anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
45.154.253.151200 OK 3.1 kB URL User Request GET HTTP/1.1 anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (479)
Hash 7c37680f631d1c0dc7c0cb7f5a69eae7
a900eef474c4eb89dfec9dd5c79bf3d52b7eef18
68a7496ca2b8ebf72876ffb90cdf202c3bf19241dc1e4d515dc30bfa0212f7f1
GET /Z8c4g8a0z5/Paypal_Refunding_pdf HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdc: Yes
cache-control: public, max-age=60
x-oe: N
Content-Encoding: gzip
anonfiles.com/css/anonfiles.css?1685109493
45.154.253.151200 OK 25 kB URL GET HTTP/1.1 anonfiles.com/css/anonfiles.css?1685109493
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type ASCII text, with very long lines (65452)
Hash b97cab6e1166955e8eae870b2dc08774
2dd9ce5cabbcf44ab4d39c91c3b6f23ca059fd3b
bfd1d04319976b5c2cbbe73ca7197ed05bd718901d49da2f65cecf751d3efc65
GET /css/anonfiles.css?1685109493 HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:18 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 119
Content-Encoding: gzip
vjs.zencdn.net/7.3.0/video-js.min.css
151.101.66.217200 OK 9.7 kB URL GET HTTP/2 vjs.zencdn.net/7.3.0/video-js.min.css
IP 151.101.66.217:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerGlobalSign nv-sa
Subjectvjs.zencdn.net
FingerprintF1:9D:59:01:F6:51:96:37:CE:E1:24:CD:15:E5:5E:AA:56:F0:05:7E
ValidityTue, 30 Aug 2022 21:42:19 GMT - Sun, 01 Oct 2023 21:42:18 GMT
File type ASCII text, with very long lines (35998), with no line terminators
Hash 895e6b29db41953ef6197815c6be59d3
065ac8dbb45ff81cf4a079f342c4022d5fbcbe7e
9ae8eacf58c6f1d8dc071a099ef7ef4c88d1c73ef2e71369cd8d7cc7c6aee5c9
GET /7.3.0/video-js.min.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "895e6b29db41953ef6197815c6be59d3"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Sun, 28 May 2023 05:01:18 GMT
x-served-by: cache-bma1676-BMA
x-cache: HIT
x-cache-hits: 11453
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 9673
X-Firefox-Spdy: h2
anonfiles.com/sw_anonfiles.js
45.154.253.151200 OK 16 kB URL GET HTTP/1.1 anonfiles.com/sw_anonfiles.js
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type ASCII text, with very long lines (25712)
Hash 3adab942a2ab6c02c549daaf694f58fa
33792c7a0ee33eb3d88af7eab2b86bcb846aeee5
9091b2493e77eac744b42f7634ab2bbd51f693cc036926c9a91efbeef482d167
GET /sw_anonfiles.js HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:18 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-vdch: Yes
cache-control: public, max-age=14400
x-oe: Y
x-oh: 1982
Content-Encoding: gzip
vjs.zencdn.net/7.3.0/video.min.js
151.101.66.217200 OK 132 kB URL GET HTTP/2 vjs.zencdn.net/7.3.0/video.min.js
IP 151.101.66.217:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerGlobalSign nv-sa
Subjectvjs.zencdn.net
FingerprintF1:9D:59:01:F6:51:96:37:CE:E1:24:CD:15:E5:5E:AA:56:F0:05:7E
ValidityTue, 30 Aug 2022 21:42:19 GMT - Sun, 01 Oct 2023 21:42:18 GMT
File type Unicode text, UTF-8 text, with very long lines (65141)
Size 132 kB (132230 bytes)
Hash 057f19acd50fc7e3ad917dd600889ee5
479d8baad992ec24bf4c3ac8365014be01565219
963ccc559571c588baa7f6d61513b26277c7847c250773e3270c51f5038216fb
GET /7.3.0/video.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Oct 2018 18:06:27 GMT
etag: "057f19acd50fc7e3ad917dd600889ee5"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Sun, 28 May 2023 05:01:18 GMT
x-served-by: cache-bma1676-BMA
x-cache: HIT
x-cache-hits: 5
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 132230
X-Firefox-Spdy: h2
anonfiles.com/js/app.js?1685109493
45.154.253.151200 OK 58 kB URL GET HTTP/1.1 anonfiles.com/js/app.js?1685109493
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type ASCII text, with very long lines (63238)
Hash fe2ca28edff9bbe292e8ad65115dfcfb
8bcf6e44843e1c4b5239ab463deabfc5c7eec8d5
2382ae43e653914c77c691b477cc0e6151d2183cba4cd4f51218fefa121c02be
GET /js/app.js?1685109493 HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:18 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cache-control: public, max-age=3600
x-oe: Y
x-oh: 75
Content-Encoding: gzip
anonfiles.com/img/flags/24/ru.png
45.154.253.151200 OK 403 B URL GET HTTP/1.1 anonfiles.com/img/flags/24/ru.png
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash d8df89b036e6afb48f72d2440831bad0
04abb4b29dae9c6f1ac0f1d8a507aabe26a3be35
2db4b55326c0ef7cd3caf53e835ae1f38629da1d1c2f5a127e0785165b16078c
GET /img/flags/24/ru.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:18 GMT
Content-Type: image/png
Content-Length: 403
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1979
accept-ranges: bytes
anonfiles.com/img/flags/24/fr.png
45.154.253.151200 OK 536 B URL GET HTTP/1.1 anonfiles.com/img/flags/24/fr.png
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash e81efecf1a1b1d3a17d00a904c5cc3c9
1203894dbfc8363302dc709d852c05a4dd8bf9dc
54df4beda3ad05d5c621511ff15b2882588ff457e36132035d5f21fb29f2a750
GET /img/flags/24/fr.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:18 GMT
Content-Type: image/png
Content-Length: 536
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 4126
accept-ranges: bytes
anonfiles.com/img/flags/24/kr.png
45.154.253.151200 OK 988 B URL GET HTTP/1.1 anonfiles.com/img/flags/24/kr.png
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash cb22f00511d088a71e84f8c1c864caed
6599812ed106bda6017487287e12bc836570649f
09a03e08c73db3d8fb50241f004b69d673ec8ea90a6ca7252d66ce821d0b6db1
GET /img/flags/24/kr.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:18 GMT
Content-Type: image/png
Content-Length: 988
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1213
accept-ranges: bytes
anonfiles.com/img/file/filetypes/ext/pdf.png?1663359761
45.154.253.151200 OK 663 B URL GET HTTP/1.1 anonfiles.com/img/file/filetypes/ext/pdf.png?1663359761
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash bd5239846e0092d51259bcfa08eb252d
7acdac3964ed4e0d2b4faa56e62c08605b20b769
ebae47769ff8725ba7b3c0baa1f8d2b03d828ab706c1cf9c4bb0081472dd826c
GET /img/file/filetypes/ext/pdf.png?1663359761 HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:18 GMT
Content-Type: image/png
Content-Length: 663
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 21
accept-ranges: bytes
anonfiles.com/static/logo.png
45.154.253.151200 OK 18 kB URL GET HTTP/1.1 anonfiles.com/static/logo.png
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 450 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash f9fd716d30e220aa24bab0e94ebf0aa0
4af32d78655436173f272bb65159a232f1671b8d
5e937c4d8fd33714e43b400f238cf37630e6eaeefa105cca9d77760223a16e94
GET /static/logo.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:18 GMT
Content-Type: image/png
Content-Length: 18441
Connection: keep-alive
last-modified: Fri, 16 Sep 2022 20:22:41 GMT
etag: "6324db11-4809"
anonfiles.com/img/flags/24/jp.png
45.154.253.151200 OK 599 B URL GET HTTP/1.1 anonfiles.com/img/flags/24/jp.png
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 857f6f0e0886a3729b758b7241e42e61
a7be973a93c6ad51cf07a9f21a5dd72cc3e15680
8e7b1cd46120293756d1f21bac4de809d2895c7c26dc7586e3e2a09a0f7c1d64
GET /img/flags/24/jp.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:18 GMT
Content-Type: image/png
Content-Length: 599
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1823
accept-ranges: bytes
anonfiles.com/img/flags/24/de.png
45.154.253.151200 OK 483 B URL GET HTTP/1.1 anonfiles.com/img/flags/24/de.png
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f8cc07c258bcd2de0c7900861e20ffc
fed97219e44693d4f3918fc4037b325732225d81
07cd5a4cad20604f77dced9c7d8a92ca9ae3321718e5a1935296e4d75f921a19
GET /img/flags/24/de.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:18 GMT
Content-Type: image/png
Content-Length: 483
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2869
accept-ranges: bytes
anonfiles.com/img/flags/24/no.png
45.154.253.151200 OK 611 B URL GET HTTP/1.1 anonfiles.com/img/flags/24/no.png
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash f14ac70aa6dd4d371671c0e6d7cba4e3
1139e3acd6e073bffb59157cbc10af72ed757218
9a4473862ea2b9bd1c5e1543900416e693b33516cae53fde32e1c3a83d3382e4
GET /img/flags/24/no.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:18 GMT
Content-Type: image/png
Content-Length: 611
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1770
accept-ranges: bytes
anonfiles.com/img/flags/24/us.png
45.154.253.151200 OK 656 B URL GET HTTP/1.1 anonfiles.com/img/flags/24/us.png
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ae506a6c014bfeb8d8cbfdfbe94c14c9
f4e74440c4e79e71959b9b8f799f2e8a7e15b7ee
bc6dd978e70894c8a0148e6806f4fde9566ee59349adb03c02a61a3b2e25b6f1
GET /img/flags/24/us.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:18 GMT
Content-Type: image/png
Content-Length: 656
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1296
accept-ranges: bytes
djv99sxoqpv11.cloudfront.net/?xsvjd=737329
54.230.245.107200 OK 68 kB URL GET HTTP/2 djv99sxoqpv11.cloudfront.net/?xsvjd=737329
IP 54.230.245.107:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (15948)
Hash e5771c473b681e76dd32d1b54021d782
7d9e48b54025b7ea324ba197470b6201e7a463f2
6e4684840d4e1f91ee6e2ea8801510b05061bf833e9ceafabc2d60306ad1381b
GET /?xsvjd=737329 HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 68474
date: Sun, 28 May 2023 05:01:18 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Pe-IJnNOFdFjnQrTDoTxnXWGN_L9QvEC3rQNvfCuq1FQP9a_gjQeXA==
X-Firefox-Spdy: h2
anonfiles.com/img/flags/24/es.png
45.154.253.151200 OK 666 B URL GET HTTP/1.1 anonfiles.com/img/flags/24/es.png
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 5fa381a8eb16d9e673d32980e7fd1710
fc29fbbebe97109ef1d16a0d4a65637d6b725ac8
7b6f223153c8eda1b541326f9cd66aeb53a28801c58c4de751fd2f9f6f1d96ff
GET /img/flags/24/es.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:19 GMT
Content-Type: image/png
Content-Length: 666
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1146
accept-ranges: bytes
anonfiles.com/img/flags/24/in.png
45.154.253.151200 OK 593 B URL GET HTTP/1.1 anonfiles.com/img/flags/24/in.png
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash ccaf96cfc341dc9a17e24b96bef223ff
8791d6db6628e0fb21b847ab94484f0c615e38ac
728e008d94e2e3bae2679d50a051562f1ccce1fd604196c7880a3d96f3070354
GET /img/flags/24/in.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:19 GMT
Content-Type: image/png
Content-Length: 593
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2929
accept-ranges: bytes
gforanythingamgl.info/MG9IWWwfUCsqUX05BjM+XQgPAwB+SnofNHE1IAxffg0KHhhkCSQqSkQGLGRbA1h7a1UWHyE9UQFJOy0NRBo7ZF0WBiY/Aw1JPmRdHlx8d18CQXp/GQ1ebi0cUQh1aEpAGzw1UQFZcGxeBV94blQHXH0
104.21.93.237204 No Content 0 B URL GET HTTP/2 gforanythingamgl.info/MG9IWWwfUCsqUX05BjM+XQgPAwB+SnofNHE1IAxffg0KHhhkCSQqSkQGLGRbA1h7a1UWHyE9UQFJOy0NRBo7ZF0WBiY/Aw1JPmRdHlx8d18CQXp/GQ1ebi0cUQh1aEpAGzw1UQFZcGxeBV94blQHXH0
IP 104.21.93.237:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerGoogle Trust Services LLC
Subjectgforanythingamgl.info
Fingerprint5E:50:F4:C2:4F:D9:85:4E:40:F6:9A:2E:AC:04:DE:C2:79:BB:A8:74
ValidityFri, 05 May 2023 13:46:21 GMT - Thu, 03 Aug 2023 13:46:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /MG9IWWwfUCsqUX05BjM+XQgPAwB+SnofNHE1IAxffg0KHhhkCSQqSkQGLGRbA1h7a1UWHyE9UQFJOy0NRBo7ZF0WBiY/Aw1JPmRdHlx8d18CQXp/GQ1ebi0cUQh1aEpAGzw1UQFZcGxeBV94blQHXH0 HTTP/1.1
Host: gforanythingamgl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Sun, 28 May 2023 05:01:19 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dINx4jUNU3FE2jCUc3%2BaBrQxz6AEzbdit9x%2FUljJzRbNm%2BjBhy4jZyPKOKaR1JrP2AzDnpG3PStgTydQt9AVMoXeRHMuDMs1EBOl1zYzhPHVUrAw3MsWTi%2FUeAfOKaRnawVzJ%2FZvcM8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce3f0622c9eb503-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
adthereissome.info/SUlxQUEoKxIsfih0E2c0OyVMZHMPbEMHJSM/SHgyMSYAMTd4eF8iLSY8FSczJicFby8sPVRzBzAGJQ8sLB4FIBkILhcXBHgoMCoTKgoWExcaeDgnFhscJgMUIgYzEgAgDUAUKQ4ICSIbLiIpDSp8DSAAcRsRIHQWET4VGBkYDzQVFzEtMxQTKAFACAIOeCgPBxsAOwMHAAYwJiYLEUA2BQo+IxYXHAg8AiYbLDIQDAofJ3kJEQ8dZHMPCxopCx0uAgUVLg8QAgMTHz5xdQUIBi4QCxwJDRB5PRMQED0YOy1xBw8dFHYdLgIFBwhwPgIvAxEiFwgRCEFseCoeIC0UCDEeABchEyQRcCIDMC0bAx4WKgIYeQUjGXgmJAkAeB4icQ8FBSAmAh94FSMJeRMTEgBvIwIuLzl0EhgIfy82ICYsHB4vBD45
54.230.111.6200 OK 1.2 kB URL GET HTTP/2 adthereissome.info/SUlxQUEoKxIsfih0E2c0OyVMZHMPbEMHJSM/SHgyMSYAMTd4eF8iLSY8FSczJicFby8sPVRzBzAGJQ8sLB4FIBkILhcXBHgoMCoTKgoWExcaeDgnFhscJgMUIgYzEgAgDUAUKQ4ICSIbLiIpDSp8DSAAcRsRIHQWET4VGBkYDzQVFzEtMxQTKAFACAIOeCgPBxsAOwMHAAYwJiYLEUA2BQo+IxYXHAg8AiYbLDIQDAofJ3kJEQ8dZHMPCxopCx0uAgUVLg8QAgMTHz5xdQUIBi4QCxwJDRB5PRMQED0YOy1xBw8dFHYdLgIFBwhwPgIvAxEiFwgRCEFseCoeIC0UCDEeABchEyQRcCIDMC0bAx4WKgIYeQUjGXgmJAkAeB4icQ8FBSAmAh94FSMJeRMTEgBvIwIuLzl0EhgIfy82ICYsHB4vBD45
IP 54.230.111.6:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerAmazon
Subjectadthereissome.info
Fingerprint21:40:7C:A8:E9:22:33:8E:6F:E6:0A:C2:79:2F:18:FD:76:73:C9:7E
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 02 Jun 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3027), with no line terminators
Hash 07fa2f929f2cd86b094ccec706b936a0
6ad138359e9f5759e84fccfd91ed5d4e08a4c35e
ddd0f6f662dd817886945add323f590373c3e7a11dbee35b5e903a36283e3463
GET /SUlxQUEoKxIsfih0E2c0OyVMZHMPbEMHJSM/SHgyMSYAMTd4eF8iLSY8FSczJicFby8sPVRzBzAGJQ8sLB4FIBkILhcXBHgoMCoTKgoWExcaeDgnFhscJgMUIgYzEgAgDUAUKQ4ICSIbLiIpDSp8DSAAcRsRIHQWET4VGBkYDzQVFzEtMxQTKAFACAIOeCgPBxsAOwMHAAYwJiYLEUA2BQo+IxYXHAg8AiYbLDIQDAofJ3kJEQ8dZHMPCxopCx0uAgUVLg8QAgMTHz5xdQUIBi4QCxwJDRB5PRMQED0YOy1xBw8dFHYdLgIFBwhwPgIvAxEiFwgRCEFseCoeIC0UCDEeABchEyQRcCIDMC0bAx4WKgIYeQUjGXgmJAkAeB4icQ8FBSAmAh94FSMJeRMTEgBvIwIuLzl0EhgIfy82ICYsHB4vBD45 HTTP/1.1
Host: adthereissome.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1177
date: Sun, 28 May 2023 05:01:19 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: by7OCPDDxUOL5qn9BcBRX6KoYKWYaywZXOuCKPKpzYuYbM8vYt920A==
X-Firefox-Spdy: h2
adthereissome.info/bnFrRXQPEwgoSw9MCWMBHB1WYEYoVFkDEAQHUnwHFh4aNQJfQEUmGAEEDyMGAR8faxoLBU53MgUUPwcADEMcJCwZPCEQA18rKBM+DCIMIRE2NxMjIwZFKgQTBT8jPRdYNSouQS8jOjAnOhIvFhNfOigTPg0pWjI5LyAfADIJFikBRD8zODJAJzYcdC49IwAcMD8wKgMcLBIqFEEkIlgfLT8nEyY1AkAjAzEJMzgDAxspKg8QLwY+HSY8JyAdHwI4PRMfFCUcFz02Ml4mNQJBDwIYGTUnA0ENIClwEDwaBwk1Lx4gAQwkFzgDRB8iHAcXNkATDDUoXBMOLAUdPAc2XjsjdEw4IgdxUVw3KhMMCyAALiMpNyEhUgQCBCsEUwMTEwFXJQU9IxcrBw
54.230.111.6200 OK 1.2 kB URL GET HTTP/2 adthereissome.info/bnFrRXQPEwgoSw9MCWMBHB1WYEYoVFkDEAQHUnwHFh4aNQJfQEUmGAEEDyMGAR8faxoLBU53MgUUPwcADEMcJCwZPCEQA18rKBM+DCIMIRE2NxMjIwZFKgQTBT8jPRdYNSouQS8jOjAnOhIvFhNfOigTPg0pWjI5LyAfADIJFikBRD8zODJAJzYcdC49IwAcMD8wKgMcLBIqFEEkIlgfLT8nEyY1AkAjAzEJMzgDAxspKg8QLwY+HSY8JyAdHwI4PRMfFCUcFz02Ml4mNQJBDwIYGTUnA0ENIClwEDwaBwk1Lx4gAQwkFzgDRB8iHAcXNkATDDUoXBMOLAUdPAc2XjsjdEw4IgdxUVw3KhMMCyAALiMpNyEhUgQCBCsEUwMTEwFXJQU9IxcrBw
IP 54.230.111.6:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerAmazon
Subjectadthereissome.info
Fingerprint21:40:7C:A8:E9:22:33:8E:6F:E6:0A:C2:79:2F:18:FD:76:73:C9:7E
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 02 Jun 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2998), with no line terminators
Hash 14a1dbc1f8e61c61deb1118fe0b47e1a
97d87865037e690e6c4ec7c90eed958056de65aa
11618a40133afd2c94e5a96bf82e16a5831bf6ed23a9c58636ce3f3f4c97ef44
GET /bnFrRXQPEwgoSw9MCWMBHB1WYEYoVFkDEAQHUnwHFh4aNQJfQEUmGAEEDyMGAR8faxoLBU53MgUUPwcADEMcJCwZPCEQA18rKBM+DCIMIRE2NxMjIwZFKgQTBT8jPRdYNSouQS8jOjAnOhIvFhNfOigTPg0pWjI5LyAfADIJFikBRD8zODJAJzYcdC49IwAcMD8wKgMcLBIqFEEkIlgfLT8nEyY1AkAjAzEJMzgDAxspKg8QLwY+HSY8JyAdHwI4PRMfFCUcFz02Ml4mNQJBDwIYGTUnA0ENIClwEDwaBwk1Lx4gAQwkFzgDRB8iHAcXNkATDDUoXBMOLAUdPAc2XjsjdEw4IgdxUVw3KhMMCyAALiMpNyEhUgQCBCsEUwMTEwFXJQU9IxcrBw HTTP/1.1
Host: adthereissome.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1153
date: Sun, 28 May 2023 05:01:19 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uoHRGMB0PmhtYkWcyOfxZk1KsGMOWZpQRzoZcw542et2DX5-HUD2Rg==
X-Firefox-Spdy: h2
gforanythingamgl.info/U0wzWGJ8c1ArXzIbBmgDYwZSADcVFlceIDcYZSxTBgpDHTo9ARUsCzdxBGtVYH8DfhI6KA5pWnU/RzkWJj8OaUQ6IlU3X3U6DmlMY2IBdlF1OQ5pRCc8Uj9fYmpDLBY/cQJuWmZ+BmhSZHQEbFQ
104.21.93.237204 No Content 0 B URL GET HTTP/2 gforanythingamgl.info/U0wzWGJ8c1ArXzIbBmgDYwZSADcVFlceIDcYZSxTBgpDHTo9ARUsCzdxBGtVYH8DfhI6KA5pWnU/RzkWJj8OaUQ6IlU3X3U6DmlMY2IBdlF1OQ5pRCc8Uj9fYmpDLBY/cQJuWmZ+BmhSZHQEbFQ
IP 104.21.93.237:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerGoogle Trust Services LLC
Subjectgforanythingamgl.info
Fingerprint5E:50:F4:C2:4F:D9:85:4E:40:F6:9A:2E:AC:04:DE:C2:79:BB:A8:74
ValidityFri, 05 May 2023 13:46:21 GMT - Thu, 03 Aug 2023 13:46:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /U0wzWGJ8c1ArXzIbBmgDYwZSADcVFlceIDcYZSxTBgpDHTo9ARUsCzdxBGtVYH8DfhI6KA5pWnU/RzkWJj8OaUQ6IlU3X3U6DmlMY2IBdlF1OQ5pRCc8Uj9fYmpDLBY/cQJuWmZ+BmhSZHQEbFQ HTTP/1.1
Host: gforanythingamgl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sun, 28 May 2023 05:01:19 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CDWsnpAsJZJXR9em8PEcRmkRmSBPQ4Utcvkc0%2FnWYOGtcna7aT0%2Fw4dSno9C3adV00K9wDUPvQF7SixkZFqBXN%2BRc9xbjr7zuPq%2FxaXDKX3otVsqFOGj6BMBUoMFWkzYKdYBXAL6Qjs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce3f0626ce5b503-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
anonfiles.com/img/flags/24/br.png
45.154.253.151200 OK 1.1 kB URL GET HTTP/1.1 anonfiles.com/img/flags/24/br.png
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 6a5938d2e7f7d6f4026d6eb1b4b4f2cd
7a038177fe4deec455d61d3e9c90019fa4727d40
0ab6c46e677fa7e49b6344fcde39c06ff6c014d9163571cdb36f8b5fc59c17eb
GET /img/flags/24/br.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:19 GMT
Content-Type: image/png
Content-Length: 1115
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2011
accept-ranges: bytes
adthereissome.info/utx?tid=737323&top=anonfiles.com&cb=wMbb42zkHEgk
54.230.111.6204 No Content 0 B URL GET HTTP/2 adthereissome.info/utx?tid=737323&top=anonfiles.com&cb=wMbb42zkHEgk
IP 54.230.111.6:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerAmazon
Subjectadthereissome.info
Fingerprint21:40:7C:A8:E9:22:33:8E:6F:E6:0A:C2:79:2F:18:FD:76:73:C9:7E
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 02 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?tid=737323&top=anonfiles.com&cb=wMbb42zkHEgk HTTP/1.1
Host: adthereissome.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonfiles.com
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sun, 28 May 2023 05:01:19 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://anonfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 28 May 2023 05:02:19 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OKrit5ESO1cCUrDj-3QAYG8Qzb2rtiL1-16AMZoRhvjIcJ-R97D7qA==
X-Firefox-Spdy: h2
anonfiles.com/img/flags/24/se.png
45.154.253.151200 OK 581 B URL GET HTTP/1.1 anonfiles.com/img/flags/24/se.png
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash c9b1e40987c4411b4a7d13c07a8843aa
cfce93be3ba77e4e30033d25e2e5c6a37da1b27d
8c04b3b52d605637bb4c6a26449c45e5320a3f33f14e8c737ce599433bc19f14
GET /img/flags/24/se.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:19 GMT
Content-Type: image/png
Content-Length: 581
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 1532
accept-ranges: bytes
anonfiles.com/img/flags/24/dk.png
45.154.253.151200 OK 537 B URL GET HTTP/1.1 anonfiles.com/img/flags/24/dk.png
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash b6ebe55a7d176720cd2b1003298187a8
930858408b9af1f79c430bbe15c185db555a7815
07575cf7a8d7d2b8edfbea80f8e8a228ecc56a03a567bc60c0ef4dc6ac0f328a
GET /img/flags/24/dk.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:19 GMT
Content-Type: image/png
Content-Length: 537
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2991
accept-ranges: bytes
anonfiles.com/img/flags/24/fi.png
45.154.253.151200 OK 456 B URL GET HTTP/1.1 anonfiles.com/img/flags/24/fi.png
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ea9115d18d5210d4f1db520881faa3a
09829c2b7b5e4bae28d62b1dff90220f28c3bdf5
544fee9d1bff8bc83865ab87538924de207ebe4848787496c7308b91b539b6da
GET /img/flags/24/fi.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:19 GMT
Content-Type: image/png
Content-Length: 456
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2933
accept-ranges: bytes
djv99sxoqpv11.cloudfront.net/yOTNmeWtaXAgfVE1aAkRcCgRVS1IfWRUWBUkOBSAiD1UhGAxcZgkXLk5DQA0RXQ5WXwdYXQFETVxdBURaH1ICG1YNFRIJBFIOAggBX1wDCwRWVUAMCgReCQMCVV8HXFl/BkhJTgsDTgFaCBZVO04LAwoQBUxLQ0tbQQtQJl0NFlU7TgsDFA9OCnJXSVIXA0-9cWQlUAxoAVhZUP1kJAlZJWgkCQ0tbX1oUHA1WS0NLLQgCV1dbH0ZbSA
54.230.245.107 579 B URL djv99sxoqpv11.cloudfront.net/yOTNmeWtaXAgfVE1aAkRcCgRVS1IfWRUWBUkOBSAiD1UhGAxcZgkXLk5DQA0RXQ5WXwdYXQFETVxdBURaH1ICG1YNFRIJBFIOAggBX1wDCwRWVUAMCgReCQMCVV8HXFl/BkhJTgsDTgFaCBZVO04LAwoQBUxLQ0tbQQtQJl0NFlU7TgsDFA9OCnJXSVIXA0-9cWQlUAxoAVhZUP1kJAlZJWgkCQ0tbX1oUHA1WS0NLLQgCV1dbH0ZbSA
IP 54.230.245.107:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (803), with no line terminators
Hash df17b04e85b7e9bd3a42fcc65f9a41e6
16b737e5f30d40e0c524f1ab331fa0d8601f09a7
97b92bc0543fdf31905d2f058890b33795faab0c4e3c25425e3c7f072f4d35f5
GET /yOTNmeWtaXAgfVE1aAkRcCgRVS1IfWRUWBUkOBSAiD1UhGAxcZgkXLk5DQA0RXQ5WXwdYXQFETVxdBURaH1ICG1YNFRIJBFIOAggBX1wDCwRWVUAMCgReCQMCVV8HXFl/BkhJTgsDTgFaCBZVO04LAwoQBUxLQ0tbQQtQJl0NFlU7TgsDFA9OCnJXSVIXA0-9cWQlUAxoAVhZUP1kJAlZJWgkCQ0tbX1oUHA1WS0NLLQgCV1dbH0ZbSA HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adthereissome.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 579
date: Sun, 28 May 2023 05:01:19 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jBnND34aeDDZlRb4KgNYl-xpKiNQt4wQux-Ch6odRTkgdYJjjVQ3-A==
X-Firefox-Spdy: h2
djv99sxoqpv11.cloudfront.net/keTBtb2waXwMJUw1ZCVJbSgdeXFxfWh4AAgkNHxc6DAk5ARQuSTcDSg1KCVJcX1wMAQtEFggBD0QBSw4IGw1ZSRkYDQAAFhBcAQ5JS3ZYQVxcAl1HFEgBSFwuXAJdAwUXRRVKXklIVVkzTwRIXC5cAl0dGlwDLF5cQB5dRklLAAoKDxJfSF0qSwBcX1xIAF-xKXklWBB0JH18VSl4/AVxeQkkWGFJd
54.230.245.107 257 B URL djv99sxoqpv11.cloudfront.net/keTBtb2waXwMJUw1ZCVJbSgdeXFxfWh4AAgkNHxc6DAk5ARQuSTcDSg1KCVJcX1wMAQtEFggBD0QBSw4IGw1ZSRkYDQAAFhBcAQ5JS3ZYQVxcAl1HFEgBSFwuXAJdAwUXRRVKXklIVVkzTwRIXC5cAl0dGlwDLF5cQB5dRklLAAoKDxJfSF0qSwBcX1xIAF-xKXklWBB0JH18VSl4/AVxeQkkWGFJd
IP 54.230.245.107:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (304), with no line terminators
Hash d0dfce0e987f4393fd0918b8a31af59c
282452bc565152b234e5789a6b74833a5ea50fbc
c9c021869a2b06eb7188020c03605bf3fc9e98a557e57218f283e1829bdb5637
GET /keTBtb2waXwMJUw1ZCVJbSgdeXFxfWh4AAgkNHxc6DAk5ARQuSTcDSg1KCVJcX1wMAQtEFggBD0QBSw4IGw1ZSRkYDQAAFhBcAQ5JS3ZYQVxcAl1HFEgBSFwuXAJdAwUXRRVKXklIVVkzTwRIXC5cAl0dGlwDLF5cQB5dRklLAAoKDxJfSF0qSwBcX1xIAF-xKXklWBB0JH18VSl4/AVxeQkkWGFJd HTTP/1.1
Host: djv99sxoqpv11.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adthereissome.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 257
date: Sun, 28 May 2023 05:01:19 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eu04Q38FKWjrYu_iMwHxW2EP_kZwYN7V9DVlFYj9zEkqwWNruDi_Jg==
X-Firefox-Spdy: h2
anonfiles.com/img/flags/24/pl.png
45.154.253.151200 OK 347 B URL GET HTTP/1.1 anonfiles.com/img/flags/24/pl.png
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash baf3aff7caef0be58f29b41f20a0e4db
11c840dfa1f1bd22a04aa1fa53fcac95f381b9a6
0a3a8803b7a137166a04369522ec2b31513dcd4c07e2120107c55d9a7f7b646f
GET /img/flags/24/pl.png HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:19 GMT
Content-Type: image/png
Content-Length: 347
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 3002
accept-ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 5dc16ffcd2737c07a2fed1aae7d713a3
990c258d150409aa1010b46c301be5660cd31009
33c0d260e97b9231369e91fa7b40656ebe29a83692d3bc94f4dbcb41339b86f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 28 May 2023 05:01:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 5dc16ffcd2737c07a2fed1aae7d713a3
990c258d150409aa1010b46c301be5660cd31009
33c0d260e97b9231369e91fa7b40656ebe29a83692d3bc94f4dbcb41339b86f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 28 May 2023 05:01:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adthereissome.info/utx?cb=g9TjXuDpWGG8&top=anonfiles.com&tid=737329
54.230.111.6204 No Content 0 B URL GET HTTP/2 adthereissome.info/utx?cb=g9TjXuDpWGG8&top=anonfiles.com&tid=737329
IP 54.230.111.6:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerAmazon
Subjectadthereissome.info
Fingerprint21:40:7C:A8:E9:22:33:8E:6F:E6:0A:C2:79:2F:18:FD:76:73:C9:7E
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 02 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=g9TjXuDpWGG8&top=anonfiles.com&tid=737329 HTTP/1.1
Host: adthereissome.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonfiles.com
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sun, 28 May 2023 05:01:19 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://anonfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 28 May 2023 05:02:19 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Zepp6sSMFsErXweBzijL85B5DRLFDYhdVCOQzyhj3sOkyz1XMowBMg==
X-Firefox-Spdy: h2
anonfiles.com/img/favicon/favicon-32x32-anonfiles.png?1663359761
45.154.253.151200 OK 1.3 kB URL GET HTTP/1.1 anonfiles.com/img/favicon/favicon-32x32-anonfiles.png?1663359761
IP 45.154.253.151:443
ASN #41634 Svea Hosting AB
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectanonfiles.com
Fingerprint72:DF:F0:B8:EA:8E:3D:A4:8D:1E:BF:BA:3A:98:5F:CA:1E:29:D4:F0
ValiditySun, 26 Mar 2023 09:32:34 GMT - Sat, 24 Jun 2023 09:32:33 GMT
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash ee0e6dd4ef643128a1b7bd4ab32b8a79
8136c70aac1e50f8356c83f91fb77ea4b6596cbc
51f305558b4ed6fcf3a31b4f9e404fc2ea426cb5e785ac46ce827de0c5cabb4c
GET /img/favicon/favicon-32x32-anonfiles.png?1663359761 HTTP/1.1
Host: anonfiles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 May 2023 05:01:19 GMT
Content-Type: image/png
Content-Length: 1309
Connection: keep-alive
cache-control: public, max-age=3600
x-oe: Y
x-oh: 2326
accept-ranges: bytes
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 397 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint6C:C9:34:01:32:00:11:F3:7A:E2:AA:FC:7C:E3:13:17:3D:17:71:8A
ValidityMon, 08 May 2023 08:25:19 GMT - Mon, 31 Jul 2023 08:25:18 GMT
File type gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Hash b5a07d78235eb0636f4919b3cdf6bf38
18dcfcbee22a22a3fac8603071dcf0792e8e23f4
a25097371f1732afe140425e8e51bacb2c6178ac5ebc389deadb2ac9131c1a8c
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
set-cookie: __Host-GAPS=1:TEvTvC-ERol3VvqL5-cW8RGAMSU0dA:PIg8dpoZVucqu0Vw; Expires=Tue, 27-May-2025 05:01:19 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 28 May 2023 05:01:19 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=Af_xneFSoEyDQSoZakYcJgmk9Sv4lVCoFJrI1ici6LhyOEG9e5Qo_EZa68epXCF6RVT1rHb_a-nj5w
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-5AvHwKWap_S36sI0L0UrGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-resource-policy: cross-origin
content-type: application/binary
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 01306b55f5d6e6a8e1ff9411386a89a0
1c06c985114ad08023398fe3597371715cf6aa27
7d4df964819e827fdbd588784bff90bdb09b6938ca788e013144d1600e8ecc16
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 28 May 2023 05:01:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=Af_xneEzcqeKiDVwD8UnMed_vW5fbO9_1FK4QaWyXANhxxulauU3q_sL2qbnq48XgWZ9Ol58DPx3aw
216.58.207.237302 Found 398 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=Af_xneEzcqeKiDVwD8UnMed_vW5fbO9_1FK4QaWyXANhxxulauU3q_sL2qbnq48XgWZ9Ol58DPx3aw
IP 216.58.207.237:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint6C:C9:34:01:32:00:11:F3:7A:E2:AA:FC:7C:E3:13:17:3D:17:71:8A
ValidityMon, 08 May 2023 08:25:19 GMT - Mon, 31 Jul 2023 08:25:18 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 4370b9d0b5cd5d43ce6a2a35a1bba32d
283300ccdfa42bda84e82c7ffdf4ab9ac4d6a7aa
df71f96acd55c1f01ee186ab4c500fd3cbb4fdfd28c21c8f775fbec4a3de95de
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=Af_xneEzcqeKiDVwD8UnMed_vW5fbO9_1FK4QaWyXANhxxulauU3q_sL2qbnq48XgWZ9Ol58DPx3aw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonfiles.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:Wgy6X_pvN554yNfIsgPZkGWj2hIzZw:znxGEQzM4pYMLKbz;Path=/;Expires=Tue, 27-May-2025 05:01:19 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 28 May 2023 05:01:19 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-251364223%3A1685250079974508&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=Af_xneEWYFN2MiQMlqy2tzB5d8TAG9h0UGC2N9s0eOgytJaH3Gqdz5evxBrnox__F-RkGvQI7G-AFA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-nGt4xMCxcGopeAU-npYdsQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-251364223%3A1685250079974508&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=Af_xneEWYFN2MiQMlqy2tzB5d8TAG9h0UGC2N9s0eOgytJaH3Gqdz5evxBrnox__F-RkGvQI7G-AFA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
216.58.207.237403 Forbidden 806 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?dsh=S-251364223%3A1685250079974508&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=Af_xneEWYFN2MiQMlqy2tzB5d8TAG9h0UGC2N9s0eOgytJaH3Gqdz5evxBrnox__F-RkGvQI7G-AFA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
IP 216.58.207.237:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:BA:19:A5:81:25:05:32:72:13:A7:18:CF:67:8C:D6:6F:13:B3:EF
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Hash 934148939ba1a5ff8d8bfd1f1e45ed61
32ed12f995109912921f0dc4b94cc7f1b1f5e9ae
bf41432302aa95156a462b77a1b7e2ebe16497ee36be8b1fef09ab066511295c
GET /v3/signin/identifier?dsh=S-251364223%3A1685250079974508&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=Af_xneEWYFN2MiQMlqy2tzB5d8TAG9h0UGC2N9s0eOgytJaH3Gqdz5evxBrnox__F-RkGvQI7G-AFA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonfiles.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 28 May 2023 05:01:20 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: script-src 'nonce-Iq-nbN28lDJKpDArBXbRvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pogothere.xyz/asd100.bin
172.64.133.29200 OK 102 kB IP 172.64.133.29:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 102 kB (102400 bytes)
Hash 4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonfiles.com/
Origin: https://anonfiles.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 28 May 2023 05:01:19 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://anonfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1401
last-modified: Sun, 28 May 2023 04:37:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hk7MsuHrrdBnEjmBwwOtdk8Hyaqmapz%2BmqAKAM%2BGD%2B%2FK9lyCKJ7m1IqMiRUHt0jAJ3gJ3iEeE1tmE6FMYmDxXAKziTDftfiJ5SDdWngRRQtbTF1utwJUvsBeBV8R7y48"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ce3f0673f287723-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint6C:C9:34:01:32:00:11:F3:7A:E2:AA:FC:7C:E3:13:17:3D:17:71:8A
ValidityMon, 08 May 2023 08:25:19 GMT - Mon, 31 Jul 2023 08:25:18 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
set-cookie: __Host-GAPS=1:oO_rvEMEWQ4r_6iiJ6M0IPLGKdy77g:D_-p3nQHkSMmFGRT; Expires=Tue, 27-May-2025 05:01:19 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 28 May 2023 05:01:19 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=Af_xneEzcqeKiDVwD8UnMed_vW5fbO9_1FK4QaWyXANhxxulauU3q_sL2qbnq48XgWZ9Ol58DPx3aw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-AlegVJwtRH8oIB0NFAacew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: application/binary
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
gforanythingamgl.info/aHd3Y09HSBQQcj0aJhsCA04bNh4tOxJRGT82Jgd3MkYAIQwGAFEXJgxKQFB4W0VORT8BE0pSaRsDFhc6G0pEU39ZUR4NKQdKR1N/WVEBXn5GRENNfFpZRUU6VUZRFz8JEEpSaRgDAw9yWUFPVn1dR0dUdlFDRA
104.21.93.237204 No Content 0 B URL POST HTTP/3 gforanythingamgl.info/aHd3Y09HSBQQcj0aJhsCA04bNh4tOxJRGT82Jgd3MkYAIQwGAFEXJgxKQFB4W0VORT8BE0pSaRsDFhc6G0pEU39ZUR4NKQdKR1N/WVEBXn5GRENNfFpZRUU6VUZRFz8JEEpSaRgDAw9yWUFPVn1dR0dUdlFDRA
IP 104.21.93.237:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerGoogle Trust Services LLC
Subjectgforanythingamgl.info
Fingerprint5E:50:F4:C2:4F:D9:85:4E:40:F6:9A:2E:AC:04:DE:C2:79:BB:A8:74
ValidityFri, 05 May 2023 13:46:21 GMT - Thu, 03 Aug 2023 13:46:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /aHd3Y09HSBQQcj0aJhsCA04bNh4tOxJRGT82Jgd3MkYAIQwGAFEXJgxKQFB4W0VORT8BE0pSaRsDFhc6G0pEU39ZUR4NKQdKR1N/WVEBXn5GRENNfFpZRUU6VUZRFz8JEEpSaRgDAw9yWUFPVn1dR0dUdlFDRA HTTP/1.1
Host: gforanythingamgl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://anonfiles.com
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/3 204 No Content
date: Sun, 28 May 2023 05:01:20 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dpAiceRwProE2Ms5v6Q1v9ose7XehVJ%2FU5NfDUATQRTaHYlNuRy7NFpBA6%2BQ%2BtOd6TkKOs%2FSwVLSMWXLBDNE2wacRTsn7obfdJ9yUBvjynUqlOmRmE1wvjbPjsBmYiiurtLWw%2FPDW1k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce3f069aba00afe-OSL
alt-svc: h3=":443"; ma=86400
gforanythingamgl.info/popunder.gif
104.21.93.237200 OK 35 B URL GET HTTP/3 gforanythingamgl.info/popunder.gif
IP 104.21.93.237:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerGoogle Trust Services LLC
Subjectgforanythingamgl.info
Fingerprint5E:50:F4:C2:4F:D9:85:4E:40:F6:9A:2E:AC:04:DE:C2:79:BB:A8:74
ValidityFri, 05 May 2023 13:46:21 GMT - Thu, 03 Aug 2023 13:46:20 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Analyzer Verdict Alert quad9 Sinkholed
GET /popunder.gif HTTP/1.1
Host: gforanythingamgl.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 05:01:19 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 536217
last-modified: Mon, 22 May 2023 00:04:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IYdtAoKMvw4hcNNDmkCNZ8pB7Xchh1XuKqWt73wwCeGUhpuNTZ1P0yISLNDc5mUembNKpYFy6R1sS6zF4hBd6mdYIrUif8cp5WYx5OkRZm3ZRNypy29ApzTP%2FDqiPsGy3aCYNryZhf8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ce3f067caf10afe-OSL
alt-svc: h3=":443"; ma=86400
baconaces.pro/?tag_id=737323&sub_id2=6cb1f80d-a027-4b0d-9589-587d59904df9&sw_url=https%3A%2F%2Fanonfiles.com%2Fsw_anonfiles.js&smf=1
54.162.51.18200 OK 58 kB URL GET HTTP/2 baconaces.pro/?tag_id=737323&sub_id2=6cb1f80d-a027-4b0d-9589-587d59904df9&sw_url=https%3A%2F%2Fanonfiles.com%2Fsw_anonfiles.js&smf=1
IP 54.162.51.18:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerLet's Encrypt
Subjectbaconaces.pro
Fingerprint3B:5D:38:C5:42:CD:AA:FE:F1:1C:6B:E6:47:2C:DB:A6:BA:C9:FC:B7
ValidityWed, 03 May 2023 10:01:33 GMT - Tue, 01 Aug 2023 10:01:32 GMT
File type ASCII text, with very long lines (57609), with no line terminators
Hash 8fe4a8b5b101bcbf6489b1a1e8ea943b
a2b643e4c591e35e4f4c2ac646b219deba4e50a7
0925021980de0cd5dcc078c67e975bee5460f334a91ca5cad2fe3bbb32e41ded
GET /?tag_id=737323&sub_id2=6cb1f80d-a027-4b0d-9589-587d59904df9&sw_url=https%3A%2F%2Fanonfiles.com%2Fsw_anonfiles.js&smf=1 HTTP/1.1
Host: baconaces.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://anonfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"e109-orZD5MWR415PTCrGRrIZ3rpOUKc"
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-credentials: true
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=Af_xneFSoEyDQSoZakYcJgmk9Sv4lVCoFJrI1ici6LhyOEG9e5Qo_EZa68epXCF6RVT1rHb_a-nj5w
216.58.207.237302 Found 0 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=Af_xneFSoEyDQSoZakYcJgmk9Sv4lVCoFJrI1ici6LhyOEG9e5Qo_EZa68epXCF6RVT1rHb_a-nj5w
IP 216.58.207.237:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint6C:C9:34:01:32:00:11:F3:7A:E2:AA:FC:7C:E3:13:17:3D:17:71:8A
ValidityMon, 08 May 2023 08:25:19 GMT - Mon, 31 Jul 2023 08:25:18 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=Af_xneFSoEyDQSoZakYcJgmk9Sv4lVCoFJrI1ici6LhyOEG9e5Qo_EZa68epXCF6RVT1rHb_a-nj5w HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonfiles.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:dxddSJ8AWgRHhzuw92ZaGQUXx7Q5tg:AhPycYMMmgmiWPaH;Path=/;Expires=Tue, 27-May-2025 05:01:19 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 28 May 2023 05:01:19 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1224258872%3A1685250079923302&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=Af_xneHwm05BKRt1EAWcioWCi7uIzrfvNWsY1YTaWMqAZlGYab_B2dsb3fsllN4f1CmNpZDb_UhOKw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-b92AUHB7X5mDmeycsUbc4g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 397
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-1224258872%3A1685250079923302&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=Af_xneHwm05BKRt1EAWcioWCi7uIzrfvNWsY1YTaWMqAZlGYab_B2dsb3fsllN4f1CmNpZDb_UhOKw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
216.58.207.237403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?dsh=S-1224258872%3A1685250079923302&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=Af_xneHwm05BKRt1EAWcioWCi7uIzrfvNWsY1YTaWMqAZlGYab_B2dsb3fsllN4f1CmNpZDb_UhOKw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
IP 216.58.207.237:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5D:BA:19:A5:81:25:05:32:72:13:A7:18:CF:67:8C:D6:6F:13:B3:EF
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?dsh=S-1224258872%3A1685250079923302&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=Af_xneHwm05BKRt1EAWcioWCi7uIzrfvNWsY1YTaWMqAZlGYab_B2dsb3fsllN4f1CmNpZDb_UhOKw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonfiles.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 28 May 2023 05:01:20 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: script-src 'nonce-6siNUDCWcUEAozhBmELgoA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pogothere.xyz/
172.64.133.29200 OK 26 B IP 172.64.133.29:443
Requested by https://anonfiles.com/Z8c4g8a0z5/Paypal_Refunding_pdf
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 1cbc5571e2e0a7abc3af8ae895284a07
b7c561a91441b805e3d1a1904c67f21bbab918cf
48159f7bb4a90e646e58f4e76a8d842dc01533109359034f0d486c040a799742
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://anonfiles.com/
Origin: https://anonfiles.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 28 May 2023 05:01:19 GMT
content-type: text/plain
set-cookie: csu=844168094009068@1@1685250079; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://anonfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BLKuEohr1xcuMdP8lMM%2B6pyuFpT6pC%2FWrcAgJoXOgAmWUsiVk25PR6DVVuvyoGk024flziIRGdG%2F3tiASCDT%2Bg0kFydlG5Mp5PIry0MbQ0HehfBHmtgDHSvVK2d6qmXu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce3f0673f187723-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2