Report - cdn-102.anonfiles.com/EeIeNfP2y4/40d24f53-1674351262/AimMethod.exe

Report Overview

URL

cdn-102.anonfiles.com/EeIeNfP2y4/40d24f53-1674351262/AimMethod.exe
IP

195.96.151.51

ASN

#41634 Svea Hosting AB
Submitted

2023-01-24T21:54:57Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

2

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
thecoveos.com (5)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2368	782	52.20.131.174
baconaces.pro (1)	835148	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	465	376	54.162.51.18
r3.o.lencr.org (10)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3380	8864	23.36.76.226
vjs.zencdn.net (2)	4968	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	750	142777	151.101.66.217
djv99sxoqpv11.cloudfront.net (3)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1678	70739	54.230.245.208
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	34.216.49.139
cdn-102.anonfiles.com (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	892	670	195.96.151.51
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5856	34.160.144.191
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	391	34.117.237.239
yooumoughtc.xyz (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	424	676	65.9.44.102
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3246	62125	34.120.237.76
ocsp.pki.goog (6)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2100	4235	142.250.74.131
reoreexpresi.xyz (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1075	1134	172.67.203.148
ocsp.digicert.com (1)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341	737	93.184.220.29
accounts.google.com (4)	81	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2294	7058	142.250.74.109
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2373	35.241.9.150
anonfiles.com (22)	117161	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9020	152056	45.154.253.152
ardsoffhdgat.xyz (3)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2299	4222	54.192.99.7

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-24	medium	djv99sxoqpv11.cloudfront.net/COVA4MXNaP1ZXTE05XAxECmcLA0ofOkteHUltdX00aBVKfzRyF1xIPR8kQlVOCXZUUB1ebR5UHVptCRcSXTIFBVVNIFdaTkklXlIcQTlUVx0fJVkMHlYqUV0fWHUKd0YXYB0DQxEnUV8XVidLFEEJPkwUQQlhCB9DHGN6FEEJJ1FfRQ11C3NWC2BAB0ccY3-oUQQkiThRAeGEIBF0JeR0DQ141W1ocHGJ+A0MIYAgAQwh1CgEVUCJdVxxBdQp3QgllFgFVTG0LCUoKZw0BSgxnDglKCmI	Malware
2023-01-24	medium	djv99sxoqpv11.cloudfront.net/iU0NjRVcwLA0jaCcqB3hgYHRQdmd1KRAqOSN+MCM0GhsALGEKF0UxLTd+U2M7Mi0EeHE2LQB4ZnUiBydqZ2UWJGo+LBksOz8iRncRZm1TYGVjaxQsOTcsFDZyYXMNMXJhc1J1eWNmUAdyYXMULDlld0Z2FXZxUz1hZ2ZQB3JhcxEzcmACUnVifXNKYGVjJA-YmPDxmUQNlY3JTdWZjckZ3ZzUqESAxPDtGdxFic1ZrZ3U2XnZvanBUcGdqdlRzb2pwUQ	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (73)

URL IP Response Size

cdn-102.anonfiles.com/EeIeNfP2y4/40d24f53-1674351262/AimMethod.exe

195.96.151.51

301 Moved Permanently

162

URL HTTP/1.1

cdn-102.anonfiles.com/EeIeNfP2y4/40d24f53-1674351262/AimMethod.exe
IP

195.96.151.51:0
ASN

#41634 Svea Hosting AB

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

162
Hash

4f8e702cc244ec5d4de32740c0ecbd97

3adb1f02d5b6054de0046e367c1d687b6cdf7aff

9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

                                        GET /EeIeNfP2y4/40d24f53-1674351262/AimMethod.exe HTTP/1.1
Host: cdn-102.anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 24 Jan 2023 21:54:46 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://cdn-102.anonfiles.com/EeIeNfP2y4/40d24f53-1674351262/AimMethod.exe

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

f416977a8d6dfaafb2dbfd0e68b871f8

dfa97bd829b03162de91c80133f2fde69b58a8d2

2c4d0fd1b7a6d398026a4817267adce203429acdd3defa44a879f0d945f392d5

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C4D0FD1B7A6D398026A4817267ADCE203429ACDD3DEFA44A879F0D945F392D5"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11651
Expires: Wed, 25 Jan 2023 01:08:57 GMT
Date: Tue, 24 Jan 2023 21:54:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

04512fea22644dc0d22c3f3a665f6645

0e213646abfc6d9560ba562362fd9e9115be8354

124d9534f75506b8e8c7535ee7295ac4e6cf5a8249a0edac6940839e56043181

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "124D9534F75506B8E8C7535EE7295AC4E6CF5A8249A0EDAC6940839E56043181"
Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2366
Expires: Tue, 24 Jan 2023 22:34:12 GMT
Date: Tue, 24 Jan 2023 21:54:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

