Report - anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript

Report Overview

Submitted URL
anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript
IP
138.201.48.112
ASN
#24940 Hetzner Online GmbH
Submitted
2022-12-10 06:15:31
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	422 B	743 B	139.45.195.8
betotodilea.com	52465	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.7 kB	61 kB	139.45.197.237
inklinkor.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	358 B	1.1 kB	172.67.211.29
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	44 kB	34.120.237.76
onmarshtompor.com	24517	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	978 B	139.45.197.243
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.1 kB	13 kB	95.101.11.115
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	87 kB	104.17.25.14
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	963 B	172.64.155.188
datatechonert.com	46154	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	490 B	482 B	139.45.195.253
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.6 kB	93.184.220.29
ibrapush.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	2.5 kB	139.45.197.250
nanouwho.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	140 kB	139.45.197.242
bedrapiona.com	34930	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	417 B	42 kB	139.45.197.234
interstitial-07.com	36198	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.9 kB	41 kB	139.45.197.151
anonymfile.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.1 kB	225 kB	138.201.48.112
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
cdn.jsdelivr.net	439	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	369 B	19 kB	151.101.193.229
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	368 B	1.9 kB	104.18.21.226
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.200.107.47
unphionetor.com	54035	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.1 kB	139.45.197.236
unpkg.com	11693	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	2.3 kB	104.16.122.175
tzegilo.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	356 B	830 B	104.21.84.149

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-09	medium	nanouwho.com	Sinkholed
2022-12-09	medium	nanouwho.com	Sinkholed
2022-12-09	medium	nanouwho.com	Sinkholed
2022-12-10	medium	unphionetor.com	Sinkholed
2022-12-10	medium	unphionetor.com	Sinkholed
2022-12-09	medium	nanouwho.com	Sinkholed
2022-12-10	medium	unphionetor.com	Sinkholed

JavaScript (25)

	URL	Size	First Seen	Last Seen
	cdn.jsdelivr.net/npm/sweetalert2@11	64 kB	2023-03-08	2023-10-27
Pretty URL cdn.jsdelivr.net/npm/sweetalert2@11 IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:46:01 Last Seen2023-10-27 14:14:13 Times Seen16 Hash 17b4fbe7defc316f6eb2b3a82ed6d8c5 59894a7d4ba0aecf545434b4913c9288db8ef589 b76533851af891a27433d6ed3ab58ad54b9af660d3655ad7cae0bd951b6a0309 Loading...

	nanouwho.com/1?z=5307589	17 kB	2023-03-09	2023-03-09
Pretty URL nanouwho.com/1?z=5307589 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:02:47 Last Seen2023-03-09 01:02:47 Times Seen1 Hash e23e9a97c824db41f7fa657d39fe21af 6db77fb563084159d598662d066bc865672421fe 32aa6ec0ee663c9c0fa71c4be30cae656e08495f0474e9ab015aa253b7fce41d Loading...

	ibrapush.com/pfe/current/tag.min.js?z=5307590	15 kB	2023-03-08	2023-03-11
Pretty URL ibrapush.com/pfe/current/tag.min.js?z=5307590 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:13 Last Seen2023-03-11 23:52:36 Times Seen1 Hash 191ea99ed07a7fe90b457168edd25141 0ace741f1e05b34e1e266360de25d4c29facd2e1 f28c7f29111515de23861d74072c7f60e4a06965c91476e8d7d3409062d9d358 Loading...

	nanouwho.com/27/11a99959c11b6755664b3df2c6eb7de1	378 kB	2023-03-08	2023-03-09
Pretty URL nanouwho.com/27/11a99959c11b6755664b3df2c6eb7de1 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:57:58 Last Seen2023-03-09 04:16:40 Times Seen1 Hash 8329878d587fbdcac856c9fd94f33cc6 7cf5f77795ba843e0cc082d706a20b517d320237 ebd7c3e2063610b60f05f5ab122555c66a5cdcf9fe443b470465591ca76cb7eb Loading...

	cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js	11 kB	2023-03-07	2024-04-25
Pretty URL cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:42 Last Seen2024-04-25 20:59:34 Times Seen707 Hash 27784b7376dd992368c71b6c5559f358 f86d2ac408c4de0d5281cf91d6ddfb93e5e5d2ff 11be927cda59c8b6019ebbea838285c5beaf21183ea4b83dbd4e4fbf9413ce4a Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-26 13:26:46 Times Seen261620 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	anonymfile.com/js/site.js	9.4 kB	2023-03-07	2024-04-25
Pretty URL anonymfile.com/js/site.js IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:42 Last Seen2024-04-25 20:59:34 Times Seen434 Hash afecd65686f50e645b8e1ee3edade2c2 f038373fb9efa997f7aeba9f80a47fbc3d6bd634 524fcae3468beb724c12b61925a2c1dcdb482f37783cd9d3f7630ae8bafa3d2a Loading...

	betotodilea.com/400/5307588	83 kB	2023-03-09	2023-03-09
Pretty URL betotodilea.com/400/5307588 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:02:48 Last Seen2023-03-09 01:02:48 Times Seen1 Hash c79034e7251798137bdde8e496142c99 2f04a10d6222903d7d436e97c1d82c0df6ea6e39 3df647817783d85616c64f1842fdc544ca5c9233bf374e91422218342a283946 Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js	19 kB	2023-03-07	2024-04-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-26 12:02:05 Times Seen2347 Hash 541aecc95a7faeef0fc27558070f3647 0ec7ca4778ba3ccb4d1b1688094720834fbe9ed3 f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd Loading...

	unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js	6.8 kB	2023-03-08	2024-04-25
Pretty URL unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js IP 104.16.122.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:46:17 Last Seen2024-04-25 20:59:34 Times Seen654 Hash 5ab1c9fe6f2ca02b78083699d8109be5 99aa73a69b0ee070162ff7a2a8b70005ebb48565 845b2368dce026b72f19715d6de81f03fef056e4a79c718a658161a1f7b03b3b Loading...

	unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js	7.4 kB	2023-03-07	2024-02-08
Pretty URL unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js IP 104.16.122.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-02-08 07:46:02 Times Seen604 Hash 6170d2a086cb1d5769c6fd1f76edf99b d61c541caceb4e5deb35d8642702b89091a8bb42 6fc678b64782a17a266b5675e195be5956efd7513fd228143901b427983df928 Loading...

	anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript	213 B	2023-03-07	2023-08-29
Pretty URL anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2023-08-29 21:14:02 Times Seen131 Hash ccea0e1846102f4f1ed17644f6c6baa6 e43c87b583bef9f3e325ab7bf9ccf4a1f80bc35a e84714cb230edad68ac36e473976e94ca40d378d53fc1b7b539c03879f7ab887 Loading...

	anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript	193 B	2023-03-07	2024-01-15
Pretty URL anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-01-15 22:34:31 Times Seen141 Hash 4b7b08e36b07601453ef10bef59afe1e 1f0003567c5e86d6fc129bbf62384e04ca2a1a2f f54132e87f4227d9e6ccf534bb92ff7746c7fb734ab9eb7197c0810ea6b52c52 Loading...

	anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript	1.3 kB	2023-03-09	2023-03-09
Pretty URL anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:02:48 Last Seen2023-03-09 01:02:48 Times Seen1 Hash 5a4e371c210582b233ad4e9cff4a9ca3 67fd3ff378f62b40fce4aba96474ebc9eac77d74 106a4d4462898e95a452082b39caf2a1ff498670eb1aa37b205aa47a618634cb Loading...

	inklinkor.com/tag.min.js	74 kB	2023-03-08	2023-03-09
Pretty URL inklinkor.com/tag.min.js IP 172.67.211.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:41:27 Last Seen2023-03-09 05:13:00 Times Seen1 Hash e8ecbb34ec1453a66ae85959f375127a 11d7f4f866a069fe97f61be8a867de83f2ad6117 bd22281f663f9eb5a8d183712e308050ad967d62b105899328cc53b7d5fe306a Loading...

	tzegilo.com/stattag.js	13 kB	2023-03-08	2023-03-12
Pretty URL tzegilo.com/stattag.js IP 104.21.84.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:59 Last Seen2023-03-12 10:48:49 Times Seen1 Hash d0de06f954f7dedba242231b0ec4052d 188d75bb9077832384f889dd15584845790bc146 efae63871ebdeb69e7d64c6782924f72584f962d540b8c55237cba93c026af16 Loading...

	anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript	103 B	2023-03-09	2023-03-09
Pretty URL anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:02:48 Last Seen2023-03-09 01:02:48 Times Seen1 Hash ca20b6bd12dfda92bf46c80fc8d109a2 243e71ad3886d985cbe93f050813db8051141af1 cc92c4e3bbd958ba207348f3b829ff989c9ea330d546158ca29a1e16d6b8e317 Loading...

	unphionetor.com/fv.js?t=72747&cb=523908534	5.2 kB	2023-03-07	2024-04-24
Pretty URL unphionetor.com/fv.js?t=72747&cb=523908534 IP 139.45.197.236 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-24 01:48:23 Times Seen2355 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	interstitial-07.com/?l=a4VyXDG0eyp5w7A&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3426358962%26z%3D5307589%26b%3D16043341%26c%3D6407127%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Dnh2KfNFjN2Qho7ArLL_IgmqxfsqBK5ESv2f84oJpgKKQSCCr_R0LbqXffdFj92Y-2fVr-HhZN-6MQexLvR3N6c4Y31y0yfH2SzQ6deNM3fUvyeMM8YdKHaxbSLHmPirE740qdNdcvkL_aG92kGLzhftjqlGxIgnPcSr1DyX8JEDClb_UksJM4ovoRtsD37pVxvUcygdGNzEypE1bCBrR0SrABO1aALKw9O7wfTlhi0dwxFbIFIHJRZGqMr0d__CikSHWjF-nz0UnRWJt1LmaJh5c1vKerPhO4sWtCHHg21_DBGtNGKX5_3qFxElz7Quk0CUS85CyWf09CEoYmwhDSWDkOsCm-s9lDtYydgT2b39zOShwtqbd9oEMfF7-iWjDUulbARCGPqd3FRucE8XYM17WTeiMjFK0f59GjLEVui8tj-e9iMqyohVyeSncOcElXGeGCTs2ZdpQ5XABZOENH7ihfZsGTGFk1PxkjUkZCvBLCrEDya1LlnCnX0vtQ5koGcQ0uhQFPgXN830U21hOgT-ZGZHaGGOTin1f0DddVCbZ1wOg5TcXvkWPIp8TWkwmZp7WP6ts1bvcpzKw9F5h14QdWjPXpkUUxD1XsJVt42kz6bSHzEf8dPYwP8aVFaRHBovnRpvtw3ix0NC5FMTqlppZWVM%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D5efed883-091c-4977-9f1d-a6d2efc2a502%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FbJXZW%252F20221208173000-20221208180000.rar%253FPageSpeed%253Dnoscript%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0	1.5 kB	2023-03-09	2023-03-09
Pretty URL interstitial-07.com/?l=a4VyXDG0eyp5w7A&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3426358962%26z%3D5307589%26b%3D16043341%26c%3D6407127%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Dnh2KfNFjN2Qho7ArLL_IgmqxfsqBK5ESv2f84oJpgKKQSCCr_R0LbqXffdFj92Y-2fVr-HhZN-6MQexLvR3N6c4Y31y0yfH2SzQ6deNM3fUvyeMM8YdKHaxbSLHmPirE740qdNdcvkL_aG92kGLzhftjqlGxIgnPcSr1DyX8JEDClb_UksJM4ovoRtsD37pVxvUcygdGNzEypE1bCBrR0SrABO1aALKw9O7wfTlhi0dwxFbIFIHJRZGqMr0d__CikSHWjF-nz0UnRWJt1LmaJh5c1vKerPhO4sWtCHHg21_DBGtNGKX5_3qFxElz7Quk0CUS85CyWf09CEoYmwhDSWDkOsCm-s9lDtYydgT2b39zOShwtqbd9oEMfF7-iWjDUulbARCGPqd3FRucE8XYM17WTeiMjFK0f59GjLEVui8tj-e9iMqyohVyeSncOcElXGeGCTs2ZdpQ5XABZOENH7ihfZsGTGFk1PxkjUkZCvBLCrEDya1LlnCnX0vtQ5koGcQ0uhQFPgXN830U21hOgT-ZGZHaGGOTin1f0DddVCbZ1wOg5TcXvkWPIp8TWkwmZp7WP6ts1bvcpzKw9F5h14QdWjPXpkUUxD1XsJVt42kz6bSHzEf8dPYwP8aVFaRHBovnRpvtw3ix0NC5FMTqlppZWVM%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D5efed883-091c-4977-9f1d-a6d2efc2a502%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FbJXZW%252F20221208173000-20221208180000.rar%253FPageSpeed%253Dnoscript%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:02:48 Last Seen2023-03-09 01:02:48 Times Seen1 Hash 5174c6aa9b0ad7c2113182bf5cc87876 364bbe3ab1a669de39317836132b1ffb9485e7c3 8c3e80ee26325facc5d37df6104284ef572bd23dfbba4aa2e8d8e2c12d547154 Loading...

	cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js	59 kB	2023-03-07	2024-04-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-26 12:02:05 Times Seen3278 Hash 259e416ef6833be43801b8b68a93b008 19080c3b817985336aab5e1ce6925c99803f2efd 70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce Loading...

	cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js	118 kB	2023-03-07	2024-04-25
Pretty URL cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:52 Last Seen2024-04-25 20:59:34 Times Seen1060 Hash 516f35ea42aa797b3b106a8f108edb88 9b1313b221c5d59835c31da0327f4273a2647174 9677264de392aeedd3b391fe53578415c87835405d14068380f9bf3970a48286 Loading...

	anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript	40 B	2023-03-07	2024-04-26
Pretty URL anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:07 Last Seen2024-04-26 13:27:00 Times Seen4706 Hash 6bd43cf0ae158526c6ab93dc3be79f28 15c289e342bd3fdf5b1e95f7abf25a2bc78bf357 7a13d5ae0755d86c09084ec300c4a0f1a0a06921f74d9980eba9d966ff17ad38 Loading...

	anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript	102 kB	2023-03-08	2023-03-11
Pretty URL anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript IP 138.201.48.112 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:13 Last Seen2023-03-11 23:52:37 Times Seen1 Hash 4224657dcd443a3bd29476e92ab48558 d237d75a44e44df6826a0f3fe76a848de0599070 e3abef6168f06a92edfc05945cd2336f3ba3bb2719c3380393ec498e755c97fb Loading...

		Size	First Seen	Last Seen
	#1 Eval - 8d69540f1be81e2771602d9a4742e960	80 B	2023-03-09	2023-03-09
Pretty Observations First Seen2023-03-09 01:02:48 Last Seen2023-03-09 01:02:48 Times Seen1 Hash 8d69540f1be81e2771602d9a4742e960 d00f3a32b7f990303ce4b3d0c6c2b69a986d9376 e50b3a648fe8c4dbf7ecc6f0a2337ff5ee72954cb383b48ad297050171e387ea Loading...

		Size	First Seen	Last Seen
	#1 Write - 3a824154b16ed7dab899bf000b80eeee	4 B	2023-03-07	2024-02-13
Pretty Observations First Seen2023-03-07 01:02:03 Last Seen2024-02-13 04:29:14 Times Seen34 Hash 3a824154b16ed7dab899bf000b80eeee e575dccc71140754dd85beda5965b6a358150309 b1ab1e892617f210425f658cf1d361b5489028c8771b56d845fe1c62c1fbc8b0 Loading...

HTTP Transactions (75)

URL IP Response Size

anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript

138.201.48.112

301 Moved Permanently

162 B

URL HTTP/1.1
anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 10 Dec 2022 06:15:19 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11475
Expires: Sat, 10 Dec 2022 09:26:34 GMT
Date: Sat, 10 Dec 2022 06:15:19 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11185
Expires: Sat, 10 Dec 2022 09:21:44 GMT
Date: Sat, 10 Dec 2022 06:15:19 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5149
Expires: Sat, 10 Dec 2022 07:41:08 GMT
Date: Sat, 10 Dec 2022 06:15:19 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 10 Dec 2022 06:08:23 GMT
content-type: application/json
age: 416
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: iBzaKVCQdZFLsHYgqaqa/3AjqDbFhHT9/fS06Mlng2QAx7KxeZo+Brwdb7/dhRwQGX93WAuUBNo=
x-amz-request-id: R9MQDR32QKY1D60N
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 10 Dec 2022 05:48:40 GMT
age: 1599
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:20 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js

104.17.25.14

200 OK

3.0 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.8/clipboard.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (10584)
Size
3.0 kB (3000 bytes)
Hash
e34a4db0b42ca907e0b7a56cd4b145ec
2dc36a7dcdfc42d122b23ef91483d27865c4285f
4b2a908e8d2c23d19da5e9ef4c6c77e7c6e8823b7aeb93233723f366ff6d217a

HTTP Headers

GET /ajax/libs/clipboard.js/2.0.8/clipboard.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Dec 2022 06:15:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 3000
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6049431e-29b4"
last-modified: Wed, 10 Mar 2021 22:07:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 734240
expires: Thu, 30 Nov 2023 06:15:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FyO5tt87oL5wnc8N99LCVwPasxGhjUXE9R2B0W9W3dzp6%2ByyHAgr%2BP2VR8ZwO8dFEJY88r3dMCpOIrY7CQQb%2By1cF1AwhblmPK3uFksTB5Cinsjmgc6nAPuE%2Fzqk%2Bc6zH3E5BQYD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7773d86ffb74b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js

104.17.25.14

200 OK

15 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (58940)
Size
15 kB (14584 bytes)
Hash
28dbaeb9aa2638e0c4e6d9ffd3d14e9d
3208ed3741e60986bbed3fd759cdfd3b4fa7cf06
ababbb021f57966e125b8e296f9515f38d906b462697f7835e6914465dd0d362

HTTP Headers

GET /ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 10 Dec 2022 06:15:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 14584
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6161dfe3-38f8"
last-modified: Sat, 09 Oct 2021 18:30:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2034661
expires: Thu, 30 Nov 2023 06:15:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XsC%2FfFiK9HTWpRQsD1iEAclqIozmr%2FqaPOfu5r1EVHDn8%2B08wualQXqWl4ACatuQ8G9SaxmsWoUuNwhCF7nKRW%2BdrJjhl0%2FTeseyEerCKAgjOR1HefSxIKJ06VvyGpo4pmj2yh3X"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7773d86ffb7bb50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js

104.17.25.14

200 OK

30 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/filepond/4.30.3/filepond.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65370)
Size
30 kB (29707 bytes)
Hash
d18c98bb03dac8dd996130d56f3d8e8c
cc1777baef75c9438534927036a21f22e91e5578
89a5585efd3c48a3870d383705937d51bb2a3a776eb01805a2629dd7a28e3c2e

HTTP Headers

GET /ajax/libs/filepond/4.30.3/filepond.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 10 Dec 2022 06:15:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 29707
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "615c7e96-740b"
last-modified: Tue, 05 Oct 2021 16:34:30 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 11696808
expires: Thu, 30 Nov 2023 06:15:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pormiTIaCr%2F62Or9wF4xvuzbcXR2E4aOFmOrcwklJ%2FetrPEg0%2BY0hnC3dxTZbhJ2XrMOjWx7P%2BGX1gjx6H6XAnkBMuyDM601UM5MOFdP3H3ZCbzfi1lCKBGvjECE8Nwnyufn8lk6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7773d86ffb73b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.25.14

200 OK

28 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65447)
Size
28 kB (27938 bytes)
Hash
d900ca08873ee57d40616d39a44cc0aa
7ab3ac8b1504b7b914a6e94c979b8390bb492f6a
1eea479cc0abe04a0846f41031207f9511f12ffef017a6109d4efb6f5523465b

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 10 Dec 2022 06:15:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 893189
expires: Thu, 30 Nov 2023 06:15:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FKVwbLCArizdd6U%2FNq1D9vRz3WGGnbKYxLoCbekHQAA9U97GKXu3eIZusycKfzSn9IaESl7j3KvjbzReLTkJeUQCKK1NLU%2B4yHUcqc4Uac5suwgLIOkAn%2FTCV7Mii9mZ3%2BwXmSWL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7773d86ffb82b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js

104.17.25.14

200 OK

6.0 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.2/umd/popper.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (18706)
Size
6.0 kB (6037 bytes)
Hash
3773d4bd82b03cdfd02c9fd691f80d78
c4d89a2de179c90944835571b45877048f3c1424
5d05303e3777fd4f588b7167d0a22cd5ca499c238f78ec0cecbb3a8786de332d

HTTP Headers

GET /ajax/libs/popper.js/2.10.2/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 10 Dec 2022 06:15:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 6037
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6155af49-1795"
last-modified: Thu, 30 Sep 2021 12:36:25 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 689620
expires: Thu, 30 Nov 2023 06:15:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nUAGB3dcR9C87Lu0BoTyWuWu1vobTPdR4ga56T49QRybjvIPhfUKCIuPReHbZy8vuP%2BIfqOF00UDhHB7pCfuD4iyS59y3ycD3hLZ7oYKJBBKaqlMZLXVN0Lh4mhuH72zAg4E8jLM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7773d86ffb79b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/sweetalert2@11

151.101.193.229

200 OK

18 kB

URL HTTP/2
cdn.jsdelivr.net/npm/sweetalert2@11
IP
151.101.193.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (43300)
Size
18 kB (18036 bytes)
Hash
d9da418805bd4bde053bcaeed574c2b8
539ce9c1b8ebe1e176b1272f36553c50a49e3895
9c20ee20412a3722b10b67c4948f91fa28132f1fe97e2921a54f1216647b1cf7

HTTP Headers

GET /npm/sweetalert2@11 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.6.15
x-jsd-version-type: version
etag: W/"fb4e-WYlKfUugrs9UVDS0kTySiNuO9Yk"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 10 Dec 2022 06:15:20 GMT
age: 21660
x-served-by: cache-fra-eddf8230057-FRA, cache-bma1643-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18036
X-Firefox-Spdy: h2

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1

104.18.21.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
89bb3ddd7462348a89a58f6f152ffa30
98f47e29aa1fde38423e10f1dd1a17c69ac748af
b175049b324a7bc973d3e4bc9f6ead3383e6d2c2381f78edc5ff68224dbfa891

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Dec 2022 06:15:20 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "E487C1AAEA62E0610275CD3C1E3F341456A16F32"
Expires: Sat, 10 Dec 2022 17:00:00 GMT
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 463
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7773d8709cbdb4e8-OSL

anonymfile.com/img/logo-anon-warning.webp

138.201.48.112

200 OK

15 kB

URL HTTP/2
anonymfile.com/img/logo-anon-warning.webp
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
RIFF (little-endian) data, Web/P image\012- data
Size
15 kB (15344 bytes)
Hash
7b596f481388ac5ef6d74a15a351f6c3
6756e88c0b46cc981b7bbbdaf2ead77bd258a472
cd830cff1dfb9af2181dfe61645addbe21981954713fba54d5875a038e673972

HTTP Headers

GET /img/logo-anon-warning.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6IjNaR2tSb3diUlg4bU10ZHdlS0pJTlE9PSIsInZhbHVlIjoiNmY0NFZ6WmNJazY4blpVY3d5QTZCWldHbGNxYWpJRm9lSnlZOFJ4R2lNUy8zVTdWYlpqaDBvbDFRQVNsZ210NnNyWXY2STVHL1FsQU1oVzhKRFp5azJ6U21VQU1lMjZtNkR4QlFreE9NVHA5MEJrN29OVU1hRlJiN3FxQityS0kiLCJtYWMiOiJkYWQyMTViNzIwYzA5MDk0YmU3ZDgwZjFjYWQxMTNlZjhhZjdlNGM5ZGFhZTA5NzBlNTdmNTU0NmIwYTYwMWU3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6InJnbldMcWtVK3duU2hzdnFmUUZzQ3c9PSIsInZhbHVlIjoidU1PdmZ3aEQxL1RlaHZGTm04ZlZDZlgwVnEvUUR1akhCNWJ2VkxGK1BmN2owQ2tlQUhZVXdnUzhHVEk5djVjUitOSU9kSEl2T1VtbVJjU2lKek5wbzFNZlpVQm92eFlBYWx6R3d1M2RYMit3NUE1Ykc3TUJNeWQ0QUVDYXg1Q2IiLCJtYWMiOiIyMjFjNWUwYzg3NDdmNDE5MDI4MWNjYjRiNWU4NDljNWJiZWI0NmRhZmYzNWNiZTY3NjdhZTg2NzRkNWRmNDBkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:20 GMT
content-type: image/webp
content-length: 15344
last-modified: Sat, 30 Oct 2021 12:14:11 GMT
vary: Accept-Encoding
etag: "617d3713-3bf0"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: s-maxage=10
accept-ranges: bytes
X-Firefox-Spdy: h2

anonymfile.com/img/main/footer.webp

138.201.48.112

200 OK

178 kB

URL HTTP/2
anonymfile.com/img/main/footer.webp
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
RIFF (little-endian) data, Web/P image\012- data
Size
178 kB (178070 bytes)
Hash
79ccb3a1b78412a1a530284f45ea7056
626d0494e1bd871e67ecffad44d04ac2343fb7e5
3d4e83b59664d7a779fa777d4ee0e17a1bc09302f9b9cde60815a3142256d8b8

HTTP Headers

GET /img/main/footer.webp HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6IjNaR2tSb3diUlg4bU10ZHdlS0pJTlE9PSIsInZhbHVlIjoiNmY0NFZ6WmNJazY4blpVY3d5QTZCWldHbGNxYWpJRm9lSnlZOFJ4R2lNUy8zVTdWYlpqaDBvbDFRQVNsZ210NnNyWXY2STVHL1FsQU1oVzhKRFp5azJ6U21VQU1lMjZtNkR4QlFreE9NVHA5MEJrN29OVU1hRlJiN3FxQityS0kiLCJtYWMiOiJkYWQyMTViNzIwYzA5MDk0YmU3ZDgwZjFjYWQxMTNlZjhhZjdlNGM5ZGFhZTA5NzBlNTdmNTU0NmIwYTYwMWU3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6InJnbldMcWtVK3duU2hzdnFmUUZzQ3c9PSIsInZhbHVlIjoidU1PdmZ3aEQxL1RlaHZGTm04ZlZDZlgwVnEvUUR1akhCNWJ2VkxGK1BmN2owQ2tlQUhZVXdnUzhHVEk5djVjUitOSU9kSEl2T1VtbVJjU2lKek5wbzFNZlpVQm92eFlBYWx6R3d1M2RYMit3NUE1Ykc3TUJNeWQ0QUVDYXg1Q2IiLCJtYWMiOiIyMjFjNWUwYzg3NDdmNDE5MDI4MWNjYjRiNWU4NDljNWJiZWI0NmRhZmYzNWNiZTY3NjdhZTg2NzRkNWRmNDBkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:20 GMT
content-type: image/webp
content-length: 178070
last-modified: Wed, 10 Aug 2022 07:17:48 GMT
vary: Accept-Encoding
etag: "62f35b9c-2b796"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cache-control: s-maxage=10
accept-ranges: bytes
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 10 Dec 2022 05:33:14 GMT
age: 2526
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6177
Cache-Control: max-age=102872
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 06:15:20 GMT
Etag: "6392faaf-1d7"
Expires: Sun, 11 Dec 2022 10:49:52 GMT
Last-Modified: Fri, 09 Dec 2022 09:06:55 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
3866464aa7d9c3de1fa4f60308b21449
9ea87519749624cfe68d352521c1fd9b298f19aa
bfa012c771d3b7da5e108302e8be43f34f0f22fbbe3ab80911bef1ca062a32b3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4034
Cache-Control: max-age=132765
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 06:15:20 GMT
Etag: "639377d3-118"
Expires: Sun, 11 Dec 2022 19:08:05 GMT
Last-Modified: Fri, 09 Dec 2022 18:00:51 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
3866464aa7d9c3de1fa4f60308b21449
9ea87519749624cfe68d352521c1fd9b298f19aa
bfa012c771d3b7da5e108302e8be43f34f0f22fbbe3ab80911bef1ca062a32b3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4034
Cache-Control: max-age=132765
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 06:15:20 GMT
Etag: "639377d3-118"
Expires: Sun, 11 Dec 2022 19:08:05 GMT
Last-Modified: Fri, 09 Dec 2022 18:00:51 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 280

anonymfile.com/img/logo-anon-warning.png

138.201.48.112

200 OK

22 kB

URL HTTP/2
anonymfile.com/img/logo-anon-warning.png
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 1024 x 1024, 8-bit colormap, non-interlaced\012- data
Size
22 kB (21479 bytes)
Hash
4332367bd6f2c12da86e4ab20157daef
027b329b8b50972ee035b4e4f3cb9a3c080aba31
a7a91652e8153a80b1270b5fdb1d1e1e880ad9580e298040df1ed1b024699eb4

HTTP Headers

GET /img/logo-anon-warning.png HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6IjNaR2tSb3diUlg4bU10ZHdlS0pJTlE9PSIsInZhbHVlIjoiNmY0NFZ6WmNJazY4blpVY3d5QTZCWldHbGNxYWpJRm9lSnlZOFJ4R2lNUy8zVTdWYlpqaDBvbDFRQVNsZ210NnNyWXY2STVHL1FsQU1oVzhKRFp5azJ6U21VQU1lMjZtNkR4QlFreE9NVHA5MEJrN29OVU1hRlJiN3FxQityS0kiLCJtYWMiOiJkYWQyMTViNzIwYzA5MDk0YmU3ZDgwZjFjYWQxMTNlZjhhZjdlNGM5ZGFhZTA5NzBlNTdmNTU0NmIwYTYwMWU3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6InJnbldMcWtVK3duU2hzdnFmUUZzQ3c9PSIsInZhbHVlIjoidU1PdmZ3aEQxL1RlaHZGTm04ZlZDZlgwVnEvUUR1akhCNWJ2VkxGK1BmN2owQ2tlQUhZVXdnUzhHVEk5djVjUitOSU9kSEl2T1VtbVJjU2lKek5wbzFNZlpVQm92eFlBYWx6R3d1M2RYMit3NUE1Ykc3TUJNeWQ0QUVDYXg1Q2IiLCJtYWMiOiIyMjFjNWUwYzg3NDdmNDE5MDI4MWNjYjRiNWU4NDljNWJiZWI0NmRhZmYzNWNiZTY3NjdhZTg2NzRkNWRmNDBkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/png
content-length: 21479
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
accept-ranges: bytes
x-original-content-length: 40729
etag: W/"PSA-aj-QzI2e9bywS"
date: Sat, 10 Dec 2022 06:15:20 GMT
expires: Sat, 10 Dec 2022 06:17:01 GMT
cache-control: max-age=100
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.200.107.47

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.200.107.47:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5QMc0UhphK1MTdWSfn/e5A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xG/81kQ5g/7YyOGMTwdQ4s2XPe4=

anonymfile.com/sw.js

138.201.48.112

404 Not Found

5.5 kB

URL HTTP/2
anonymfile.com/sw.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4320)
Size
5.5 kB (5454 bytes)
Hash
8b6d58dd38c01b7c765091fd18ad20be
0b2fd8b928207e58a4fc61d8c041be3b50f790ea
be30fbd4258943e4b6e58406dfe932ee5f1ba07966e06d911618186b564a482d

HTTP Headers

GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6IjNaR2tSb3diUlg4bU10ZHdlS0pJTlE9PSIsInZhbHVlIjoiNmY0NFZ6WmNJazY4blpVY3d5QTZCWldHbGNxYWpJRm9lSnlZOFJ4R2lNUy8zVTdWYlpqaDBvbDFRQVNsZ210NnNyWXY2STVHL1FsQU1oVzhKRFp5azJ6U21VQU1lMjZtNkR4QlFreE9NVHA5MEJrN29OVU1hRlJiN3FxQityS0kiLCJtYWMiOiJkYWQyMTViNzIwYzA5MDk0YmU3ZDgwZjFjYWQxMTNlZjhhZjdlNGM5ZGFhZTA5NzBlNTdmNTU0NmIwYTYwMWU3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6InJnbldMcWtVK3duU2hzdnFmUUZzQ3c9PSIsInZhbHVlIjoidU1PdmZ3aEQxL1RlaHZGTm04ZlZDZlgwVnEvUUR1akhCNWJ2VkxGK1BmN2owQ2tlQUhZVXdnUzhHVEk5djVjUitOSU9kSEl2T1VtbVJjU2lKek5wbzFNZlpVQm92eFlBYWx6R3d1M2RYMit3NUE1Ykc3TUJNeWQ0QUVDYXg1Q2IiLCJtYWMiOiIyMjFjNWUwYzg3NDdmNDE5MDI4MWNjYjRiNWU4NDljNWJiZWI0NmRhZmYzNWNiZTY3NjdhZTg2NzRkNWRmNDBkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Sat, 10 Dec 2022 06:15:20 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a71e2b3eb00f9127500e15d0f604bc08
eb672a6b18c5347be281e5597249fb2e5100f9d3
88b79a3e77980857775244c7c54e2f7f90c52f18374d5e5f7abb47958c9a7781

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "88B79A3E77980857775244C7C54E2F7F90C52F18374D5E5F7ABB47958C9A7781"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=397
Expires: Sat, 10 Dec 2022 06:21:58 GMT
Date: Sat, 10 Dec 2022 06:15:21 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
27f907a256adb2c2f78f02a5f9b10c99
3411bd289f7e48859cde22993e8bd795ac9b19b2
907bff5886c7b9a138f540090f7e0010621667c24aa02c3fd075f083d0a3b683

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "907BFF5886C7B9A138F540090F7E0010621667C24AA02C3FD075F083D0A3B683"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14172
Expires: Sat, 10 Dec 2022 10:11:33 GMT
Date: Sat, 10 Dec 2022 06:15:21 GMT
Connection: keep-alive

my.rtmark.net/gid.js?userId=14ea242674014446abc855f4fd8f3ada

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?userId=14ea242674014446abc855f4fd8f3ada
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
3758fa42cdbc00484f2a01a686e061be
a6e778fb5679881911ab902ad313daec48c2d8ba
c62ddca8ba2149c994a9e781b5620c30a2104a9022be4f637468b4fd7c18db9f

HTTP Headers

GET /gid.js?userId=14ea242674014446abc855f4fd8f3ada HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:21 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=14ea242674014446abc855f4fd8f3ada; expires=Sun, 10 Dec 2023 06:15:21 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c5e1f14021541984fb7c7ba4f76c5ef9
3334cf1d6297d8fb36a4af2ebf9b993b94897658
aa935a586a8f1e18c93bf12958884d1ee590bedf8531b0f81a90ee09bf66896a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA935A586A8F1E18C93BF12958884D1EE590BEDF8531B0F81A90EE09BF66896A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7663
Expires: Sat, 10 Dec 2022 08:23:04 GMT
Date: Sat, 10 Dec 2022 06:15:21 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e93ba394dda001aceec2913d08a066d4
1b40f284e5b95f6d7f332aaaec5674f17e4df4d9
51188af3a5c333f4e70cc43b1974cabc437f2e23189eab2f4c4c817b60b5bc53

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51188AF3A5C333F4E70CC43B1974CABC437F2E23189EAB2F4C4C817B60B5BC53"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9330
Expires: Sat, 10 Dec 2022 08:50:51 GMT
Date: Sat, 10 Dec 2022 06:15:21 GMT
Connection: keep-alive

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
849e7d14c79720f2ab4168c416effd9c
764bcd5ba64a4fd23bfef15e4401bb741e0e515f
a219f07e6ab39a84155b8956d651925de6ec8328acedb5e636c94bff6f6efc85

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Dec 2022 06:15:21 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 09 Dec 2022 13:33:26 GMT
Expires: Fri, 16 Dec 2022 13:33:25 GMT
Etag: "764bcd5ba64a4fd23bfef15e4401bb741e0e515f"
Cache-Control: max-age=544083,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7773d8772bd50af6-OSL

datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.253

200 OK

12 B

URL HTTP/1.1
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.253:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 943
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 10 Dec 2022 06:15:21 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://anonymfile.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

ibrapush.com/zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3=

139.45.197.250

200 OK

664 B

URL HTTP/2
ibrapush.com/zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3=
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (663)
Size
664 B (664 bytes)
Hash
924f83d583902548517c3327ff8e4493
7d5ea76f95d862b44558e6428f0a0d2bb20e2b0c
92e16e70459ff85e5803ded19d1f535cb6197a2b1eda7b254cb663b81908147c

HTTP Headers

GET /zone?pub=0&zone_id=5307590&is_mobile=false&domain=anonymfile.com&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:21 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: 55d7a99055027be973dce9eccbee26a9
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
72731148596ccfd3a812aedf7456ce8f
92e66f22abaeef776220350cc6223843d98f1c09
134f50d1b9532802129c8cf0e5d7aed837cc0986e8557ffb857a121da4b3c8f4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "134F50D1B9532802129C8CF0E5D7AED837CC0986E8557FFB857A121DA4B3C8F4"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16722
Expires: Sat, 10 Dec 2022 10:54:03 GMT
Date: Sat, 10 Dec 2022 06:15:21 GMT
Connection: keep-alive

nanouwho.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=14ea242674014446abc855f4fd8f3ada

139.45.197.242

204 No Content

0 B

URL HTTP/2
nanouwho.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=14ea242674014446abc855f4fd8f3ada
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=14ea242674014446abc855f4fd8f3ada HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 10 Dec 2022 06:15:21 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

bedrapiona.com/5/5307591/?oo=1&js_build=iclick-v1.459.0

139.45.197.234

200 OK

41 kB

URL HTTP/2
bedrapiona.com/5/5307591/?oo=1&js_build=iclick-v1.459.0
IP
139.45.197.234:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size
41 kB (41077 bytes)
Hash
f3dd475000f3c775e07eccecedbca782
82e11ed77b4dbb7a38c787f73b1f5a5a432ebfe8
f5769eecaba902b5fc30829a2eb446d03080fa645bac5f179962c2c8053204fe

HTTP Headers

GET /5/5307591/?oo=1&js_build=iclick-v1.459.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:21 GMT
content-type: application/json
x-trace-id: 4764ff37f30c3995a2728da599df0557
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=14ea242674014446abc855f4fd8f3ada; expires=Sun, 10 Dec 2023 06:15:21 GMT; path=/; secure; SameSite=None
oaidts=1670652921; expires=Sun, 10 Dec 2023 06:15:21 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

0 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:21 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

betotodilea.com/400/5307588

139.45.197.237

200 OK

32 kB

URL HTTP/2
betotodilea.com/400/5307588
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
32 kB (31460 bytes)
Hash
d8b22949c5fb6ef524915517fe14a05c
c15348cdf2dd73ddae5a36d1b2d3c18fc5ad27f7
451c567af7afe571deb93e17e4493de332719f1e3153bee1ae5d92f8fd1891be

HTTP Headers

GET /400/5307588 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:21 GMT
content-type: application/javascript
x-trace-id: 46096b03367a627de9613e0abfdc4673
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=d4c2421b54f44a3d8cf53e1dc8852431; expires=Sun, 10 Dec 2023 06:15:21 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 807
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:21 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: e8b9f931c3a408ff1555bb21f8fce336
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

139.45.197.242

200 OK

2.7 kB

URL HTTP/2
nanouwho.com/9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=14ea242674014446abc855f4fd8f3ada
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (6427), with no line terminators
Size
2.7 kB (2707 bytes)
Hash
04cef59789b9eea056e736b9d0106ea5
8f98fb5623523bf11249b21fb1e90a116507b0e4
0d93846adead6a22db4bb745816131ded034e1181a70ae374ddf75c354e609e1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /9?z=5307589&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=14ea242674014446abc855f4fd8f3ada HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 149
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=8b0e462b1fe04214827cc639ed43f318; oaidts=1670652921
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:21 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: eddc6edb9b19b61e2b7a458b77b18044
access-control-expose-headers: X-Sc
set-cookie: OAID=14ea242674014446abc855f4fd8f3ada; expires=Sun, 10 Dec 2023 06:15:21 GMT; secure; SameSite=None
oaidts=1670652921; expires=Sun, 10 Dec 2023 06:15:21 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

betotodilea.com/500/5307588?excludes=&oaid=14ea242674014446abc855f4fd8f3ada&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5307588?excludes=&oaid=14ea242674014446abc855f4fd8f3ada&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/5307588?excludes=&oaid=14ea242674014446abc855f4fd8f3ada&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:21 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b16b33c26d2f1c15ceb01a41b82d9666
25f16e8eef51dd04706936a76b2c8c899095cad6
bda4920c745e13e006293cd7ca600fa230f08860c018c841d9dbe296f36c64be

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDA4920C745E13E006293CD7CA600FA230F08860C018C841D9DBE296F36C64BE"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2553
Expires: Sat, 10 Dec 2022 06:57:55 GMT
Date: Sat, 10 Dec 2022 06:15:22 GMT
Connection: keep-alive

interstitial-07.com/contents/s/45/ad/fc/5dac387ae41ca4a0c1b6a9ac37/01606490601807.jpeg

139.45.197.151

200 OK

9.3 kB

URL HTTP/2
interstitial-07.com/contents/s/45/ad/fc/5dac387ae41ca4a0c1b6a9ac37/01606490601807.jpeg
IP
139.45.197.151:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
9.3 kB (9271 bytes)
Hash
45adfc5dac387ae41ca4a0c1b6a9ac37
d972ecfcf25c8d8c697beac01a3fa85635e564f5
a653f78b2f5c5f1dd923fb9291bb67832dad4014266ef34b6bff707a381b1bda

HTTP Headers

GET /contents/s/45/ad/fc/5dac387ae41ca4a0c1b6a9ac37/01606490601807.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=a4VyXDG0eyp5w7A&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3426358962%26z%3D5307589%26b%3D16043341%26c%3D6407127%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Dnh2KfNFjN2Qho7ArLL_IgmqxfsqBK5ESv2f84oJpgKKQSCCr_R0LbqXffdFj92Y-2fVr-HhZN-6MQexLvR3N6c4Y31y0yfH2SzQ6deNM3fUvyeMM8YdKHaxbSLHmPirE740qdNdcvkL_aG92kGLzhftjqlGxIgnPcSr1DyX8JEDClb_UksJM4ovoRtsD37pVxvUcygdGNzEypE1bCBrR0SrABO1aALKw9O7wfTlhi0dwxFbIFIHJRZGqMr0d__CikSHWjF-nz0UnRWJt1LmaJh5c1vKerPhO4sWtCHHg21_DBGtNGKX5_3qFxElz7Quk0CUS85CyWf09CEoYmwhDSWDkOsCm-s9lDtYydgT2b39zOShwtqbd9oEMfF7-iWjDUulbARCGPqd3FRucE8XYM17WTeiMjFK0f59GjLEVui8tj-e9iMqyohVyeSncOcElXGeGCTs2ZdpQ5XABZOENH7ihfZsGTGFk1PxkjUkZCvBLCrEDya1LlnCnX0vtQ5koGcQ0uhQFPgXN830U21hOgT-ZGZHaGGOTin1f0DddVCbZ1wOg5TcXvkWPIp8TWkwmZp7WP6ts1bvcpzKw9F5h14QdWjPXpkUUxD1XsJVt42kz6bSHzEf8dPYwP8aVFaRHBovnRpvtw3ix0NC5FMTqlppZWVM%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D5efed883-091c-4977-9f1d-a6d2efc2a502%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FbJXZW%252F20221208173000-20221208180000.rar%253FPageSpeed%253Dnoscript%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:22 GMT
content-type: image/jpeg
content-length: 9271
last-modified: Thu, 20 Oct 2022 03:21:06 GMT
vary: Accept-Encoding
etag: "6350bea2-2437"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

interstitial-07.com/contents/s/32/13/a8/e6ac43e59294f402bbbe324953/0596778554123.jpeg

139.45.197.151

200 OK

30 kB

URL HTTP/2
interstitial-07.com/contents/s/32/13/a8/e6ac43e59294f402bbbe324953/0596778554123.jpeg
IP
139.45.197.151:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Size
30 kB (29997 bytes)
Hash
3213a8e6ac43e59294f402bbbe324953
3e66ba9e6978ca9fef50e07274bd9899e3fed9c3
f880d432fbedbe3a15e8fed32985860e84e8ec4425ad6ff3e6cae446be0a6714

HTTP Headers

GET /contents/s/32/13/a8/e6ac43e59294f402bbbe324953/0596778554123.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=a4VyXDG0eyp5w7A&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3426358962%26z%3D5307589%26b%3D16043341%26c%3D6407127%26var%3D%26d%3Dhttp%253A%252F%252Fbelievemefly.com%252Fbase.php%253Fc%253D3647%2526key%253D432671afcbaec0691a80da097806f6fe%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Dnh2KfNFjN2Qho7ArLL_IgmqxfsqBK5ESv2f84oJpgKKQSCCr_R0LbqXffdFj92Y-2fVr-HhZN-6MQexLvR3N6c4Y31y0yfH2SzQ6deNM3fUvyeMM8YdKHaxbSLHmPirE740qdNdcvkL_aG92kGLzhftjqlGxIgnPcSr1DyX8JEDClb_UksJM4ovoRtsD37pVxvUcygdGNzEypE1bCBrR0SrABO1aALKw9O7wfTlhi0dwxFbIFIHJRZGqMr0d__CikSHWjF-nz0UnRWJt1LmaJh5c1vKerPhO4sWtCHHg21_DBGtNGKX5_3qFxElz7Quk0CUS85CyWf09CEoYmwhDSWDkOsCm-s9lDtYydgT2b39zOShwtqbd9oEMfF7-iWjDUulbARCGPqd3FRucE8XYM17WTeiMjFK0f59GjLEVui8tj-e9iMqyohVyeSncOcElXGeGCTs2ZdpQ5XABZOENH7ihfZsGTGFk1PxkjUkZCvBLCrEDya1LlnCnX0vtQ5koGcQ0uhQFPgXN830U21hOgT-ZGZHaGGOTin1f0DddVCbZ1wOg5TcXvkWPIp8TWkwmZp7WP6ts1bvcpzKw9F5h14QdWjPXpkUUxD1XsJVt42kz6bSHzEf8dPYwP8aVFaRHBovnRpvtw3ix0NC5FMTqlppZWVM%3D%26bag%3DsoD61sIXZfLmZDdfa4zliA%3D%3D%26ruid%3D5efed883-091c-4977-9f1d-a6d2efc2a502%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fanonymfile.com%252FbJXZW%252F20221208173000-20221208180000.rar%253FPageSpeed%253Dnoscript%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:22 GMT
content-type: image/jpeg
content-length: 29997
last-modified: Thu, 20 Oct 2022 03:21:02 GMT
vary: Accept-Encoding
etag: "6350be9e-752d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
37b19a6e06e8b74ba88ae636820d048c
fed89f5ecc38e39e3f6809a718f97c002997e705
a486d199f675dc6e68d8d0d5fa2e79f7534942f75e423e6a5822ff245bba4f0f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A486D199F675DC6E68D8D0D5FA2E79F7534942F75E423E6A5822FF245BBA4F0F"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1530
Expires: Sat, 10 Dec 2022 06:40:52 GMT
Date: Sat, 10 Dec 2022 06:15:22 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
dbb2cf623e56286d45a1317b768a15b1
9be339fb6609250a3684d43163d4f8cf3fe9265f
710f892a6edabc34fafe681f9389b9c8df2f85bb6754c604f069625a47fc9a2b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2769
Cache-Control: max-age=157062
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 06:15:22 GMT
Etag: "6393dbaf-117"
Expires: Mon, 12 Dec 2022 01:53:04 GMT
Last-Modified: Sat, 10 Dec 2022 01:06:55 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279

139.45.197.237

200 OK

16 kB

URL HTTP/2
betotodilea.com/500/5307588?excludes=&oaid=14ea242674014446abc855f4fd8f3ada&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
16 kB (15754 bytes)
Hash
9f3240990f341cafe8d3e2f226f48851
6f18ff06309452d9e1f8a1bcd1dcf3611b39aad8
bc3c565989ca96875c0b31e7fb68444f41a060caad6cbb8bad24be1d68edc418

HTTP Headers

GET /500/5307588?excludes=&oaid=14ea242674014446abc855f4fd8f3ada&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=d4c2421b54f44a3d8cf53e1dc8852431
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:22 GMT
content-type: application/javascript
x-trace-id: cc02fa8b684c95218c09f1104f2c3bc8
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=14ea242674014446abc855f4fd8f3ada; expires=Sun, 10 Dec 2023 06:15:22 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5117
Expires: Sat, 10 Dec 2022 07:40:39 GMT
Date: Sat, 10 Dec 2022 06:15:22 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5117
Expires: Sat, 10 Dec 2022 07:40:39 GMT
Date: Sat, 10 Dec 2022 06:15:22 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5117
Expires: Sat, 10 Dec 2022 07:40:39 GMT
Date: Sat, 10 Dec 2022 06:15:22 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5117
Expires: Sat, 10 Dec 2022 07:40:39 GMT
Date: Sat, 10 Dec 2022 06:15:22 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5117
Expires: Sat, 10 Dec 2022 07:40:39 GMT
Date: Sat, 10 Dec 2022 06:15:22 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7557 bytes)
Hash
5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:15 GMT
age: 82927
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

nanouwho.com/27/11a99959c11b6755664b3df2c6eb7de1

139.45.197.242

200 OK

135 kB

URL HTTP/2
nanouwho.com/27/11a99959c11b6755664b3df2c6eb7de1
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
data
Size
135 kB (134992 bytes)
Hash
dbd2249474fd44108bd44b473376144e
d31a834d57e01d6d1c2a430317a3cbe23f77e544
f55d3393089f9dd131ee176e2665a967b0526c1a66a405ca143197b8e16b7004

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /27/11a99959c11b6755664b3df2c6eb7de1 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: scm=1; OAID=8b0e462b1fe04214827cc639ed43f318; oaidts=1670652921
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:21 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Wed, 07 Dec 2022 09:08:16 GMT
expires: Wed, 06 Jan 2083 09:08:16 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbc287dc2-d769-4627-972b-c4304963fead.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.4 kB (3357 bytes)
Hash
a164807db41edd8da259af2cec18b328
99f89631065869ff2f25762feb2f39af108b5ed8
400c635040d3d141ec35237e64380b7cd1ba02016a90e36e8376afc41a14cb0f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbc287dc2-d769-4627-972b-c4304963fead.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3357
x-amzn-requestid: 860c993a-e391-474a-b306-064c0faabc67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eLwFaSoAMFwfw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4b-30dcd029382c1d825f2a0791;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -MI_dPaTXZPndQzYo2R9p-UiDQNyRh76-XU2fhwjXyKiTVRLjNc3fQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:04:04 GMT
age: 29478
etag: "99f89631065869ff2f25762feb2f39af108b5ed8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa7dc969-e455-4530-98cb-51f59a291532.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6947 bytes)
Hash
e4b1e76689036da0767b475294169149
7c27783f10e44b5c575616feafc6cae87beb916f
52170edde4c4494252ff0c830f21e20a62b2dfc30df2fab5feef5db9d26cf0bc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa7dc969-e455-4530-98cb-51f59a291532.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6947
x-amzn-requestid: 365129c8-2e68-4a0d-8a1e-935d01cd2f0b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eNUH6ooAMF5BQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa55-4182ddcb68b36bf624d758e3;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dFZzPhvzdz_SnEOa6sSy8DY0R-qnACOezHXN84OSOtPzqlyQKnZ8dw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:28:48 GMT
age: 27994
etag: "7c27783f10e44b5c575616feafc6cae87beb916f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a89cfef-fc4a-490b-b984-fd656e721e79.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8473 bytes)
Hash
afcdc2c9891132c82cd09ef237930877
3e112ad867e159d1bfdf9bfd2e2a04fea8248494
8d543255c1272d77981913e4b0e0e5efede8f4ffaa91572a3eee9e44ac035946

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a89cfef-fc4a-490b-b984-fd656e721e79.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8473
x-amzn-requestid: 40260408-5f10-42ed-832e-a8bc5d02e95c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5e9hGqwIAMFl2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393ab89-078ecefb64853b047acc2de7;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:41:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: IlrFT2ydf78BXS67A0IN1KSc_OghPx7hpoY9wmwUxtX8Ivwth70F1w==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:13:10 GMT
age: 28932
etag: "3e112ad867e159d1bfdf9bfd2e2a04fea8248494"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8732123d-ded0-4486-9019-0d87264f6c0e.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12743 bytes)
Hash
0df452512aae4c4c1f4a2cd263b16dfd
68bac75574641febc463bd0819392dae2da15811
e0a9301c5be849e116f1d98b819c2eb91f73e74d836f3e099f2cd266e8f0bb36

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8732123d-ded0-4486-9019-0d87264f6c0e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12743
x-amzn-requestid: 6ed8a5f4-45cd-45bd-9820-df450f612c34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eK4E_-IAMFf3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa45-31d928fc430577b463a68bd0;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: YTqJN92gTy04q3obEXe4P1gmG2h9b2IQjjSkkUXyqnfFOL67uobN4Q==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:58:18 GMT
age: 29824
etag: "68bac75574641febc463bd0819392dae2da15811"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

unphionetor.com/vctx?t=72747

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vctx?t=72747
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 10 Dec 2022 06:15:22 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: ddcc5af33a7e7d128ec43f7e0a78e85c
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 10 Dec 2022 06:15:22 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 1d6fe1ed171c41670c4358efcc7b13a9
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

betotodilea.com/impression/iOehsGUT-zEsN7qSpkVNMh6dTN4ocIbsfHsvond43DTzsc74KVid0uMGstVXewJPoUrO4GqKpxRiXFLCcIcPJHESrIxMMoFihKvtr4mVaWLjE2hchqzEWyokbcZpErGqEybD2N36B4hBiScygKD30JfKVll1X0L16xxDIC6oP2-mT-rzB4WUrvZQbHH6Ks6z2nObXjhx9-YQtrdnNZ0r69aG_UCUOBFEg48aWpyR-DaMpJYYsCMhBgcsd9UOElkKLZSQpQKIm9lvi17RsaEi2HleOHwtlfavcjH8AArfqLR1gD8r0VS_Ffsh_YmAqu2FIPUwtkrYjBidq2t4ms8O19GERE03snGrRvVyOe0B24z0Gg4obRXgFUNjR6P5uyjoV7dCWVpfTq974GnKJGUQBFygOFebkq89aRSGMbfRU_FxouKNklzQNTJedRBKcoISyU4Pdow2jOyp9Vw4m9qTexeYwb8cdfTzvmRJtaCbd8bL0P6qXdvTvuPNNzJmmaESNdR8tic_21QtakFfOpb7NyRWphQW2oI2gWLsIM20zOVZFwEi8RVnM9M48bjBhLhLjCDK3yOjdXCeWdXpE7NxlcW9yuk90wu4?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

43 B

URL HTTP/2
betotodilea.com/impression/iOehsGUT-zEsN7qSpkVNMh6dTN4ocIbsfHsvond43DTzsc74KVid0uMGstVXewJPoUrO4GqKpxRiXFLCcIcPJHESrIxMMoFihKvtr4mVaWLjE2hchqzEWyokbcZpErGqEybD2N36B4hBiScygKD30JfKVll1X0L16xxDIC6oP2-mT-rzB4WUrvZQbHH6Ks6z2nObXjhx9-YQtrdnNZ0r69aG_UCUOBFEg48aWpyR-DaMpJYYsCMhBgcsd9UOElkKLZSQpQKIm9lvi17RsaEi2HleOHwtlfavcjH8AArfqLR1gD8r0VS_Ffsh_YmAqu2FIPUwtkrYjBidq2t4ms8O19GERE03snGrRvVyOe0B24z0Gg4obRXgFUNjR6P5uyjoV7dCWVpfTq974GnKJGUQBFygOFebkq89aRSGMbfRU_FxouKNklzQNTJedRBKcoISyU4Pdow2jOyp9Vw4m9qTexeYwb8cdfTzvmRJtaCbd8bL0P6qXdvTvuPNNzJmmaESNdR8tic_21QtakFfOpb7NyRWphQW2oI2gWLsIM20zOVZFwEi8RVnM9M48bjBhLhLjCDK3yOjdXCeWdXpE7NxlcW9yuk90wu4?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/iOehsGUT-zEsN7qSpkVNMh6dTN4ocIbsfHsvond43DTzsc74KVid0uMGstVXewJPoUrO4GqKpxRiXFLCcIcPJHESrIxMMoFihKvtr4mVaWLjE2hchqzEWyokbcZpErGqEybD2N36B4hBiScygKD30JfKVll1X0L16xxDIC6oP2-mT-rzB4WUrvZQbHH6Ks6z2nObXjhx9-YQtrdnNZ0r69aG_UCUOBFEg48aWpyR-DaMpJYYsCMhBgcsd9UOElkKLZSQpQKIm9lvi17RsaEi2HleOHwtlfavcjH8AArfqLR1gD8r0VS_Ffsh_YmAqu2FIPUwtkrYjBidq2t4ms8O19GERE03snGrRvVyOe0B24z0Gg4obRXgFUNjR6P5uyjoV7dCWVpfTq974GnKJGUQBFygOFebkq89aRSGMbfRU_FxouKNklzQNTJedRBKcoISyU4Pdow2jOyp9Vw4m9qTexeYwb8cdfTzvmRJtaCbd8bL0P6qXdvTvuPNNzJmmaESNdR8tic_21QtakFfOpb7NyRWphQW2oI2gWLsIM20zOVZFwEi8RVnM9M48bjBhLhLjCDK3yOjdXCeWdXpE7NxlcW9yuk90wu4?_z=5307588&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=14ea242674014446abc855f4fd8f3ada
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:26 GMT
content-type: image/gif
content-length: 43
x-trace-id: 80cd6d7d49e14dc69a96e3a2e6b8f700
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

betotodilea.com/500/5307588?excludes=15161934&oaid=14ea242674014446abc855f4fd8f3ada&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5307588?excludes=15161934&oaid=14ea242674014446abc855f4fd8f3ada&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/5307588?excludes=15161934&oaid=14ea242674014446abc855f4fd8f3ada&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:26 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://anonymfile.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

139.45.197.237

200 OK

10 kB

URL HTTP/2
betotodilea.com/500/5307588?excludes=15161934&oaid=14ea242674014446abc855f4fd8f3ada&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
10 kB (10405 bytes)
Hash
2d7a42ca824b9df2da7e8a14797564bb
c251820afa69a3712c662b721ca792c9648fbb17
856ab4e1d1bc145b7af4ec16dfec7ed3fcbd727cc5187b1dd2ea84013c06e5cc

HTTP Headers

GET /500/5307588?excludes=15161934&oaid=14ea242674014446abc855f4fd8f3ada&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://anonymfile.com
Connection: keep-alive
Referer: https://anonymfile.com/
Cookie: OAID=14ea242674014446abc855f4fd8f3ada
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:27 GMT
content-type: application/javascript
x-trace-id: 7283a4802e80faff7d9c0c70b0c8edc1
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://anonymfile.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=14ea242674014446abc855f4fd8f3ada; expires=Sun, 10 Dec 2023 06:15:26 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Content-Type: application/json
Origin: https://anonymfile.com
Content-Length: 431
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:28 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1386bd56b7ca015db3acc4343b6e3e21
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js

104.16.122.175

302 Found

0 B

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js
IP
104.16.122.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /filepond-plugin-file-validate-size/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Sat, 10 Dec 2022 06:15:20 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GKXAMY8YGK3C6KDJP4HWW0A1-fra
cf-cache-status: HIT
age: 134
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7773d8702eae0b41-OSL
X-Firefox-Spdy: h2

unpkg.com/filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js

104.16.122.175

200 OK

0 B

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js
IP
104.16.122.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /filepond-plugin-file-validate-size@2.2.8/dist/filepond-plugin-file-validate-size.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Dec 2022 06:15:20 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1a7f-mapzppsO4HAWL/eiqLcABeu0hWU"
via: 1.1 fly.io
fly-request-id: 01GJZ5C0MRVMZFWGTQD5XR207X-ams
cf-cache-status: HIT
age: 1012302
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7773d8707edb0b41-OSL
content-encoding: br
X-Firefox-Spdy: h2

anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript

138.201.48.112

200 OK

0 B

URL HTTP/2
anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: XSRF-TOKEN=eyJpdiI6IjNaR2tSb3diUlg4bU10ZHdlS0pJTlE9PSIsInZhbHVlIjoiNmY0NFZ6WmNJazY4blpVY3d5QTZCWldHbGNxYWpJRm9lSnlZOFJ4R2lNUy8zVTdWYlpqaDBvbDFRQVNsZ210NnNyWXY2STVHL1FsQU1oVzhKRFp5azJ6U21VQU1lMjZtNkR4QlFreE9NVHA5MEJrN29OVU1hRlJiN3FxQityS0kiLCJtYWMiOiJkYWQyMTViNzIwYzA5MDk0YmU3ZDgwZjFjYWQxMTNlZjhhZjdlNGM5ZGFhZTA5NzBlNTdmNTU0NmIwYTYwMWU3IiwidGFnIjoiIn0%3D; expires=Sat, 10-Dec-2022 08:15:20 GMT; Max-Age=7200; path=/; samesite=lax
anonymfile_session=eyJpdiI6InJnbldMcWtVK3duU2hzdnFmUUZzQ3c9PSIsInZhbHVlIjoidU1PdmZ3aEQxL1RlaHZGTm04ZlZDZlgwVnEvUUR1akhCNWJ2VkxGK1BmN2owQ2tlQUhZVXdnUzhHVEk5djVjUitOSU9kSEl2T1VtbVJjU2lKek5wbzFNZlpVQm92eFlBYWx6R3d1M2RYMit3NUE1Ykc3TUJNeWQ0QUVDYXg1Q2IiLCJtYWMiOiIyMjFjNWUwYzg3NDdmNDE5MDI4MWNjYjRiNWU4NDljNWJiZWI0NmRhZmYzNWNiZTY3NjdhZTg2NzRkNWRmNDBkIiwidGFnIjoiIn0%3D; expires=Sat, 10-Dec-2022 08:15:20 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
date: Sat, 10 Dec 2022 06:15:20 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2

anonymfile.com/css/theme.min.css

138.201.48.112

200 OK

0 B

URL HTTP/2
anonymfile.com/css/theme.min.css
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/theme.min.css HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6IjNaR2tSb3diUlg4bU10ZHdlS0pJTlE9PSIsInZhbHVlIjoiNmY0NFZ6WmNJazY4blpVY3d5QTZCWldHbGNxYWpJRm9lSnlZOFJ4R2lNUy8zVTdWYlpqaDBvbDFRQVNsZ210NnNyWXY2STVHL1FsQU1oVzhKRFp5azJ6U21VQU1lMjZtNkR4QlFreE9NVHA5MEJrN29OVU1hRlJiN3FxQityS0kiLCJtYWMiOiJkYWQyMTViNzIwYzA5MDk0YmU3ZDgwZjFjYWQxMTNlZjhhZjdlNGM5ZGFhZTA5NzBlNTdmNTU0NmIwYTYwMWU3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6InJnbldMcWtVK3duU2hzdnFmUUZzQ3c9PSIsInZhbHVlIjoidU1PdmZ3aEQxL1RlaHZGTm04ZlZDZlgwVnEvUUR1akhCNWJ2VkxGK1BmN2owQ2tlQUhZVXdnUzhHVEk5djVjUitOSU9kSEl2T1VtbVJjU2lKek5wbzFNZlpVQm92eFlBYWx6R3d1M2RYMit3NUE1Ykc3TUJNeWQ0QUVDYXg1Q2IiLCJtYWMiOiIyMjFjNWUwYzg3NDdmNDE5MDI4MWNjYjRiNWU4NDljNWJiZWI0NmRhZmYzNWNiZTY3NjdhZTg2NzRkNWRmNDBkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:20 GMT
content-type: text/css
last-modified: Fri, 22 Oct 2021 08:15:50 GMT
vary: Accept-Encoding
etag: W/"61727336-921fb"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
content-encoding: br
cache-control: s-maxage=10
X-Firefox-Spdy: h2

anonymfile.com/js/site.js

138.201.48.112

200 OK

0 B

URL HTTP/2
anonymfile.com/js/site.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/site.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6IjNaR2tSb3diUlg4bU10ZHdlS0pJTlE9PSIsInZhbHVlIjoiNmY0NFZ6WmNJazY4blpVY3d5QTZCWldHbGNxYWpJRm9lSnlZOFJ4R2lNUy8zVTdWYlpqaDBvbDFRQVNsZ210NnNyWXY2STVHL1FsQU1oVzhKRFp5azJ6U21VQU1lMjZtNkR4QlFreE9NVHA5MEJrN29OVU1hRlJiN3FxQityS0kiLCJtYWMiOiJkYWQyMTViNzIwYzA5MDk0YmU3ZDgwZjFjYWQxMTNlZjhhZjdlNGM5ZGFhZTA5NzBlNTdmNTU0NmIwYTYwMWU3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6InJnbldMcWtVK3duU2hzdnFmUUZzQ3c9PSIsInZhbHVlIjoidU1PdmZ3aEQxL1RlaHZGTm04ZlZDZlgwVnEvUUR1akhCNWJ2VkxGK1BmN2owQ2tlQUhZVXdnUzhHVEk5djVjUitOSU9kSEl2T1VtbVJjU2lKek5wbzFNZlpVQm92eFlBYWx6R3d1M2RYMit3NUE1Ykc3TUJNeWQ0QUVDYXg1Q2IiLCJtYWMiOiIyMjFjNWUwYzg3NDdmNDE5MDI4MWNjYjRiNWU4NDljNWJiZWI0NmRhZmYzNWNiZTY3NjdhZTg2NzRkNWRmNDBkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:20 GMT
content-type: application/javascript
last-modified: Wed, 20 Oct 2021 12:30:18 GMT
vary: Accept-Encoding
etag: W/"61700bda-2487"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
content-encoding: br
X-Firefox-Spdy: h2

anonymfile.com/sw.js

138.201.48.112

404 Not Found

0 B

URL HTTP/2
anonymfile.com/sw.js
IP
138.201.48.112:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw.js HTTP/1.1
Host: anonymfile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/bJXZW/20221208173000-20221208180000.rar?PageSpeed=noscript
Cookie: XSRF-TOKEN=eyJpdiI6IjNaR2tSb3diUlg4bU10ZHdlS0pJTlE9PSIsInZhbHVlIjoiNmY0NFZ6WmNJazY4blpVY3d5QTZCWldHbGNxYWpJRm9lSnlZOFJ4R2lNUy8zVTdWYlpqaDBvbDFRQVNsZ210NnNyWXY2STVHL1FsQU1oVzhKRFp5azJ6U21VQU1lMjZtNkR4QlFreE9NVHA5MEJrN29OVU1hRlJiN3FxQityS0kiLCJtYWMiOiJkYWQyMTViNzIwYzA5MDk0YmU3ZDgwZjFjYWQxMTNlZjhhZjdlNGM5ZGFhZTA5NzBlNTdmNTU0NmIwYTYwMWU3IiwidGFnIjoiIn0%3D; anonymfile_session=eyJpdiI6InJnbldMcWtVK3duU2hzdnFmUUZzQ3c9PSIsInZhbHVlIjoidU1PdmZ3aEQxL1RlaHZGTm04ZlZDZlgwVnEvUUR1akhCNWJ2VkxGK1BmN2owQ2tlQUhZVXdnUzhHVEk5djVjUitOSU9kSEl2T1VtbVJjU2lKek5wbzFNZlpVQm92eFlBYWx6R3d1M2RYMit3NUE1Ykc3TUJNeWQ0QUVDYXg1Q2IiLCJtYWMiOiIyMjFjNWUwYzg3NDdmNDE5MDI4MWNjYjRiNWU4NDljNWJiZWI0NmRhZmYzNWNiZTY3NjdhZTg2NzRkNWRmNDBkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
date: Sat, 10 Dec 2022 06:15:20 GMT
x-page-speed: 1.13.35.2-0
cache-control: max-age=0, no-cache
content-encoding: br
X-Firefox-Spdy: h2

inklinkor.com/tag.min.js

172.67.211.29

200 OK

0 B

URL HTTP/2
inklinkor.com/tag.min.js
IP
172.67.211.29:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 10 Dec 2022 06:15:20 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: d197163638690d0013733a1649363f4f
cache-control: max-age=86400
last-modified: Fri, 09 Dec 2022 06:46:36 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Sun, 11 Dec 2022 05:50:03 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 1517
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sHbZgX%2BY2Y9x3ev4%2FDOFO1XImtV7BmbDD0oAootvL36ZNQL4zK957QJh1GsyX7BDGPdEaM5HZenm190M7RwI%2BOnlpTOB4h1a9E1U03JIMd422KdqCHbAY53%2B27fhUR8I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7773d873ab7bb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js

104.16.122.175

302 Found

0 B

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js
IP
104.16.122.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /filepond-plugin-file-validate-type/dist/filepond-plugin-file-validate-type.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Sat, 10 Dec 2022 06:15:20 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GKXAMY99TA98F75K49XZ7TR7-fra
cf-cache-status: HIT
age: 133
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7773d8703eb30b41-OSL
X-Firefox-Spdy: h2

unpkg.com/filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js

104.16.122.175

200 OK

0 B

URL HTTP/2
unpkg.com/filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js
IP
104.16.122.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /filepond-plugin-file-validate-type@1.2.8/dist/filepond-plugin-file-validate-type.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Dec 2022 06:15:20 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"1d07-1hxUHKzrTl3rNdhkJwK4kJGou0I"
via: 1.1 fly.io
fly-request-id: 01G2PJZCDRWWWP671QTKZ7W61J-fra
cf-cache-status: HIT
age: 18479872
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7773d8707ed90b41-OSL
content-encoding: br
X-Firefox-Spdy: h2

nanouwho.com/1?z=5307589

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/1?z=5307589
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1?z=5307589 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:21 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: e58defd5d8e8b15e3bb75ef293c99342
access-control-expose-headers: X-Sc
x-sc: mMV2-5KKDigIUlht_YzOYjT4NuvDQfgU4Co7PBwXFNDg8W7kmtqjETzXgBF9Ju8Njvy_COmTF2Y_2drNH2owFTv_iYc=
set-cookie: scm=1; expires=Sun, 10 Dec 2023 06:15:21 GMT; secure; SameSite=None
OAID=8b0e462b1fe04214827cc639ed43f318; expires=Sun, 10 Dec 2023 06:15:21 GMT; secure; SameSite=None
oaidts=1670652921; expires=Sun, 10 Dec 2023 06:15:21 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

onmarshtompor.com/?rb=SFYD7zNw_TG8eIIZso7nIGxf4sebvpOIvmEMJIugwtKDp-wzH0ELFaY18pe-HgLxkt80D4MB-AhvR9D7rBKh1LmU6ppEBP6shhfsAoVPZrTJYNowEERnXIfzU4JNYhf0fYU07jbS-sX4xSatyH5g2xY1WkZqqMmQM7NBU7q8gs6qdlZQm-ozM2frJOLhtRl0sNOZYBb2q16K88YtXjldCrVi85MGNSSXFtaA6JJcNxljB2NP&request_ab2=96003&zoneid=5307591&js_build=iclick-v1.459.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.459.0&bs=34fdd099-d630-48a1-b5a0-500f8dbf4232&userId=14ea242674014446abc855f4fd8f3ada&m=link

139.45.197.243

200 OK

0 B

URL HTTP/2
onmarshtompor.com/?rb=SFYD7zNw_TG8eIIZso7nIGxf4sebvpOIvmEMJIugwtKDp-wzH0ELFaY18pe-HgLxkt80D4MB-AhvR9D7rBKh1LmU6ppEBP6shhfsAoVPZrTJYNowEERnXIfzU4JNYhf0fYU07jbS-sX4xSatyH5g2xY1WkZqqMmQM7NBU7q8gs6qdlZQm-ozM2frJOLhtRl0sNOZYBb2q16K88YtXjldCrVi85MGNSSXFtaA6JJcNxljB2NP&request_ab2=96003&zoneid=5307591&js_build=iclick-v1.459.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.459.0&bs=34fdd099-d630-48a1-b5a0-500f8dbf4232&userId=14ea242674014446abc855f4fd8f3ada&m=link
IP
139.45.197.243:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?rb=SFYD7zNw_TG8eIIZso7nIGxf4sebvpOIvmEMJIugwtKDp-wzH0ELFaY18pe-HgLxkt80D4MB-AhvR9D7rBKh1LmU6ppEBP6shhfsAoVPZrTJYNowEERnXIfzU4JNYhf0fYU07jbS-sX4xSatyH5g2xY1WkZqqMmQM7NBU7q8gs6qdlZQm-ozM2frJOLhtRl0sNOZYBb2q16K88YtXjldCrVi85MGNSSXFtaA6JJcNxljB2NP&request_ab2=96003&zoneid=5307591&js_build=iclick-v1.459.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=0&pl=https%3A%2F%2Fanonymfile.com%2FbJXZW%2F20221208173000-20221208180000.rar%3FPageSpeed%3Dnoscript&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.459.0&bs=34fdd099-d630-48a1-b5a0-500f8dbf4232&userId=14ea242674014446abc855f4fd8f3ada&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonymfile.com/
Origin: https://anonymfile.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:21 GMT
content-type: application/json
x-trace-id: b7745ee0fd21721a989fe453a3f8bb29
access-control-allow-origin: https://anonymfile.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=14ea242674014446abc855f4fd8f3ada; expires=Sun, 10 Dec 2023 06:15:21 GMT; path=/; secure; SameSite=None
oaidts=1670652921; expires=Sun, 10 Dec 2023 06:15:21 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 17 Dec 2022 06:15:21 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

unphionetor.com/fv.js?t=72747&cb=523908534

139.45.197.236

200 OK

0 B

URL HTTP/2
unphionetor.com/fv.js?t=72747&cb=523908534
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fv.js?t=72747&cb=523908534 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 06:15:22 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 873b4bacc4b5a75b7b197012cee1d6d3
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

104.21.84.149

200 OK

0 B

URL HTTP/2
tzegilo.com/stattag.js
IP
104.21.84.149:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonymfile.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 10 Dec 2022 06:15:21 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5619
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kDfFA8pBmqKifa36BRVjGYjLl4qX%2B0OCMVONSIUMPkB3XQJoxq3rose8VP%2BEMwrnG2z32aREnUUX4yymR0Uz6K68kzhgKY7U%2FIUwx7VS4%2FAT0KuXyoEQCSvzsawBAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7773d8762e5e0b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (25)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations