ZFmOnMzLhnGk7FBlsmeDsPfoys0A8iVdkF4dy3RCHXrfnm70mSzijxx4CKPxyf-1oZP6btbxiJm1wjyj7n5YuWTO1FiIe-2QgP9ev2vUW0U8kL2iLHqFooSSJ9NqauItOQZbmWueMj_GObitNKdCSvtttfNKA5G4rz7BCgFPBokKXBmxX3rzEmTeDHub_HA3J69TKAopVLp7mmMxwM9boLZpZb2E6X7HPbzkMRc5bYkTciKq48U6OyysJ4YDhv&ruid=ca2cf6eb-b3d1-410b-ad87-565111f056b2&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=78 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=06af2f3f60ef4c14b40050353f0b51a6; oaidts=1663974695
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 10b069b1f4e73b97bded3860760e2523
access-control-expose-headers: X-Sc
set-cookie: OAID=06af2f3f60ef4c14b40050353f0b51a6; expires=Sat, 23 Sep 2023 23:11:35 GMT; secure; SameSite=None
oaidts=1663974695; expires=Sat, 23 Sep 2023 23:11:35 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
anonymfile.com/sw.js
138.201.48.112404 Not Found 5.0 kB IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4320)
Hash 8113b8f2895f18233b91e01197c0d0b8
2a54a69dcfb5fbd235d1704514207dd3c507083d
57213ca9b312b58c60b2dd99cc10073bf3fefe58961b45d62097bc22e8e82dbc
GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/2l5W/23092022-155003-tiktokcom.rar
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InBmZmc2R2kxZm8ydkxIRm1rR2hUZlE9PSIsInZhbHVlIjoialdjd2JpMHc3TXJyRWl0UGp3TFAxMzZGZVJJUnRuOVpmdUw2ZDVnSFY3VEFpWmtjOFRjUDFLa1A5ajE5Uy85blZMMTJ2MUc0ekhMWm1DbnRJRm5ZUVZUb0pCL1NZUk1sT1RUcHNBczlDR09zM2diYWlqR040UlZpK1ZEdlk3WGIiLCJtYWMiOiI5OTc4YTE4ZWI2MGI4ZWRhMjAyZTNmYTgzNzU3Yjg1MjZlNDVlNzUyYTk3ZTY2MWRmMGNlOTc5NzM0N2FmNTlmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ik9nNG9Ta2hLWU1LQ3orbDdBSUN6eUE9PSIsInZhbHVlIjoiMDUxUmJlTlFJT1o3Y2JVYUdHME1NN1ZYaTBTQzlJb3JHRVFDa3RLcE9zUEdWMk1HbG9HUTNIMVJmSGk4cHE0dGNYK0RKaFdiYkZNSC9NRDJESHJMaFRYN1Nmc29pWUQ5bGRaRHY2Y3RHQ3NaZG5LS05qZXZ6SFV3UlFueUtSRFgiLCJtYWMiOiI1MDJkMDA5N2I4YzcwN2Y3M2FmNGExZmJmNzhkY2IwMzlmZGU2NmUzN2UyYWM5MWNhZWU0MmZhMmY5YThmNjAyIiwidGFnIjoiIn0%3D; prefetchAd_5307591=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Fri, 23 Sep 2022 23:11:35 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.67.194.45200 OK 12 kB IP 172.67.194.45:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (32771), with no line terminators
Hash 34d467c83a66aea63d6a7ebb18f11f33
99e41f861fb0af419a7c5668307842101920499c
48997ff5f87d1f8997611db3a856a083c644f6ccf25009a9f446d7d3c6211080
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4993
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bqGvb3eqefBxb56GrR%2FxWu9b5QZ8IOJZVymtakklMdE%2FTdpedMBcmPiN6oI1M%2FD4jERKFpNuFY2S5f6FkRNqFHMl8Z6E%2Bx7vIICNbDIcv14qoJ0tr0R4LVmBqnv8SQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f6f5d46c210b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
offerimage.com/www/images/a563edd673308b2cd8cc1ec9c0543417.png
104.22.33.172200 OK 76 kB URL HTTP/2 offerimage.com/www/images/a563edd673308b2cd8cc1ec9c0543417.png
IP 104.22.33.172:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash a563edd673308b2cd8cc1ec9c0543417
bff09cb9d8c3dadb244db8d24b6f58b8dfab6469
bbd22caad95af25c9ccf019fe7499c74743b7ef4eaceeffe0781c3f64f054b0c
GET /www/images/a563edd673308b2cd8cc1ec9c0543417.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: image/png
content-length: 76281
last-modified: Tue, 07 Jun 2022 21:58:32 GMT
etag: "629fca08-129f9"
expires: Sat, 24 Sep 2022 22:10:16 GMT
cache-control: max-age=86400
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 86400
timing-allow-origin: *
cf-cache-status: HIT
age: 3679
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f6f5d91da7991e-ARN
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/5b/f4/e6/f22046109fdc23a5aac1620be3/0829937400067.jpeg
139.45.197.153200 OK 25 kB URL HTTP/2 interstitial-07.com/contents/s/5b/f4/e6/f22046109fdc23a5aac1620be3/0829937400067.jpeg
IP 139.45.197.153:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Hash 5bf4e6f22046109fdc23a5aac1620be3
2b5d2dce336d86c63f6dfde19cd130166d29b221
11753e6268755b305837fe7e6f8c740862b68bc32ff79a2e86e18c6b5ebb60cc
GET /contents/s/5b/f4/e6/f22046109fdc23a5aac1620be3/0829937400067.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=BsffwaFC63kXM5A&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D2221273431%26z%3D5307589%26b%3D14812988%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DKQBoTE1Qxbl630H1K0xmdmN3jwmV29IvtPKM7EgWYDPMb2Xeiy4Zj4qpWJhyQifZ6dUxmbtYPKVqw8W9GROsMe3J0nxOzH8PP1JuoJ-HXEWV0QhDtT-5zDL0HPliINF8fJ_hKwdxcX1CMRz--xRFnBs8qI306djhXiOlwB1_ujU5TlNne0vHqMy-2Znx_lFbM87aOCdqtFP1QdBi94bU86MievpCYE403yA7m0dFNncy1Jhu_7_u_Oq84QFGovAwoRTIlvMZJ6oz1XLztYnR4JYDJuEe5uYA0ZAeZJe547e-RkfuH0iLQmXNe089GpMhMnBSBFwaeSZYs3R0hw_UoPzyHE7Q8k0TDAkhQtad7hnmkMF0L24rWEL8QzZqsButvLKP7K-TRohPxTEBU2ZFmOnMzLhnGk7FBlsmeDsPfoys0A8iVdkF4dy3RCHXrfnm70mSzijxx4CKPxyf-1oZP6btbxiJm1wjyj7n5YuWTO1FiIe-2QgP9ev2vUW0U8kL2iLHqFooSSJ9NqauItOQZbmWueMj_GObitNKdCSvtttfNKA5G4rz7BCgFPBokKXBmxX3rzEmTeDHub_HA3J69TKAopVLp7mmMxwM9boLZpZb2E6X7HPbzkMRc5bYkTciKq48U6OyysJ4YDhv%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3Dca2cf6eb-b3d1-410b-ad87-565111f056b2%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252F2l5W%252F23092022-155003-tiktokcom.rar%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: image/jpeg
content-length: 24846
last-modified: Wed, 01 Jun 2022 16:33:28 GMT
etag: "629794d8-610e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 986b5ec9070371f564599590660c967f
035d62ac46379e6b9a4a86975c8fc81052f9a2f8
357258fc3abbb14a97f6a79adcadcac3920f1f5c16dc66708522cce32f9d6266
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "357258FC3ABBB14A97F6A79ADCADCAC3920F1F5C16DC66708522CCE32F9D6266"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14010
Expires: Sat, 24 Sep 2022 03:05:05 GMT
Date: Fri, 23 Sep 2022 23:11:35 GMT
Connection: keep-alive
interstitial-07.com/contents/s/66/34/46/8ca9a7d12267b3b43e9d23c04f/0681892114441.jpeg
139.45.197.153200 OK 57 kB URL HTTP/2 interstitial-07.com/contents/s/66/34/46/8ca9a7d12267b3b43e9d23c04f/0681892114441.jpeg
IP 139.45.197.153:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Hash 6634468ca9a7d12267b3b43e9d23c04f
dd438f13b2aaa9ecb6ac4a8f994c40c8b77cb1e8
7cfee30b3d910ccb67ae55cb502459d27a75d4a0df2f6806a90ae8c6bcec7008
GET /contents/s/66/34/46/8ca9a7d12267b3b43e9d23c04f/0681892114441.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=BsffwaFC63kXM5A&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D2221273431%26z%3D5307589%26b%3D14812988%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DKQBoTE1Qxbl630H1K0xmdmN3jwmV29IvtPKM7EgWYDPMb2Xeiy4Zj4qpWJhyQifZ6dUxmbtYPKVqw8W9GROsMe3J0nxOzH8PP1JuoJ-HXEWV0QhDtT-5zDL0HPliINF8fJ_hKwdxcX1CMRz--xRFnBs8qI306djhXiOlwB1_ujU5TlNne0vHqMy-2Znx_lFbM87aOCdqtFP1QdBi94bU86MievpCYE403yA7m0dFNncy1Jhu_7_u_Oq84QFGovAwoRTIlvMZJ6oz1XLztYnR4JYDJuEe5uYA0ZAeZJe547e-RkfuH0iLQmXNe089GpMhMnBSBFwaeSZYs3R0hw_UoPzyHE7Q8k0TDAkhQtad7hnmkMF0L24rWEL8QzZqsButvLKP7K-TRohPxTEBU2ZFmOnMzLhnGk7FBlsmeDsPfoys0A8iVdkF4dy3RCHXrfnm70mSzijxx4CKPxyf-1oZP6btbxiJm1wjyj7n5YuWTO1FiIe-2QgP9ev2vUW0U8kL2iLHqFooSSJ9NqauItOQZbmWueMj_GObitNKdCSvtttfNKA5G4rz7BCgFPBokKXBmxX3rzEmTeDHub_HA3J69TKAopVLp7mmMxwM9boLZpZb2E6X7HPbzkMRc5bYkTciKq48U6OyysJ4YDhv%26bag%3DK9GC8xFjczykNNyRrWsoXw%3D%3D%26ruid%3Dca2cf6eb-b3d1-410b-ad87-565111f056b2%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252F2l5W%252F23092022-155003-tiktokcom.rar%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: image/jpeg
content-length: 56557
last-modified: Wed, 01 Jun 2022 14:55:35 GMT
etag: "62977de7-dced"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7353
Expires: Sat, 24 Sep 2022 01:14:09 GMT
Date: Fri, 23 Sep 2022 23:11:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7353
Expires: Sat, 24 Sep 2022 01:14:09 GMT
Date: Fri, 23 Sep 2022 23:11:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7353
Expires: Sat, 24 Sep 2022 01:14:09 GMT
Date: Fri, 23 Sep 2022 23:11:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7353
Expires: Sat, 24 Sep 2022 01:14:09 GMT
Date: Fri, 23 Sep 2022 23:11:36 GMT
Connection: keep-alive
unphionetor.com/vctx?t=72747
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=72747
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 23 Sep 2022 23:11:36 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: d46fc1468ab7030d5e7fe0843a0046c9
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd81dd9e4-90be-4864-999a-d4ef740cdc24.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd81dd9e4-90be-4864-999a-d4ef740cdc24.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 37139ae1fd49662f05b8e3a0925f31b4
d355033b77ce3f76f800f8c90ddd624f1fda9005
0d76bfa4c37391d08e5f354e7a927b9216f06b8d5e90d7a5cfb3e08df00dcf94
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd81dd9e4-90be-4864-999a-d4ef740cdc24.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8675
x-amzn-requestid: c2c6ccda-cf20-4d53-a4b4-7068fe823495
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7tTlGRzoAMFfpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e28e3-1f557a8563267dde615c0610;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:45:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: wSQLIWHxcGPx-dNgIo9v9BBNlm6CZZNY228d8gFo6eZ-vNGbCavniA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:47:32 GMT
age: 5044
etag: "d355033b77ce3f76f800f8c90ddd624f1fda9005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa150280eb113504d61a25935c0f0127
ed04f74fbb4c77b21e2babc51a82857f5e23d169
07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: N7TwxCLUL8qnvm3YuZ6CGyJquVerc266VvZ1g8j5RxGpQXoUJwhULg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:51:16 GMT
age: 4820
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261e052d-5e10-4c3b-815c-1ed62855e73c.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261e052d-5e10-4c3b-815c-1ed62855e73c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 51954c51a08c2b93c064cb33d062295a
6786581817793da801f0034d9eaee454c11a103b
c753863b9d3a6ac9a52db03ffee8862eb26ae92250d3bffa52e57fc138456eea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261e052d-5e10-4c3b-815c-1ed62855e73c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11865
x-amzn-requestid: ae62bd6d-590b-4644-8dea-dcf38adc07e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y13FEHSxoAMFs_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632bd220-1a9fdbc01506bbf15be0fa67;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 03:10:24 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Tw49_6ZXQUKAWP_sEMw_yPFXzN-UksLw7AYkkPqZZ9iGdkYW650INQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 03:48:30 GMT
age: 69786
etag: "6786581817793da801f0034d9eaee454c11a103b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f10a12719b387d176497669ba75f0acc
16e42ba7b20555bf5a8615e5f4bb561204aeeb5a
0cb2231817387d43a490565b61e24ea7a3cfcff3281f4ab4379a882cc5c3173f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14579
x-amzn-requestid: bce2c126-0883-4255-9246-d8055860f898
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCj6FYCoAMF9Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e18-66ba2e5d64b6a5b32b7ab36b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: igIWZ2IhMA_GIovp4HgIHtGeDt5xoX0iThoQFKjnNJUYP_uMdO7FHw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 22:11:52 GMT
age: 3584
etag: "16e42ba7b20555bf5a8615e5f4bb561204aeeb5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dozubatan.com/400/5307588
139.45.197.237200 OK 40 kB URL HTTP/2 dozubatan.com/400/5307588
IP 139.45.197.237:0
Hash 522f294be266fcc16196e6f52c748adc
e2d7aabca09fa74803580b7ad260504f67330a94
4ec4242c9de03a8e28a83cde8ebe98ebaf9f180723adbbb399527d7b49c301c7
GET /400/5307588 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: application/javascript
x-trace-id: 45d0d6b4d5d7a3c305560bac8202d279
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=94a456e2c2ce4f35aed30ea4cdac03e1; expires=Sat, 23 Sep 2023 23:11:35 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c80a02c-1515-49a8-8ea9-716d3094dcfa.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c80a02c-1515-49a8-8ea9-716d3094dcfa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 146cb832dec96067e5e003b2f7617941
b0697adfd0fab611ba6afae2218645977846c341
e3ebac2261c6243caf678babe5350ae70da1e24fd7a0bbfdb449fd2b933eb237
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c80a02c-1515-49a8-8ea9-716d3094dcfa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6510
x-amzn-requestid: 1d584980-5495-4925-b420-ef8b5a5e30e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7ruGGusoAMFe6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e265a-370b00862dfed1606ac36797;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:34:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1n3rcgCsC9jDDWDLNrwAQabcAXCoYwH5jh6j8cLJPwAF9SKe9yx5ng==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:57:27 GMT
etag: "b0697adfd0fab611ba6afae2218645977846c341"
content-type: image/jpeg
age: 4449
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 23 Sep 2022 23:11:36 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 47b2d698b86d1aa4b0f80a9418984b39
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
tovanillitechan.com/15?rnd=1435876891&z=5307589&var=&rb=KQBoTE1Qxbl630H1K0xmdmN3jwmV29IvtPKM7EgWYDPMb2Xeiy4Zj4qpWJhyQifZ6dUxmbtYPKVqw8W9GROsMe3J0nxOzH8PP1JuoJ-HXEWV0QhDtT-5zDL0HPliINF8fJ_hKwdxcX1CMRz--xRFnBs8qI306djhXiOlwB1_ujU5TlNne0vHqMy-2Znx_lFbM87aOCdqtFP1QdBi94bU86MievpCYE403yA7m0dFNncy1Jhu_7_u_Oq84QFGovAwoRTIlvMZJ6oz1XLztYnR4JYDJuEe5uYA0ZAeZJe547e-RkfuH0iLQmXNe089GpMhMnBSBFwaeSZYs3R0hw_UoPzyHE7Q8k0TDAkhQtad7hnmkMF0L24rWEL8QzZqsButvLKP7K-TRohPxTEBU2ZFmOnMzLhnGk7FBlsmeDsPfoys0A8iVdkF4dy3RCHXrfnm70mSzijxx4CKPxyf-1oZP6btbxiJm1wjyj7n5YuWTO1FiIe-2QgP9ev2vUW0U8kL2iLHqFooSSJ9NqauItOQZbmWueMj_GObitNKdCSvtttfNKA5G4rz7BCgFPBokKXBmxX3rzEmTeDHub_HA3J69TKAopVLp7mmMxwM9boLZpZb2E6X7HPbzkMRc5bYkTciKq48U6OyysJ4YDhv&ruid=ca2cf6eb-b3d1-410b-ad87-565111f056b2&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.091%2C%22location%22%3A%22https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
139.45.197.239204 No Content 0 B URL HTTP/2 tovanillitechan.com/15?rnd=1435876891&z=5307589&var=&rb=KQBoTE1Qxbl630H1K0xmdmN3jwmV29IvtPKM7EgWYDPMb2Xeiy4Zj4qpWJhyQifZ6dUxmbtYPKVqw8W9GROsMe3J0nxOzH8PP1JuoJ-HXEWV0QhDtT-5zDL0HPliINF8fJ_hKwdxcX1CMRz--xRFnBs8qI306djhXiOlwB1_ujU5TlNne0vHqMy-2Znx_lFbM87aOCdqtFP1QdBi94bU86MievpCYE403yA7m0dFNncy1Jhu_7_u_Oq84QFGovAwoRTIlvMZJ6oz1XLztYnR4JYDJuEe5uYA0ZAeZJe547e-RkfuH0iLQmXNe089GpMhMnBSBFwaeSZYs3R0hw_UoPzyHE7Q8k0TDAkhQtad7hnmkMF0L24rWEL8QzZqsButvLKP7K-TRohPxTEBU2ZFmOnMzLhnGk7FBlsmeDsPfoys0A8iVdkF4dy3RCHXrfnm70mSzijxx4CKPxyf-1oZP6btbxiJm1wjyj7n5YuWTO1FiIe-2QgP9ev2vUW0U8kL2iLHqFooSSJ9NqauItOQZbmWueMj_GObitNKdCSvtttfNKA5G4rz7BCgFPBokKXBmxX3rzEmTeDHub_HA3J69TKAopVLp7mmMxwM9boLZpZb2E6X7HPbzkMRc5bYkTciKq48U6OyysJ4YDhv&ruid=ca2cf6eb-b3d1-410b-ad87-565111f056b2&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.091%2C%22location%22%3A%22https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /15?rnd=1435876891&z=5307589&var=&rb=KQBoTE1Qxbl630H1K0xmdmN3jwmV29IvtPKM7EgWYDPMb2Xeiy4Zj4qpWJhyQifZ6dUxmbtYPKVqw8W9GROsMe3J0nxOzH8PP1JuoJ-HXEWV0QhDtT-5zDL0HPliINF8fJ_hKwdxcX1CMRz--xRFnBs8qI306djhXiOlwB1_ujU5TlNne0vHqMy-2Znx_lFbM87aOCdqtFP1QdBi94bU86MievpCYE403yA7m0dFNncy1Jhu_7_u_Oq84QFGovAwoRTIlvMZJ6oz1XLztYnR4JYDJuEe5uYA0ZAeZJe547e-RkfuH0iLQmXNe089GpMhMnBSBFwaeSZYs3R0hw_UoPzyHE7Q8k0TDAkhQtad7hnmkMF0L24rWEL8QzZqsButvLKP7K-TRohPxTEBU2ZFmOnMzLhnGk7FBlsmeDsPfoys0A8iVdkF4dy3RCHXrfnm70mSzijxx4CKPxyf-1oZP6btbxiJm1wjyj7n5YuWTO1FiIe-2QgP9ev2vUW0U8kL2iLHqFooSSJ9NqauItOQZbmWueMj_GObitNKdCSvtttfNKA5G4rz7BCgFPBokKXBmxX3rzEmTeDHub_HA3J69TKAopVLp7mmMxwM9boLZpZb2E6X7HPbzkMRc5bYkTciKq48U6OyysJ4YDhv&ruid=ca2cf6eb-b3d1-410b-ad87-565111f056b2&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.091%2C%22location%22%3A%22https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=06af2f3f60ef4c14b40050353f0b51a6; oaidts=1663974695
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 23 Sep 2022 23:11:36 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 49cb941d0a5ebf42398208b099b5b781
access-control-expose-headers: X-Sc
set-cookie: OAID=06af2f3f60ef4c14b40050353f0b51a6; expires=Sat, 23 Sep 2023 23:11:36 GMT; secure; SameSite=None
oaidts=1663974695; expires=Sat, 23 Sep 2023 23:11:36 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
tovanillitechan.com/15?rnd=1435876891&z=5307589&var=&rb=KQBoTE1Qxbl630H1K0xmdmN3jwmV29IvtPKM7EgWYDPMb2Xeiy4Zj4qpWJhyQifZ6dUxmbtYPKVqw8W9GROsMe3J0nxOzH8PP1JuoJ-HXEWV0QhDtT-5zDL0HPliINF8fJ_hKwdxcX1CMRz--xRFnBs8qI306djhXiOlwB1_ujU5TlNne0vHqMy-2Znx_lFbM87aOCdqtFP1QdBi94bU86MievpCYE403yA7m0dFNncy1Jhu_7_u_Oq84QFGovAwoRTIlvMZJ6oz1XLztYnR4JYDJuEe5uYA0ZAeZJe547e-RkfuH0iLQmXNe089GpMhMnBSBFwaeSZYs3R0hw_UoPzyHE7Q8k0TDAkhQtad7hnmkMF0L24rWEL8QzZqsButvLKP7K-TRohPxTEBU2ZFmOnMzLhnGk7FBlsmeDsPfoys0A8iVdkF4dy3RCHXrfnm70mSzijxx4CKPxyf-1oZP6btbxiJm1wjyj7n5YuWTO1FiIe-2QgP9ev2vUW0U8kL2iLHqFooSSJ9NqauItOQZbmWueMj_GObitNKdCSvtttfNKA5G4rz7BCgFPBokKXBmxX3rzEmTeDHub_HA3J69TKAopVLp7mmMxwM9boLZpZb2E6X7HPbzkMRc5bYkTciKq48U6OyysJ4YDhv&ruid=ca2cf6eb-b3d1-410b-ad87-565111f056b2&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.092%2C%22location%22%3A%22https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
139.45.197.239204 No Content 0 B URL HTTP/2 tovanillitechan.com/15?rnd=1435876891&z=5307589&var=&rb=KQBoTE1Qxbl630H1K0xmdmN3jwmV29IvtPKM7EgWYDPMb2Xeiy4Zj4qpWJhyQifZ6dUxmbtYPKVqw8W9GROsMe3J0nxOzH8PP1JuoJ-HXEWV0QhDtT-5zDL0HPliINF8fJ_hKwdxcX1CMRz--xRFnBs8qI306djhXiOlwB1_ujU5TlNne0vHqMy-2Znx_lFbM87aOCdqtFP1QdBi94bU86MievpCYE403yA7m0dFNncy1Jhu_7_u_Oq84QFGovAwoRTIlvMZJ6oz1XLztYnR4JYDJuEe5uYA0ZAeZJe547e-RkfuH0iLQmXNe089GpMhMnBSBFwaeSZYs3R0hw_UoPzyHE7Q8k0TDAkhQtad7hnmkMF0L24rWEL8QzZqsButvLKP7K-TRohPxTEBU2ZFmOnMzLhnGk7FBlsmeDsPfoys0A8iVdkF4dy3RCHXrfnm70mSzijxx4CKPxyf-1oZP6btbxiJm1wjyj7n5YuWTO1FiIe-2QgP9ev2vUW0U8kL2iLHqFooSSJ9NqauItOQZbmWueMj_GObitNKdCSvtttfNKA5G4rz7BCgFPBokKXBmxX3rzEmTeDHub_HA3J69TKAopVLp7mmMxwM9boLZpZb2E6X7HPbzkMRc5bYkTciKq48U6OyysJ4YDhv&ruid=ca2cf6eb-b3d1-410b-ad87-565111f056b2&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.092%2C%22location%22%3A%22https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /15?rnd=1435876891&z=5307589&var=&rb=KQBoTE1Qxbl630H1K0xmdmN3jwmV29IvtPKM7EgWYDPMb2Xeiy4Zj4qpWJhyQifZ6dUxmbtYPKVqw8W9GROsMe3J0nxOzH8PP1JuoJ-HXEWV0QhDtT-5zDL0HPliINF8fJ_hKwdxcX1CMRz--xRFnBs8qI306djhXiOlwB1_ujU5TlNne0vHqMy-2Znx_lFbM87aOCdqtFP1QdBi94bU86MievpCYE403yA7m0dFNncy1Jhu_7_u_Oq84QFGovAwoRTIlvMZJ6oz1XLztYnR4JYDJuEe5uYA0ZAeZJe547e-RkfuH0iLQmXNe089GpMhMnBSBFwaeSZYs3R0hw_UoPzyHE7Q8k0TDAkhQtad7hnmkMF0L24rWEL8QzZqsButvLKP7K-TRohPxTEBU2ZFmOnMzLhnGk7FBlsmeDsPfoys0A8iVdkF4dy3RCHXrfnm70mSzijxx4CKPxyf-1oZP6btbxiJm1wjyj7n5YuWTO1FiIe-2QgP9ev2vUW0U8kL2iLHqFooSSJ9NqauItOQZbmWueMj_GObitNKdCSvtttfNKA5G4rz7BCgFPBokKXBmxX3rzEmTeDHub_HA3J69TKAopVLp7mmMxwM9boLZpZb2E6X7HPbzkMRc5bYkTciKq48U6OyysJ4YDhv&ruid=ca2cf6eb-b3d1-410b-ad87-565111f056b2&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.092%2C%22location%22%3A%22https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=06af2f3f60ef4c14b40050353f0b51a6; oaidts=1663974695
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 23 Sep 2022 23:11:38 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 3017e9402f75983dd244f53743a69f0f
access-control-expose-headers: X-Sc
set-cookie: OAID=06af2f3f60ef4c14b40050353f0b51a6; expires=Sat, 23 Sep 2023 23:11:38 GMT; secure; SameSite=None
oaidts=1663974695; expires=Sat, 23 Sep 2023 23:11:38 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
dozubatan.com/impression/N6o75gKXdMQmKh7gHaxvlfz-vDDGQovNUq9Cl0Grl8OhfjFsaBu4RE23NV4rSMdCXPChLsLS6J9BVFL8NSLQvwKmt5Ei9Dx2S-9GShPZSKVi09VwjkbkMTiBb7odwvxGHQfPm9eyX7_7poEvc1ZUQH2Pb7gHI-MjbkniMbppxXyKNfDgNY9Yki6J2GWZjCnFE0OD5fl-nY_RnjAyQ_bernBm51yXg_yCh-Ecr3Ut0H8_cpL6BeLUqQp_eeqa9YPxdO_1zFKNGGmOF9z_T_0Xzf7-p5w83d9IW1N5IxG62qIBWsRyXiQAZDSr_52C0dI-2h7Lhsrf2cjmlRk4LhW879pub2_2cGvQixzIl68fkyIo1n1DdWY1G-wqnMqk5z2W9byj19-m6tx3WIXGsXv6p3d-wK-Hyt3uJ0M5rA85hVNHeIZYWjoCw6JJmrUA4wHKjDcSRCykL4DvQ4oN4QpSj1UI7lkRO9IxxG19kLc6AIoXGhDkh1km63Yi_IYSscF35Ow1dm8SGxVWP16Ro4xRTq_vOnua7cMhEYKzBqDM7gBwjNZPkw4TpTJowblNM5mT7_euyFJlWStj_F63lVi45NUrSO2nSkkkvnhKXLNh1etTad02O2PSPYM6VpApYyAg7RjAtZUyqx5MHIJDjNt9SxMRrA7R4Re9rikeu8jsaTqFAnf46wU1lrk6SqBCyikiqL2ZeYkgtdY=?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 dozubatan.com/impression/N6o75gKXdMQmKh7gHaxvlfz-vDDGQovNUq9Cl0Grl8OhfjFsaBu4RE23NV4rSMdCXPChLsLS6J9BVFL8NSLQvwKmt5Ei9Dx2S-9GShPZSKVi09VwjkbkMTiBb7odwvxGHQfPm9eyX7_7poEvc1ZUQH2Pb7gHI-MjbkniMbppxXyKNfDgNY9Yki6J2GWZjCnFE0OD5fl-nY_RnjAyQ_bernBm51yXg_yCh-Ecr3Ut0H8_cpL6BeLUqQp_eeqa9YPxdO_1zFKNGGmOF9z_T_0Xzf7-p5w83d9IW1N5IxG62qIBWsRyXiQAZDSr_52C0dI-2h7Lhsrf2cjmlRk4LhW879pub2_2cGvQixzIl68fkyIo1n1DdWY1G-wqnMqk5z2W9byj19-m6tx3WIXGsXv6p3d-wK-Hyt3uJ0M5rA85hVNHeIZYWjoCw6JJmrUA4wHKjDcSRCykL4DvQ4oN4QpSj1UI7lkRO9IxxG19kLc6AIoXGhDkh1km63Yi_IYSscF35Ow1dm8SGxVWP16Ro4xRTq_vOnua7cMhEYKzBqDM7gBwjNZPkw4TpTJowblNM5mT7_euyFJlWStj_F63lVi45NUrSO2nSkkkvnhKXLNh1etTad02O2PSPYM6VpApYyAg7RjAtZUyqx5MHIJDjNt9SxMRrA7R4Re9rikeu8jsaTqFAnf46wU1lrk6SqBCyikiqL2ZeYkgtdY=?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/N6o75gKXdMQmKh7gHaxvlfz-vDDGQovNUq9Cl0Grl8OhfjFsaBu4RE23NV4rSMdCXPChLsLS6J9BVFL8NSLQvwKmt5Ei9Dx2S-9GShPZSKVi09VwjkbkMTiBb7odwvxGHQfPm9eyX7_7poEvc1ZUQH2Pb7gHI-MjbkniMbppxXyKNfDgNY9Yki6J2GWZjCnFE0OD5fl-nY_RnjAyQ_bernBm51yXg_yCh-Ecr3Ut0H8_cpL6BeLUqQp_eeqa9YPxdO_1zFKNGGmOF9z_T_0Xzf7-p5w83d9IW1N5IxG62qIBWsRyXiQAZDSr_52C0dI-2h7Lhsrf2cjmlRk4LhW879pub2_2cGvQixzIl68fkyIo1n1DdWY1G-wqnMqk5z2W9byj19-m6tx3WIXGsXv6p3d-wK-Hyt3uJ0M5rA85hVNHeIZYWjoCw6JJmrUA4wHKjDcSRCykL4DvQ4oN4QpSj1UI7lkRO9IxxG19kLc6AIoXGhDkh1km63Yi_IYSscF35Ow1dm8SGxVWP16Ro4xRTq_vOnua7cMhEYKzBqDM7gBwjNZPkw4TpTJowblNM5mT7_euyFJlWStj_F63lVi45NUrSO2nSkkkvnhKXLNh1etTad02O2PSPYM6VpApYyAg7RjAtZUyqx5MHIJDjNt9SxMRrA7R4Re9rikeu8jsaTqFAnf46wU1lrk6SqBCyikiqL2ZeYkgtdY=?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=06af2f3f60ef4c14b40050353f0b51a6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:40 GMT
content-type: image/gif
content-length: 43
x-trace-id: 314a17c0c8c78cde59fcfd2a6949889d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
dozubatan.com/500/5307588?excludes=14745758&oaid=06af2f3f60ef4c14b40050353f0b51a6&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/5307588?excludes=14745758&oaid=06af2f3f60ef4c14b40050353f0b51a6&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/5307588?excludes=14745758&oaid=06af2f3f60ef4c14b40050353f0b51a6&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:40 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 407
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:42 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 34c7c34d752cee3eaa7fe62171cf5abe
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=50ec9a6b14a44ad78f2ce0742e171519&zoneId=5307590&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=50ec9a6b14a44ad78f2ce0742e171519&zoneId=5307590&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 0e6a5f31aaf5c1931e7e1a1514545bee
02b46433075f8abb71d555452280ee401bb9ece4
c8e9a08b48d078752c386f4f69e37a8b130fb4b11087e3afc35d60f77285964a
GET /gid.js?pub=0&userId=50ec9a6b14a44ad78f2ce0742e171519&zoneId=5307590&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Cookie: ID=06af2f3f60ef4c14b40050353f0b51a6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:42 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=06af2f3f60ef4c14b40050353f0b51a6; expires=Sat, 23 Sep 2023 23:11:42 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
tovanillitechan.com/27/b7bd02994a2771796f8a835cfb750d4b
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/27/b7bd02994a2771796f8a835cfb750d4b
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /27/b7bd02994a2771796f8a835cfb750d4b HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=449386ff7abc4977a30a08a3cc0e6e21; oaidts=1663974695
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 22 Sep 2022 08:42:06 GMT
expires: Thu, 22 Oct 2082 08:42:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/500/5307588?excludes=&oaid=06af2f3f60ef4c14b40050353f0b51a6&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/5307588?excludes=&oaid=06af2f3f60ef4c14b40050353f0b51a6&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
GET /500/5307588?excludes=&oaid=06af2f3f60ef4c14b40050353f0b51a6&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=94a456e2c2ce4f35aed30ea4cdac03e1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: application/javascript
x-trace-id: 47b9bbe4ee33fcc18e1aca5b965e7599
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=06af2f3f60ef4c14b40050353f0b51a6; expires=Sat, 23 Sep 2023 23:11:35 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
anonymfile.com/2l5W/23092022-155003-tiktokcom.rar
138.201.48.112200 OK 0 B URL HTTP/2 anonymfile.com/2l5W/23092022-155003-tiktokcom.rar
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
GET /2l5W/23092022-155003-tiktokcom.rar HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: XSRF-TOKEN=eyJpdiI6InBmZmc2R2kxZm8ydkxIRm1rR2hUZlE9PSIsInZhbHVlIjoialdjd2JpMHc3TXJyRWl0UGp3TFAxMzZGZVJJUnRuOVpmdUw2ZDVnSFY3VEFpWmtjOFRjUDFLa1A5ajE5Uy85blZMMTJ2MUc0ekhMWm1DbnRJRm5ZUVZUb0pCL1NZUk1sT1RUcHNBczlDR09zM2diYWlqR040UlZpK1ZEdlk3WGIiLCJtYWMiOiI5OTc4YTE4ZWI2MGI4ZWRhMjAyZTNmYTgzNzU3Yjg1MjZlNDVlNzUyYTk3ZTY2MWRmMGNlOTc5NzM0N2FmNTlmIiwidGFnIjoiIn0%3D; expires=Sat, 24-Sep-2022 01:11:33 GMT; Max-Age=7200; path=/; samesite=lax
anonymfile_session=eyJpdiI6Ik9nNG9Ta2hLWU1LQ3orbDdBSUN6eUE9PSIsInZhbHVlIjoiMDUxUmJlTlFJT1o3Y2JVYUdHME1NN1ZYaTBTQzlJb3JHRVFDa3RLcE9zUEdWMk1HbG9HUTNIMVJmSGk4cHE0dGNYK0RKaFdiYkZNSC9NRDJESHJMaFRYN1Nmc29pWUQ5bGRaRHY2Y3RHQ3NaZG5LS05qZXZ6SFV3UlFueUtSRFgiLCJtYWMiOiI1MDJkMDA5N2I4YzcwN2Y3M2FmNGExZmJmNzhkY2IwMzlmZGU2NmUzN2UyYWM5MWNhZWU0MmZhMmY5YThmNjAyIiwidGFnIjoiIn0%3D; expires=Sat, 24-Sep-2022 01:11:33 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
date: Fri, 23 Sep 2022 23:11:33 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2
anonymfile.com/css/theme.min.css
138.201.48.112200 OK 0 B URL HTTP/2 anonymfile.com/css/theme.min.css
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
GET /css/theme.min.css HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/2l5W/23092022-155003-tiktokcom.rar
Cookie: XSRF-TOKEN=eyJpdiI6InBmZmc2R2kxZm8ydkxIRm1rR2hUZlE9PSIsInZhbHVlIjoialdjd2JpMHc3TXJyRWl0UGp3TFAxMzZGZVJJUnRuOVpmdUw2ZDVnSFY3VEFpWmtjOFRjUDFLa1A5ajE5Uy85blZMMTJ2MUc0ekhMWm1DbnRJRm5ZUVZUb0pCL1NZUk1sT1RUcHNBczlDR09zM2diYWlqR040UlZpK1ZEdlk3WGIiLCJtYWMiOiI5OTc4YTE4ZWI2MGI4ZWRhMjAyZTNmYTgzNzU3Yjg1MjZlNDVlNzUyYTk3ZTY2MWRmMGNlOTc5NzM0N2FmNTlmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ik9nNG9Ta2hLWU1LQ3orbDdBSUN6eUE9PSIsInZhbHVlIjoiMDUxUmJlTlFJT1o3Y2JVYUdHME1NN1ZYaTBTQzlJb3JHRVFDa3RLcE9zUEdWMk1HbG9HUTNIMVJmSGk4cHE0dGNYK0RKaFdiYkZNSC9NRDJESHJMaFRYN1Nmc29pWUQ5bGRaRHY2Y3RHQ3NaZG5LS05qZXZ6SFV3UlFueUtSRFgiLCJtYWMiOiI1MDJkMDA5N2I4YzcwN2Y3M2FmNGExZmJmNzhkY2IwMzlmZGU2NmUzN2UyYWM5MWNhZWU0MmZhMmY5YThmNjAyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:34 GMT
content-type: text/css
last-modified: Fri, 22 Oct 2021 08:15:50 GMT
vary: Accept-Encoding
etag: W/"61727336-921fb"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
content-encoding: br
X-Firefox-Spdy: h2
anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js
138.201.48.112200 OK 0 B URL HTTP/2 anonymfile.com/pagespeed_static/js_defer.I4cHjq6EEP.js
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
GET /pagespeed_static/js_defer.I4cHjq6EEP.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/2l5W/23092022-155003-tiktokcom.rar
Cookie: XSRF-TOKEN=eyJpdiI6InBmZmc2R2kxZm8ydkxIRm1rR2hUZlE9PSIsInZhbHVlIjoialdjd2JpMHc3TXJyRWl0UGp3TFAxMzZGZVJJUnRuOVpmdUw2ZDVnSFY3VEFpWmtjOFRjUDFLa1A5ajE5Uy85blZMMTJ2MUc0ekhMWm1DbnRJRm5ZUVZUb0pCL1NZUk1sT1RUcHNBczlDR09zM2diYWlqR040UlZpK1ZEdlk3WGIiLCJtYWMiOiI5OTc4YTE4ZWI2MGI4ZWRhMjAyZTNmYTgzNzU3Yjg1MjZlNDVlNzUyYTk3ZTY2MWRmMGNlOTc5NzM0N2FmNTlmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ik9nNG9Ta2hLWU1LQ3orbDdBSUN6eUE9PSIsInZhbHVlIjoiMDUxUmJlTlFJT1o3Y2JVYUdHME1NN1ZYaTBTQzlJb3JHRVFDa3RLcE9zUEdWMk1HbG9HUTNIMVJmSGk4cHE0dGNYK0RKaFdiYkZNSC9NRDJESHJMaFRYN1Nmc29pWUQ5bGRaRHY2Y3RHQ3NaZG5LS05qZXZ6SFV3UlFueUtSRFgiLCJtYWMiOiI1MDJkMDA5N2I4YzcwN2Y3M2FmNGExZmJmNzhkY2IwMzlmZGU2NmUzN2UyYWM5MWNhZWU0MmZhMmY5YThmNjAyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript
vary: Accept-Encoding
x-content-type-options: nosniff
date: Fri, 23 Sep 2022 23:11:34 GMT
last-modified: Fri, 23 Sep 2022 23:11:34 GMT
cache-control: max-age=31536000
etag: W/"0"
content-encoding: br
X-Firefox-Spdy: h2
unpkg.com/filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js
104.16.124.175200 OK 0 B URL HTTP/2 unpkg.com/filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js
IP 104.16.124.175:0
GET /filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 23:11:34 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1d07-1hxUHKzrTl3rNdhkJwK4kJGou0I"
via: 1.1 fly.io
fly-request-id: 01G2PJZCDRWWWP671QTKZ7W61J-fra
cf-cache-status: HIT
age: 11801646
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74f6f5d0de99b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
unpkg.com/filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js
104.16.124.175200 OK 0 B URL HTTP/2 unpkg.com/filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js
IP 104.16.124.175:0
GET /filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 23:11:34 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1a7f-Ufoq68yhVBjz3riH5wAGJXD40pU"
via: 1.1 fly.io
fly-request-id: 01G7558XE30T0T2M6RDRBFG7JV-fra
cf-cache-status: HIT
age: 7017938
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74f6f5d13edeb4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
pseepsie.com/pfe/current/universal.min.js?v=3.1.395
139.45.197.250200 OK 0 B URL HTTP/2 pseepsie.com/pfe/current/universal.min.js?v=3.1.395
IP 139.45.197.250:0
GET /pfe/current/universal.min.js?v=3.1.395 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 07:25:49 GMT
etag: W/"63296afd-1fafa"
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
anonymfile.com/js/site.js
138.201.48.112200 OK 0 B URL HTTP/2 anonymfile.com/js/site.js
IP 138.201.48.112:0
ASN #24940 Hetzner Online GmbH
GET /js/site.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/2l5W/23092022-155003-tiktokcom.rar
Cookie: XSRF-TOKEN=eyJpdiI6InBmZmc2R2kxZm8ydkxIRm1rR2hUZlE9PSIsInZhbHVlIjoialdjd2JpMHc3TXJyRWl0UGp3TFAxMzZGZVJJUnRuOVpmdUw2ZDVnSFY3VEFpWmtjOFRjUDFLa1A5ajE5Uy85blZMMTJ2MUc0ekhMWm1DbnRJRm5ZUVZUb0pCL1NZUk1sT1RUcHNBczlDR09zM2diYWlqR040UlZpK1ZEdlk3WGIiLCJtYWMiOiI5OTc4YTE4ZWI2MGI4ZWRhMjAyZTNmYTgzNzU3Yjg1MjZlNDVlNzUyYTk3ZTY2MWRmMGNlOTc5NzM0N2FmNTlmIiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6Ik9nNG9Ta2hLWU1LQ3orbDdBSUN6eUE9PSIsInZhbHVlIjoiMDUxUmJlTlFJT1o3Y2JVYUdHME1NN1ZYaTBTQzlJb3JHRVFDa3RLcE9zUEdWMk1HbG9HUTNIMVJmSGk4cHE0dGNYK0RKaFdiYkZNSC9NRDJESHJMaFRYN1Nmc29pWUQ5bGRaRHY2Y3RHQ3NaZG5LS05qZXZ6SFV3UlFueUtSRFgiLCJtYWMiOiI1MDJkMDA5N2I4YzcwN2Y3M2FmNGExZmJmNzhkY2IwMzlmZGU2NmUzN2UyYWM5MWNhZWU0MmZhMmY5YThmNjAyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:34 GMT
content-type: application/javascript
last-modified: Wed, 20 Oct 2021 12:30:18 GMT
vary: Accept-Encoding
etag: W/"61700bda-2487"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
content-encoding: br
X-Firefox-Spdy: h2
unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js
104.16.124.175302 Found 0 B URL HTTP/2 unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js
IP 104.16.124.175:0
GET /filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 23 Sep 2022 23:11:34 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-size@2.2.7/dist/filepond-plugin-file-validate-size.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GDP9XQKNMXTJQNQRM67QYG0C-fra
cf-cache-status: EXPIRED
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74f6f5d07e3db4ee-OSL
X-Firefox-Spdy: h2
dozubatan.com/500/5307588?excludes=14745758&oaid=06af2f3f60ef4c14b40050353f0b51a6&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/5307588?excludes=14745758&oaid=06af2f3f60ef4c14b40050353f0b51a6&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
GET /500/5307588?excludes=14745758&oaid=06af2f3f60ef4c14b40050353f0b51a6&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2F2l5W%2F23092022-155003-tiktokcom.rar&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=06af2f3f60ef4c14b40050353f0b51a6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:40 GMT
content-type: application/javascript
x-trace-id: 5cb1e9dcfec967a371f75d84cd0805c6
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=06af2f3f60ef4c14b40050353f0b51a6; expires=Sat, 23 Sep 2023 23:11:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
inklinkor.com/tag.min.js
172.67.211.29200 OK 0 B IP 172.67.211.29:0
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 23:11:34 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 8f2b1962ed9d900f2192a48ab79be9ef
cache-control: max-age=86400
last-modified: Fri, 23 Sep 2022 16:04:12 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Sat, 24 Sep 2022 21:44:37 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 5217
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FAiGqJh6%2B8R03Iu7BXMwZ9ojU95yKILGskg1Nj2XHuVnKUdF8qtp8pri0kT8tp6b4fCB1xsYqkr5B1mVD3C9TXcALscN0PbJsBY%2BGObwgYEKORlZ%2FMYvXFJnIxwF4%2Fc%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f6f5d2fe1d0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tovanillitechan.com/1?z=5307589
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/1?z=5307589
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5307589 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 23:11:35 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 4014f7563dfc6aeb6917959db48b498e
access-control-expose-headers: X-Sc
x-sc: jU92gLS2fKnzVgKTWiDseZ0w7g8MXAswg3Fg8LOBBHpaM9VYLFFymcPxn8ltqfhR8XST5E4PLs-HWCbeHIJXO8oIExQ=
set-cookie: scm=1; expires=Sat, 23 Sep 2023 23:11:35 GMT; secure; SameSite=None
OAID=449386ff7abc4977a30a08a3cc0e6e21; expires=Sat, 23 Sep 2023 23:11:35 GMT; secure; SameSite=None
oaidts=1663974695; expires=Sat, 23 Sep 2023 23:11:35 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2