6cd4f1da1215c7473500807c185f2449

b14db0c67cf1f5faf85648ed8f94baf2dd03808b

9750518efd869da5ff74ba65a196445bd4340c909157cc1a420f62c1d07224a0

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9750518EFD869DA5FF74BA65A196445BD4340C909157CC1A420F62C1D07224A0"
Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5210
Expires: Tue, 24 Jan 2023 23:21:36 GMT
Date: Tue, 24 Jan 2023 21:54:46 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

dcd75ca6daca51c5e39d431468511793

07f76d3bf23d65c9110d810fa71a994e39e085d3

73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 24 Jan 2023 21:42:45 GMT
content-type: application/json
age: 721
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

7b922915ebf1fa3639b333f994c74f24

144a3f80b98fd0652d4614f24cf6cbbee40f8938

adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: X9wPvhkxRwBpBNJhaaFsi64HRC0y1tSA+rrBcPJWNRT+X89HkMMzuEBrhAkbYlQzOzp1BmKpdjyoErjAipSCLg==
x-amz-request-id: QGZ2QAB4V1WMPWS9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 24 Jan 2023 21:19:25 GMT
age: 2121
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

cdn-102.anonfiles.com/EeIeNfP2y4/40d24f53-1674351262/AimMethod.exe

195.96.151.51

301 Moved Permanently

URL HTTP/1.1

cdn-102.anonfiles.com/EeIeNfP2y4/40d24f53-1674351262/AimMethod.exe
IP

195.96.151.51:0
ASN

#41634 Svea Hosting AB

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /EeIeNfP2y4/40d24f53-1674351262/AimMethod.exe HTTP/1.1
Host: cdn-102.anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 24 Jan 2023 21:54:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: https://anonfiles.com/EeIeNfP2y4
X-Cache-Host: filecache-03
X-Cache-Disk: nvme-01
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

5e504a0f0d4f4fa085b2c6b0bd43e26e

cdcf8a1fb2758ba5b4378bd3c207fdc1927e65c4

89984023fde739a8aa8fcc21e885debb1c85d9ca4aef6db1312567ab506d627a

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89984023FDE739A8AA8FCC21E885DEBB1C85D9CA4AEF6DB1312567AB506D627A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2956
Expires: Tue, 24 Jan 2023 22:44:02 GMT
Date: Tue, 24 Jan 2023 21:54:46 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Tue, 24 Jan 2023 21:54:46 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

anonfiles.com/EeIeNfP2y4

45.154.253.152

200 OK

3195

URL HTTP/1.1

anonfiles.com/EeIeNfP2y4
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (402)

Size

3195
Hash

e478eb42dc8aee732ace0d7a7a9dc362

7236fd2f483f5a04135a67ebd309fb584a9a01de

a4d815157081611cb5bd9b8ba19d2e2e279a3d54ff274ac8a883457b849ee7b6

HTTP Headers

                                        GET /EeIeNfP2y4 HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdc: Yes
cache-control: public, max-age=60
x-oe: N
Content-Encoding: gzip

anonfiles.com/css/anonfiles.css?1668606177

45.154.253.152

200 OK

25261

URL HTTP/1.1

anonfiles.com/css/anonfiles.css?1668606177
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

ASCII text, with very long lines (65452)

Size

25261
Hash

bf84dfe5f6e6044aa4c1095a7a9a850e

e411fe5ea4f2b5ce7382dfe3079589f4817ad165

2af9a43ff27bbcad03007d87fa7d09bed286aa594a3a3d2e16f409319e782f60

HTTP Headers

                                        GET /css/anonfiles.css?1668606177 HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:46 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3024
Content-Encoding: gzip

anonfiles.com/sw_anonfiles.js

45.154.253.152

200 OK

15666

URL HTTP/1.1

anonfiles.com/sw_anonfiles.js
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

ASCII text, with very long lines (25712)

Size

15666
Hash

5e03f95322bfd924a10943354a145be8

149a1d27b2169791e547a074c3d40b279319d35b

27217ff2c97023ff148125e47bcc97af3fbc6307336f8b67689da13ffb14acaf

HTTP Headers

                                        GET /sw_anonfiles.js HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:46 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 298
Content-Encoding: gzip

anonfiles.com/js/app.js?1668606177

45.154.253.152

200 OK

57886

URL HTTP/1.1

anonfiles.com/js/app.js?1668606177
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

ASCII text, with very long lines (63238)

Size

57886
Hash

ba67ff13fd07739a7037fbc27b2a1955

3e253f69b2f12659c541de122c6bce0ed82ba369

1cb363c41be4b3558b7b97b28bb7620cf532033c8a7a0035020831c104aaf818

HTTP Headers

                                        GET /js/app.js?1668606177 HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:46 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2351
Content-Encoding: gzip

vjs.zencdn.net/7.3.0/video-js.min.css

151.101.66.217

200 OK

9673

URL HTTP/2

vjs.zencdn.net/7.3.0/video-js.min.css
IP

151.101.66.217:0
ASN

#54113 FASTLY

Magic

ASCII text, with very long lines (35998), with no line terminators

Size

9673
Hash

3397ce943db8add2728dccd9a3b8b8bc

a57bbb7546a458fe57d72d06baab950125260cc9

5779043d07e39f23d64752c34c3113055eaaadf57fcd02f366cb028485e626ba

HTTP Headers

                                        GET /7.3.0/video-js.min.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "895e6b29db41953ef6197815c6be59d3"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Tue, 24 Jan 2023 21:54:46 GMT
x-served-by: cache-bma1676-BMA
x-cache: HIT
x-cache-hits: 249
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 9673
X-Firefox-Spdy: h2

anonfiles.com/img/flags/24/fr.png

45.154.253.152

200 OK

536

URL HTTP/1.1

anonfiles.com/img/flags/24/fr.png
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

536
Hash

e81efecf1a1b1d3a17d00a904c5cc3c9

1203894dbfc8363302dc709d852c05a4dd8bf9dc

54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750

HTTP Headers

                                        GET /img/flags/24/fr.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:46 GMT
Content-Type: image/png
Content-Length: 536
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3102
accept-ranges: bytes

anonfiles.com/img/flags/24/kr.png

45.154.253.152

200 OK

988

URL HTTP/1.1

anonfiles.com/img/flags/24/kr.png
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

988
Hash

cb22f00511d088a71e84f8c1c864caed

6599812ed106bda6017487287e12bc836570649f

09a03e08c73db3d8fb50241f004b69d673ec8ea90a6ca7252d66ce821d0b6db1

HTTP Headers

                                        GET /img/flags/24/kr.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:46 GMT
Content-Type: image/png
Content-Length: 988
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3232
accept-ranges: bytes

anonfiles.com/img/flags/24/dk.png

45.154.253.152

200 OK

537

URL HTTP/1.1

anonfiles.com/img/flags/24/dk.png
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

537
Hash

b6ebe55a7d176720cd2b1003298187a8

930858408b9af1f79c430bbe15c185db555a7815

07575cf7a8d7d2b8edfbea80f8e8a228ecc56a03a567bc60c0ef4dc6ac0f328a

HTTP Headers

                                        GET /img/flags/24/dk.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:46 GMT
Content-Type: image/png
Content-Length: 537
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 4050
accept-ranges: bytes

anonfiles.com/img/flags/24/fi.png

45.154.253.152

200 OK

456

URL HTTP/1.1

anonfiles.com/img/flags/24/fi.png
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

456
Hash

0ea9115d18d5210d4f1db520881faa3a

09829c2b7b5e4bae28d62b1dff90220f28c3bdf5

544fee9d1bff8bc83865ab87538924de207ebe4848787496c7308b91b539b6da

HTTP Headers

                                        GET /img/flags/24/fi.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:46 GMT
Content-Type: image/png
Content-Length: 456
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3858
accept-ranges: bytes

vjs.zencdn.net/7.3.0/video.min.js

151.101.66.217

200 OK

132230

URL HTTP/2

vjs.zencdn.net/7.3.0/video.min.js
IP

151.101.66.217:0
ASN

#54113 FASTLY

Magic

Unicode text, UTF-8 text, with very long lines (65141)

Size

132230
Hash

e296d874aca2a1550b409394be51efaa

c184c030e9aab3d03de27bc588919e249d5ccdf7

401c15b7916797f936e9d8443945ef22e0f93305655c057a92c8d9b80c327c9f

HTTP Headers

                                        GET /7.3.0/video.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "057f19acd50fc7e3ad917dd600889ee5"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Tue, 24 Jan 2023 21:54:46 GMT
x-served-by: cache-bma1676-BMA
x-cache: HIT
x-cache-hits: 5
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 132230
X-Firefox-Spdy: h2

anonfiles.com/img/flags/24/se.png

45.154.253.152

200 OK

581

URL HTTP/1.1

anonfiles.com/img/flags/24/se.png
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

581
Hash

c9b1e40987c4411b4a7d13c07a8843aa

cfce93be3ba77e4e30033d25e2e5c6a37da1b27d

8c04b3b52d605637bb4c6a26449c45e5320a3f33f14e8c737ce599433bc19f14

HTTP Headers

                                        GET /img/flags/24/se.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:47 GMT
Content-Type: image/png
Content-Length: 581
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3307
accept-ranges: bytes

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 24 Jan 2023 21:17:31 GMT
age: 2236
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

anonfiles.com/img/flags/24/in.png

45.154.253.152

200 OK

593

URL HTTP/1.1

anonfiles.com/img/flags/24/in.png
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

593
Hash

ccaf96cfc341dc9a17e24b96bef223ff

8791d6db6628e0fb21b847ab94484f0c615e38ac

728e008d94e2e3bae2679d50a051562f1ccce1fd604196c7880a3d96f3070354

HTTP Headers

                                        GET /img/flags/24/in.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:47 GMT
Content-Type: image/png
Content-Length: 593
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3218
accept-ranges: bytes

anonfiles.com/img/flags/24/pl.png

45.154.253.152

200 OK

347

URL HTTP/1.1

anonfiles.com/img/flags/24/pl.png
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

347
Hash

baf3aff7caef0be58f29b41f20a0e4db

11c840dfa1f1bd22a04aa1fa53fcac95f381b9a6

0a3a8803b7a137166a04369522ec2b31513dcd4c07e2120107c55d9a7f7b646f

HTTP Headers

                                        GET /img/flags/24/pl.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:47 GMT
Content-Type: image/png
Content-Length: 347
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3584
accept-ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

c398b6b39d11d25b8ae9bc5cd94a1c98

640aa8c399ced71d0c2a9f5a90fbaf091b01d642

a6f07f7c6a4746acc25457c726701df33120628dfb578bc4982448d8efee5855

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6F07F7C6A4746ACC25457C726701DF33120628DFB578BC4982448D8EFEE5855"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17297
Expires: Wed, 25 Jan 2023 02:43:04 GMT
Date: Tue, 24 Jan 2023 21:54:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

0d4b77e335fcc1586957ace528b31e06

045005aae70549c8e77a29a644c370140d1175be

89b55c8e1ad6a2dcc9e450e59ec1bb6b815af0c6c8d12354f644ba69b31eda0f

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89B55C8E1AD6A2DCC9E450E59EC1BB6B815AF0C6C8D12354F644BA69B31EDA0F"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13263
Expires: Wed, 25 Jan 2023 01:35:50 GMT
Date: Tue, 24 Jan 2023 21:54:47 GMT
Connection: keep-alive

anonfiles.com/img/flags/24/jp.png

45.154.253.152

200 OK

599

URL HTTP/1.1

anonfiles.com/img/flags/24/jp.png
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

599
Hash

857f6f0e0886a3729b758b7241e42e61

a7be973a93c6ad51cf07a9f21a5dd72cc3e15680

8e7b1cd46120293756d1f21bac4de809d2895c7c26dc7586e3e2a09a0f7c1d64

HTTP Headers

                                        GET /img/flags/24/jp.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:47 GMT
Content-Type: image/png
Content-Length: 599
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3471
accept-ranges: bytes

djv99sxoqpv11.cloudfront.net/?xsvjd=737329

54.230.245.208

200 OK

68726

URL HTTP/2

djv99sxoqpv11.cloudfront.net/?xsvjd=737329
IP

54.230.245.208:0
ASN

#16509 AMAZON-02

Magic

Unicode text, UTF-8 text, with very long lines (15948)

Size

68726
Hash

dfc3c2762338cd6b40b3a541402a1dd0

137712917ccf26e148ec58819f474f30041eb1ea

f1798c257fa8b4360c7e823c955781469054d4b95b7debf426277c6ad2f092f8

HTTP Headers

                                        GET /?xsvjd=737329 HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-length: 68726
date: Tue, 24 Jan 2023 21:54:47 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YRNzLhItAPGBJ6cnfn_qcpaFjA_CGh4IIc-6WGGR0oheyD4jONdGsw==
X-Firefox-Spdy: h2

anonfiles.com/img/flags/24/us.png

45.154.253.152

200 OK

656

URL HTTP/1.1

anonfiles.com/img/flags/24/us.png
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

656
Hash

ae506a6c014bfeb8d8cbfdfbe94c14c9

f4e74440c4e79e71959b9b8f799f2e8a7e15b7ee

bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1

HTTP Headers

                                        GET /img/flags/24/us.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:47 GMT
Content-Type: image/png
Content-Length: 656
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 4161
accept-ranges: bytes

anonfiles.com/img/flags/24/de.png

45.154.253.152

200 OK

483

URL HTTP/1.1

anonfiles.com/img/flags/24/de.png
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

483
Hash

9f8cc07c258bcd2de0c7900861e20ffc

fed97219e44693d4f3918fc4037b325732225d81

07cd5a4cad20604f77dced9c7d8a92ca9ae3321718e5a1935296e4d75f921a19

HTTP Headers

                                        GET /img/flags/24/de.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:47 GMT
Content-Type: image/png
Content-Length: 483
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3301
accept-ranges: bytes

push.services.mozilla.com/

34.216.49.139

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

34.216.49.139:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CpACIWUrYbGzthzwRE+Wug==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TMdOvc2xBdhJaqF0WcksFgBxvWE=

ocsp.pki.goog/s/gts1p5/skLwC7qegUg

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/s/gts1p5/skLwC7qegUg
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

6e2f78f6ea01351b2bbb15bd7fd2fbc8

4a080fbf06069a5573223274f6312b266d4c502c

dc5c5d45b310af689fdadd3511ff831c73fe9b05c4cf9f3884e21b88dcd81b17

HTTP Headers

                                        POST /s/gts1p5/skLwC7qegUg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:54:47 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/skLwC7qegUg

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/s/gts1p5/skLwC7qegUg
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

6e2f78f6ea01351b2bbb15bd7fd2fbc8

4a080fbf06069a5573223274f6312b266d4c502c

dc5c5d45b310af689fdadd3511ff831c73fe9b05c4cf9f3884e21b88dcd81b17

HTTP Headers

                                        POST /s/gts1p5/skLwC7qegUg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:54:47 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ardsoffhdgat.xyz/N0V1UTVWJxY8ClZ4F3dARSlIdAdxYEcXUV0zTGhGTyoEIUMGdFsyWVgwETdHWCsBf1tSMVBjc3QKIxABeh07MGUGHy0FcAdwLRBNcgYYMnl2dRo3elwxEBlgWzERCQUHJDcHflE/JyhzBj08AWcPLiQ9Y3gGLQtgYgdENFdlcCAZY0cxNgNWZB0hGHN1EyMffHEhFAVeXCktPXxUFCE9YGE9RTd/YS44GVluNCAHBVESPQR+U3UsCWx1dTEATXIrIAcNbxMcNXlxADAbZVwyIABkWy02EwxzDTIfA3EAMBt/BgMTA2QGdDZie2AGRxN0dXUWMmwEaBoEZGYuHAVdZQQQFnB+BzNhf1IXRRVkBnFEBgRYJj0WfxJ3NxAFegwsEFJ2FAI5BHQiMAdgdA8RB01PBxEARQQUEj1ZcSIzB2FwdTkSYFgOLyYFdRYSKVtzIhkadloMUztGWCsFbHh7AiQUR3kCPhZRTgs

54.192.99.7

200 OK

1208

URL HTTP/2

ardsoffhdgat.xyz/N0V1UTVWJxY8ClZ4F3dARSlIdAdxYEcXUV0zTGhGTyoEIUMGdFsyWVgwETdHWCsBf1tSMVBjc3QKIxABeh07MGUGHy0FcAdwLRBNcgYYMnl2dRo3elwxEBlgWzERCQUHJDcHflE/JyhzBj08AWcPLiQ9Y3gGLQtgYgdENFdlcCAZY0cxNgNWZB0hGHN1EyMffHEhFAVeXCktPXxUFCE9YGE9RTd/YS44GVluNCAHBVESPQR+U3UsCWx1dTEATXIrIAcNbxMcNXlxADAbZVwyIABkWy02EwxzDTIfA3EAMBt/BgMTA2QGdDZie2AGRxN0dXUWMmwEaBoEZGYuHAVdZQQQFnB+BzNhf1IXRRVkBnFEBgRYJj0WfxJ3NxAFegwsEFJ2FAI5BHQiMAdgdA8RB01PBxEARQQUEj1ZcSIzB2FwdTkSYFgOLyYFdRYSKVtzIhkadloMUztGWCsFbHh7AiQUR3kCPhZRTgs
IP

54.192.99.7:0
ASN

#16509 AMAZON-02

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3062), with no line terminators

Size

1208
Hash

bdb23ab650e9381e8be6cba132d7601c

3a40e293cbd4d2523b03b4a9cbb7e9c86a6c3900

0590576e5f60f5410b1696d870fbf1f310d2c619f964dcfd8ed529e84b5fbd89

HTTP Headers

                                        GET /N0V1UTVWJxY8ClZ4F3dARSlIdAdxYEcXUV0zTGhGTyoEIUMGdFsyWVgwETdHWCsBf1tSMVBjc3QKIxABeh07MGUGHy0FcAdwLRBNcgYYMnl2dRo3elwxEBlgWzERCQUHJDcHflE/JyhzBj08AWcPLiQ9Y3gGLQtgYgdENFdlcCAZY0cxNgNWZB0hGHN1EyMffHEhFAVeXCktPXxUFCE9YGE9RTd/YS44GVluNCAHBVESPQR+U3UsCWx1dTEATXIrIAcNbxMcNXlxADAbZVwyIABkWy02EwxzDTIfA3EAMBt/BgMTA2QGdDZie2AGRxN0dXUWMmwEaBoEZGYuHAVdZQQQFnB+BzNhf1IXRRVkBnFEBgRYJj0WfxJ3NxAFegwsEFJ2FAI5BHQiMAdgdA8RB01PBxEARQQUEj1ZcSIzB2FwdTkSYFgOLyYFdRYSKVtzIhkadloMUztGWCsFbHh7AiQUR3kCPhZRTgs HTTP/1.1
Host: ardsoffhdgat.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: text/html
content-length: 1208
date: Tue, 24 Jan 2023 21:54:47 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9c3701a40f5e4766165113d719972734.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: DxydNDbxyrkf5R2lGIXFd39mpuSD4FW5kM6pMajlL_5URXdJWyLfSQ==
X-Firefox-Spdy: h2

ardsoffhdgat.xyz/cGY0cW0RBFccUhFbVlcYAgoJVF82QwY3CRoQDUgeCAlFARtBVxoSAR8TUBcfHwhAXwMVEhFDKxkzBD8HIjBXBiExVl4QLhMXdkIFFz98IzwUC1BAJiInRT4+PkMGMyAzKwQ2BQMneDYoOyAEJBU8MlBUXzIzBjxaPQ8ENAg4IwY9PDJSbh84GSRNFRwqVGEmJzcJEUMvPCRfAiIKXl0jAxM0bhxcJD9zJwcRHmUCIiQFRzcpKh9tKSA+K2w7BRNXfkAIJyhZJCwUH20pICUqcB0BFFZuQysoPEwkF0EObkM3ISQHOwUTHnELDh0ndyQDJg9SKSM7P3MnBzonGSgAICJMHDghKFgoXjoyUCY3GgVfK14qHGEAKCMnTCEpBCFQCSsZBQUrHypVYUM1HjxCEAMyM1c2CQECWCMXElREBjghQF4CAh4WCSILEy9sEgRGP2A

54.192.99.7

200 OK

1185

URL HTTP/2

ardsoffhdgat.xyz/cGY0cW0RBFccUhFbVlcYAgoJVF82QwY3CRoQDUgeCAlFARtBVxoSAR8TUBcfHwhAXwMVEhFDKxkzBD8HIjBXBiExVl4QLhMXdkIFFz98IzwUC1BAJiInRT4+PkMGMyAzKwQ2BQMneDYoOyAEJBU8MlBUXzIzBjxaPQ8ENAg4IwY9PDJSbh84GSRNFRwqVGEmJzcJEUMvPCRfAiIKXl0jAxM0bhxcJD9zJwcRHmUCIiQFRzcpKh9tKSA+K2w7BRNXfkAIJyhZJCwUH20pICUqcB0BFFZuQysoPEwkF0EObkM3ISQHOwUTHnELDh0ndyQDJg9SKSM7P3MnBzonGSgAICJMHDghKFgoXjoyUCY3GgVfK14qHGEAKCMnTCEpBCFQCSsZBQUrHypVYUM1HjxCEAMyM1c2CQECWCMXElREBjghQF4CAh4WCSILEy9sEgRGP2A
IP

54.192.99.7:0
ASN

#16509 AMAZON-02

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3034), with no line terminators

Size

1185
Hash

bdaf23b8f9307d79f439074bd74cbad1

cf89691fb83e2dcc8e77816eba9d239a4213c5ab

6415089384d3630c6395f46a25061c5fcc561cfef2107985bb25289cc293aecf

HTTP Headers

                                        GET /cGY0cW0RBFccUhFbVlcYAgoJVF82QwY3CRoQDUgeCAlFARtBVxoSAR8TUBcfHwhAXwMVEhFDKxkzBD8HIjBXBiExVl4QLhMXdkIFFz98IzwUC1BAJiInRT4+PkMGMyAzKwQ2BQMneDYoOyAEJBU8MlBUXzIzBjxaPQ8ENAg4IwY9PDJSbh84GSRNFRwqVGEmJzcJEUMvPCRfAiIKXl0jAxM0bhxcJD9zJwcRHmUCIiQFRzcpKh9tKSA+K2w7BRNXfkAIJyhZJCwUH20pICUqcB0BFFZuQysoPEwkF0EObkM3ISQHOwUTHnELDh0ndyQDJg9SKSM7P3MnBzonGSgAICJMHDghKFgoXjoyUCY3GgVfK14qHGEAKCMnTCEpBCFQCSsZBQUrHypVYUM1HjxCEAMyM1c2CQECWCMXElREBjghQF4CAh4WCSILEy9sEgRGP2A HTTP/1.1
Host: ardsoffhdgat.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: text/html
content-length: 1185
date: Tue, 24 Jan 2023 21:54:47 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9c3701a40f5e4766165113d719972734.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: jk9Qgi03gjXM-7oiaTL4OmmEmBjBjr7wvg0jCy1GRRaAWYKZ60lkiA==
X-Firefox-Spdy: h2

anonfiles.com/static/logo.png

45.154.253.152

200 OK

18441

URL HTTP/1.1

anonfiles.com/static/logo.png
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 450 x 150, 8-bit/color RGBA, non-interlaced\012- data

Size

18441
Hash

f9fd716d30e220aa24bab0e94ebf0aa0

4af32d78655436173f272bb65159a232f1671b8d

5e937c4d8fd33714e43b400f238cf37630e6eaeefa105cca9d77760223a16e94

HTTP Headers

                                        GET /static/logo.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:47 GMT
Content-Type: image/png
Content-Length: 18441
Connection: keep-alive
last-modified: Fri, 16 Sep 2022 19:34:48 GMT
etag: "6324cfd8-4809"

reoreexpresi.xyz/ZVI4V3JKbVskTwEVbiYjCGt7DyRcKG88NDQFYBElND5qMRYjPR4jGwFvD2RFVmEIcQIMNgVmSkMhTDYGECEFZlQMPF44T0MkBWZcVXwKeUBDJwVkSlxhD2JCXGcPYUpcYQpxBhUzX2pDQyJMIx5YYw5gRlBrD2VKUGoNYg

172.67.203.148

204 No Content

URL HTTP/2

reoreexpresi.xyz/ZVI4V3JKbVskTwEVbiYjCGt7DyRcKG88NDQFYBElND5qMRYjPR4jGwFvD2RFVmEIcQIMNgVmSkMhTDYGECEFZlQMPF44T0MkBWZcVXwKeUBDJwVkSlxhD2JCXGcPYUpcYQpxBhUzX2pDQyJMIx5YYw5gRlBrD2VKUGoNYg
IP

172.67.203.148:0
ASN

#13335 CLOUDFLARENET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /ZVI4V3JKbVskTwEVbiYjCGt7DyRcKG88NDQFYBElND5qMRYjPR4jGwFvD2RFVmEIcQIMNgVmSkMhTDYGECEFZlQMPF44T0MkBWZcVXwKeUBDJwVkSlxhD2JCXGcPYUpcYQpxBhUzX2pDQyJMIx5YYw5gRlBrD2VKUGoNYg HTTP/1.1
Host: reoreexpresi.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 204 No Content
date: Tue, 24 Jan 2023 21:54:47 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I64AUY1P8EhTuDsRJjzyPMz7a6PrkxULsqsnwcTQ5wsDZO26N51n7E5pxgEd7XBPBpjl%2BHXmPKEvR1FO3xT1EwyUzzieyKTyi2hSGPnExCLSPWn6q6x%2F2wQtfbni7k8A4Xj0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ec02782ba50afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

reoreexpresi.xyz/NDNsNzYbDA9EC2NrBE9jBgIeZmNuXTtwdHthAXFvVlhZf29YREpDX1AOWwQBBwFVEUZdV1EGEEdHDUNDRw5dEV9aVQMKEEIOXRkFAB1fBhgGFRkKBQwKXwADBApZAAAMCl8FEEBDDVALBRUcQ0JYDl0BAQAGVQAEDAZUAwQ

172.67.203.148

204 No Content

URL HTTP/2

reoreexpresi.xyz/NDNsNzYbDA9EC2NrBE9jBgIeZmNuXTtwdHthAXFvVlhZf29YREpDX1AOWwQBBwFVEUZdV1EGEEdHDUNDRw5dEV9aVQMKEEIOXRkFAB1fBhgGFRkKBQwKXwADBApZAAAMCl8FEEBDDVALBRUcQ0JYDl0BAQAGVQAEDAZUAwQ
IP

172.67.203.148:0
ASN

#13335 CLOUDFLARENET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /NDNsNzYbDA9EC2NrBE9jBgIeZmNuXTtwdHthAXFvVlhZf29YREpDX1AOWwQBBwFVEUZdV1EGEEdHDUNDRw5dEV9aVQMKEEIOXRkFAB1fBhgGFRkKBQwKXwADBApZAAAMCl8FEEBDDVALBRUcQ0JYDl0BAQAGVQAEDAZUAwQ HTTP/1.1
Host: reoreexpresi.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 204 No Content
date: Tue, 24 Jan 2023 21:54:47 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jBOPU%2Bkjvxh6QccmlefuvdHO1kuA%2BpSpK0S5v8k%2BrR6NRlTIHhqDszB682gw0OErAopKIvf%2BJHAg8CRC4JdPvrtg9XUQFFUD427%2Bq1HAwJFRmN1NgvOTDZb%2BFaMpETpX3JTW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ec02782ba70afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/skLwC7qegUg

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/s/gts1p5/skLwC7qegUg
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

6e2f78f6ea01351b2bbb15bd7fd2fbc8

4a080fbf06069a5573223274f6312b266d4c502c

dc5c5d45b310af689fdadd3511ff831c73fe9b05c4cf9f3884e21b88dcd81b17

HTTP Headers

                                        POST /s/gts1p5/skLwC7qegUg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Jan 2023 21:54:47 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

yooumoughtc.xyz/utx?tid=737323&top=anonfiles.com&cb=4DLnuBni7kSW

65.9.44.102

204 No Content

URL HTTP/2

yooumoughtc.xyz/utx?tid=737323&top=anonfiles.com&cb=4DLnuBni7kSW
IP

65.9.44.102:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /utx?tid=737323&top=anonfiles.com&cb=4DLnuBni7kSW HTTP/1.1
Host: yooumoughtc.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonfiles.com
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 204 No Content
date: Tue, 24 Jan 2023 21:54:47 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://anonfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 24 Jan 2023 21:55:47 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 d30a7800f939c215cded21c657c43fc8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: yxdhIijzZ3WI-SH9x-ihcwpy9yzqnJgM2BE-szweYsbS3ueCTE_agA==
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

5841ef884ec146c10c6975ea9e1ebf0f

69151a25648afb9fd4c1780f4b45bd4200c6edee

88fc9bfea9c6f046d43d0cc36467cd7133555056c977beee8a486c0f3ad64c51

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "88FC9BFEA9C6F046D43D0CC36467CD7133555056C977BEEE8A486C0F3AD64C51"
Last-Modified: Tue, 24 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14162
Expires: Wed, 25 Jan 2023 01:50:49 GMT
Date: Tue, 24 Jan 2023 21:54:47 GMT
Connection: keep-alive

anonfiles.com/img/file/filetypes/ext/exe.png?1668605455

45.154.253.152

200 OK

971

URL HTTP/1.1

anonfiles.com/img/file/filetypes/ext/exe.png?1668605455
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data

Size

971
Hash

6bf5e4ab859fd40841d4b6e3f73672d7

4fb4215e8618f5b248f88007a951bf61b915c20b

f7501f1e544e84cc5fa5a6d98dd4064b8db0ae2aec7f8fbc24a5c78fc7f2b2d9

HTTP Headers

                                        GET /img/file/filetypes/ext/exe.png?1668605455 HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:47 GMT
Content-Type: image/png
Content-Length: 971
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 9
accept-ranges: bytes

anonfiles.com/img/flags/24/br.png

45.154.253.152

200 OK

1115

URL HTTP/1.1

anonfiles.com/img/flags/24/br.png
IP

45.154.253.152:0
ASN

#41634 Svea Hosting AB

Magic

PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

1115
Hash

6a5938d2e7f7d6f4026d6eb1b4b4f2cd

7a038177fe4deec455d61d3e9c90019fa4727d40

0ab6c46e677fa7e49b6344fcde39c06ff6c014d9163571cdb36f8b5fc59c17eb

HTTP Headers

                                        GET /img/flags/24/br.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonfiles.com/EeIeNfP2y4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Jan 2023 21:54:48 GMT
Content-Type: image/png
Content-Length: 1115
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3684
accept-ranges: bytes

thecoveos.com/

52.20.131.174

200 OK

URL HTTP/2

thecoveos.com/
IP

52.20.131.174:0
ASN

#14618 AMAZON-AES

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        POST / HTTP/1.1
Host: thecoveos.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 380
Origin: https://anonfiles.com
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2

djv99sxoqpv11.cloudfront.net/COVA4MXNaP1ZXTE05XAxECmcLA0ofOkteHUltdX00aBVKfzRyF1xIPR8kQlVOCXZUUB1ebR5UHVptCRcSXTIFBVVNIFdaTkklXlIcQTlUVx0fJVkMHlYqUV0fWHUKd0YXYB0DQxEnUV8XVidLFEEJPkwUQQlhCB9DHGN6FEEJJ1FfRQ11C3NWC2BAB0ccY3-oUQQkiThRAeGEIBF0JeR0DQ141W1ocHGJ+A0MIYAgAQwh1CgEVUCJdVxxBdQp3QgllFgFVTG0LCUoKZw0BSgxnDglKCmI

54.230.245.208

200 OK

544

URL HTTP/2

djv99sxoqpv11.cloudfront.net/COVA4MXNaP1ZXTE05XAxECmcLA0ofOkteHUltdX00aBVKfzRyF1xIPR8kQlVOCXZUUB1ebR5UHVptCRcSXTIFBVVNIFdaTkklXlIcQTlUVx0fJVkMHlYqUV0fWHUKd0YXYB0DQxEnUV8XVidLFEEJPkwUQQlhCB9DHGN6FEEJJ1FfRQ11C3NWC2BAB0ccY3-oUQQkiThRAeGEIBF0JeR0DQ141W1ocHGJ+A0MIYAgAQwh1CgEVUCJdVxxBdQp3QgllFgFVTG0LCUoKZw0BSgxnDglKCmI
IP

54.230.245.208:0
ASN

#16509 AMAZON-02

Magic

ASCII text, with very long lines (781), with no line terminators

Size

544
Hash

24775c61bcb78622644cda5cd1bbb9c2

93130802c642b22a89c28d494d45fd45ac948e2c

f10bc46272069a9eb086d4a20b4ffeaeeab8a308a824474e92715b19067967cc

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /COVA4MXNaP1ZXTE05XAxECmcLA0ofOkteHUltdX00aBVKfzRyF1xIPR8kQlVOCXZUUB1ebR5UHVptCRcSXTIFBVVNIFdaTkklXlIcQTlUVx0fJVkMHlYqUV0fWHUKd0YXYB0DQxEnUV8XVidLFEEJPkwUQQlhCB9DHGN6FEEJJ1FfRQ11C3NWC2BAB0ccY3-oUQQkiThRAeGEIBF0JeR0DQ141W1ocHGJ+A0MIYAgAQwh1CgEVUCJdVxxBdQp3QgllFgFVTG0LCUoKZw0BSgxnDglKCmI HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ardsoffhdgat.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
content-length: 544
date: Tue, 24 Jan 2023 21:54:48 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nsahfbdAO-0C3sRO8ytCAJRvQKZQayrk-rY13IXTzwccQjEiwu3zmw==
X-Firefox-Spdy: h2

djv99sxoqpv11.cloudfront.net/iU0NjRVcwLA0jaCcqB3hgYHRQdmd1KRAqOSN+MCM0GhsALGEKF0UxLTd+U2M7Mi0EeHE2LQB4ZnUiBydqZ2UWJGo+LBksOz8iRncRZm1TYGVjaxQsOTcsFDZyYXMNMXJhc1J1eWNmUAdyYXMULDlld0Z2FXZxUz1hZ2ZQB3JhcxEzcmACUnVifXNKYGVjJA-YmPDxmUQNlY3JTdWZjckZ3ZzUqESAxPDtGdxFic1ZrZ3U2XnZvanBUcGdqdlRzb2pwUQ

54.230.245.208

200 OK

252

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

#1 JS:Script (size: 193275)

#2 JS:Script (size: 45243)

#3 JS:Script (size: 358)

#4 JS:Script (size: 160)

#5 JS:Script (size: 208212)

#6 JS:Script (size: 2991)

#7 JS:Script (size: 294)

#8 JS:Script (size: 167)

#9 JS:Script (size: 1770)

#10 JS:Script (size: 475833)

#11 JS:Script (size: 57596)

#12 JS:Script (size: 2963)

#13 JS:Script (size: 781)

HTTP Transactions (73)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers