www.mediafire.com
104.17.148.83 Public Scan Open in urlscan Pro

Go To Rescan
Add Verdict Report

URL:
https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file 13yr old
Submission: On April 17 via api (April 17th 2026, 4:36:08 am UTC) from MX — Scanned from CA

Summary HTTP 302 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 76 IPs in 5 countries across 66 domains to perform 302 HTTP transactions. The main IP is 104.17.148.83, located in Ascension Island and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.mediafire.com. The Cisco Umbrella rank of the primary domain is 48992. 13yr old
TLS certificate: Issued by Sectigo Public Server Authentication ... on August 5th 2025. Valid for: 1yr.

This is the only time www.mediafire.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 20	104.17.148.83 104.17.148.83	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	104.21.42.32 104.21.42.32	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	142.251.210.40 142.251.210.40	15169 (GOOGLE) (GOOGLE - Google LLC)
1	172.66.171.133 172.66.171.133	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	172.67.170.144 172.67.170.144	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	142.251.211.206 142.251.211.206	15169 (GOOGLE) (GOOGLE - Google LLC)
1	104.16.79.73 104.16.79.73	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	172.67.199.186 172.67.199.186	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	108.139.29.53 108.139.29.53	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	104.26.8.66 104.26.8.66	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	52.10.154.206 52.10.154.206	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	157.240.241.35 157.240.241.35	32934 (FACEBOOK) (FACEBOOK - Facebook)
11	104.20.47.80 104.20.47.80	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
7	142.251.211.166 142.251.211.166	15169 (GOOGLE) (GOOGLE - Google LLC)
2	34.36.200.111 34.36.200.111	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1	104.20.20.189 104.20.20.189	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	57.144.180.128 57.144.180.128	32934 (FACEBOOK) (FACEBOOK - Facebook)
3	130.211.23.194 130.211.23.194	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
20	54.85.8.229 54.85.8.229	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
19	172.67.142.121 172.67.142.121	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	142.250.217.14 142.250.217.14	15169 (GOOGLE) (GOOGLE - Google LLC)
3	142.250.68.195 142.250.68.195	15169 (GOOGLE) (GOOGLE - Google LLC)
3	142.250.65.234 142.250.65.234	15169 (GOOGLE) (GOOGLE - Google LLC)
1	104.26.3.173 104.26.3.173	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	172.66.169.55 172.66.169.55	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
5	142.251.211.163 142.251.211.163	15169 (GOOGLE) (GOOGLE - Google LLC)
3	216.239.32.181 216.239.32.181	15169 (GOOGLE) (GOOGLE - Google LLC)
1	172.253.63.154 172.253.63.154	15169 (GOOGLE) (GOOGLE - Google LLC)
2	142.250.65.227 142.250.65.227	15169 (GOOGLE) (GOOGLE - Google LLC)
43	142.251.45.194 142.251.45.194	15169 (GOOGLE) (GOOGLE - Google LLC)
1	108.139.47.34 108.139.47.34	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	23.208.69.135 23.208.69.135	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
3	104.21.3.76 104.21.3.76	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
6	74.119.117.62 74.119.117.62	19750 (AS-CRITEO) (AS-CRITEO - Criteo Corp.)
2	104.16.174.226 104.16.174.226	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	37.19.206.161 37.19.206.161	60068 (CDN77 Dat...) (CDN77 Datacamp Limited)
2	169.150.236.100 169.150.236.100	60068 (CDN77 Dat...) (CDN77 Datacamp Limited)
2	69.147.82.61 69.147.82.61	14779 (YAHOO) (YAHOO - Yahoo Holdings Inc.)
2	35.169.25.20 35.169.25.20	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	104.20.35.150 104.20.35.150	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	57.129.88.52 57.129.88.52	16276 (OVH OVH SAS) (OVH OVH SAS)
1	34.107.165.188 34.107.165.188	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1	3.227.87.136 3.227.87.136	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	207.65.37.181 207.65.37.181	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
2	151.101.130.132 151.101.130.132	54113 (FASTLY) (FASTLY - Fastly)
2	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	57.129.32.46 57.129.32.46	16276 (OVH OVH SAS) (OVH OVH SAS)
3	135.125.170.28 135.125.170.28	16276 (OVH OVH SAS) (OVH OVH SAS)
1	3.237.175.195 3.237.175.195	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 19	142.251.40.226 142.251.40.226	15169 (GOOGLE) (GOOGLE - Google LLC)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1	108.138.128.28 108.138.128.28	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	74.119.117.47 74.119.117.47	19750 (AS-CRITEO) (AS-CRITEO - Criteo Corp.)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1	108.138.128.120 108.138.128.120	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	142.251.40.225 142.251.40.225	15169 (GOOGLE) (GOOGLE - Google LLC)
1	52.91.215.149 52.91.215.149	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1	35.190.39.111 35.190.39.111	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
2	142.250.65.66 142.250.65.66	15169 (GOOGLE) (GOOGLE - Google LLC)
4	35.244.159.8 35.244.159.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
3	142.250.65.65 142.250.65.65	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	69.194.242.12 69.194.242.12	26120 (RHYTHMONE) (RHYTHMONE - RhythmOne)
21	142.251.210.34 142.251.210.34	15169 (GOOGLE) (GOOGLE - Google LLC)
2 3	142.251.154.119 142.251.154.119	15169 (GOOGLE) (GOOGLE - Google LLC)
4	142.250.217.10 142.250.217.10	15169 (GOOGLE) (GOOGLE - Google LLC)
8	142.251.211.97 142.251.211.97	15169 (GOOGLE) (GOOGLE - Google LLC)
2	172.67.68.154 172.67.68.154	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
4	142.251.211.162 142.251.211.162	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	159.127.42.108 159.127.42.108	26762 (CNVR-US-EAST) (CNVR-US-EAST - Conversant)
2 2	172.64.150.63 172.64.150.63	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 1	3.235.212.84 3.235.212.84	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2 2	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS RTB Marketing and Tech Services Ltd)
2 2	3.95.142.2 3.95.142.2	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 1	3.210.120.90 3.210.120.90	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
4 4	35.169.74.153 35.169.74.153	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 1	35.241.1.16 35.241.1.16	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1 1	34.111.130.7 34.111.130.7	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1 1	69.194.240.13 69.194.240.13	26120 (RHYTHMONE) (RHYTHMONE - RhythmOne)
1 1	172.233.235.52 172.233.235.52	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1 1	104.16.55.62 104.16.55.62	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	142.250.72.2 142.250.72.2	15169 (GOOGLE) (GOOGLE - Google LLC)
1 4	192.184.68.228 192.184.68.228	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	3.168.122.105 3.168.122.105	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	35.244.154.8 35.244.154.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1	107.178.254.65 107.178.254.65	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1 2	104.18.26.193 104.18.26.193	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	216.19.192.2 216.19.192.2	26667 (RUBICONPR...) (RUBICONPROJECT - Magnite)
302	76

20 104.17.148.83 (Ascension Island) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.mediafire.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
static.mediafire.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 104.21.42.32 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cmp.gatekeeperconsent.com 1yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
the.gatekeeperconsent.com 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 142.251.210.40 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lclgaa-ba-in-f8.1e100.net

www.googletagmanager.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 172.66.171.133 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

btloader.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 172.67.170.144 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.ezojs.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 142.251.211.206 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: pnlgaa-ba-in-f14.1e100.net

translate.google.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 104.16.79.73 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

static.cloudflareinsights.com 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 172.67.199.186 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

privacy.gatekeeperconsent.com 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 108.139.29.53 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-108-139-29-53.jfk50.r.cloudfront.net

cdn.amplitude.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 104.26.8.66 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.econventa.com 1yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
econventa.com 1yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 52.10.154.206 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-10-154-206.us-west-2.compute.amazonaws.com

api.amplitude.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 157.240.241.35 (New York, United States)

ASN32934 (FACEBOOK - Facebook, Inc., US)
PTR: edge-star-mini-shv-02-lga3.facebook.com

www.facebook.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

11 104.20.47.80 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

ad-delivery.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

7 142.251.211.166 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lclgaa-as-in-f6.1e100.net

ad.doubleclick.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 34.36.200.111 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 111.200.36.34.bc.googleusercontent.com

ab.dns-finder.com 7mo old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 104.20.20.189 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

btloader.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 57.144.180.128 (New York, United States)

ASN32934 (FACEBOOK - Facebook, Inc., US)
PTR: xx-fbcdn-shv-03-lga3.fbcdn.net

static.xx.fbcdn.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 130.211.23.194 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

20 54.85.8.229 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-85-8-229.compute-1.amazonaws.com

g.ezoic.net 11yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

19 172.67.142.121 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

go.ezodn.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 142.250.217.14 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: pnlgaa-as-in-f14.1e100.net

www.google-analytics.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 142.250.68.195 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: pnlgaa-ax-in-f3.1e100.net

www.gstatic.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 142.250.65.234 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lga25s73-in-f10.1e100.net

translate.googleapis.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 104.26.3.173 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.mediafiredls.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 172.66.169.55 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.id5-sync.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

5 142.251.211.163 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lclgaa-as-in-f3.1e100.net

fonts.gstatic.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 216.239.32.181 (United States)

ASN15169 (GOOGLE - Google LLC, US)

analytics.google.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 172.253.63.154 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: bi-in-f154.1e100.net

stats.g.doubleclick.net 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 142.250.65.227 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lclgaa-bc-in-f3.1e100.net

www.google.ca 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

43 142.251.45.194 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: pnlgaa-au-in-f2.1e100.net

securepubads.g.doubleclick.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
www.googleadservices.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 108.139.47.34 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-108-139-47-34.jfk50.r.cloudfront.net

d-code.liadm.com 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 23.208.69.135 (New York, United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-208-69-135.deploy.static.akamaitechnologies.com

link.rubiconproject.com 1yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 104.21.3.76 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

ads.bidsystem.ai 9mo old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

6 74.119.117.62 (United States)

ASN19750 (AS-CRITEO - Criteo Corp., US)

gum.criteo.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 104.16.174.226 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.jsdelivr.net 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 37.19.206.161 (Ashburn, United States)

ASN60068 (CDN77 Datacamp Limited, GB)
PTR: unn-37-19-206-161.datapacket.com

lexicon.33across.com 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 169.150.236.100 (Chicago, United States)

ASN60068 (CDN77 Datacamp Limited, GB)
PTR: 169-150-236-100.bunnyinfra.net

id.a-mx.com 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 69.147.82.61 (New York, United States)

ASN14779 (YAHOO - Yahoo Holdings Inc., US)
PTR: e2.ycpi.vip.nya.yahoo.com

ups.analytics.yahoo.com 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 35.169.25.20 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-35-169-25-20.compute-1.amazonaws.com

d9.flashtalking.com 11yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 104.20.35.150 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

id.hadron.ad.gt 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 57.129.88.52 (Frankfurt am Main, Germany)

ASN16276 (OVH OVH SAS, FR)
PTR: ns31872154.ip-57-129-88.eu

id5-sync.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 34.107.165.188 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 188.165.107.34.bc.googleusercontent.com

api.rlcdn.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 3.227.87.136 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-227-87-136.compute-1.amazonaws.com

id.crwdcntrl.net 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 207.65.37.181 (United States)

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

image6.pubmatic.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 151.101.130.132 (United States)

ASN54113 (FASTLY - Fastly, Inc., US)

at.teads.tv 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 52.223.40.198 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 57.129.32.46 (Frankfurt am Main, Germany)

ASN16276 (OVH OVH SAS, FR)

lbs.eu-1-id5-sync.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 135.125.170.28 (France)

ASN16276 (OVH OVH SAS, FR)
PTR: ns31872155.ip-135-125-170.eu

lb.eu-1-id5-sync.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 3.237.175.195 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-237-175-195.compute-1.amazonaws.com

carbon-cdn.ccgateway.net 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

19 142.251.40.226 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: lga34s39-in-f2.1e100.net

cm.g.doubleclick.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 108.138.128.28 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-108-138-128-28.jfk50.r.cloudfront.net

tags.crwdcntrl.net 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 74.119.117.47 (United States)

ASN19750 (AS-CRITEO - Criteo Corp., US)

static.criteo.net 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 108.138.128.120 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-108-138-128-120.jfk50.r.cloudfront.net

connectid.analytics.yahoo.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 142.251.40.225 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lga34s39-in-f1.1e100.net

17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com 1mo old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 52.91.215.149 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-91-215-149.compute-1.amazonaws.com

privacy-location-edge.ccgateway.net 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 35.190.39.111 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 111.39.190.35.bc.googleusercontent.com

esp.rtbhouse.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 142.250.65.66 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lclgaa-ax-in-f2.1e100.net

ep1.adtrafficquality.google 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 35.244.159.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 8.159.244.35.bc.googleusercontent.com

google-bidout-d.openx.net 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
us-u.openx.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 142.250.65.65 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lclgaa-ax-in-f1.1e100.net

ep2.adtrafficquality.google 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 3.33.220.150 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 69.194.242.12 (United States) 1 redirects

ASN26120 (RHYTHMONE - RhythmOne, LLC, US)

ad.turn.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

21 142.251.210.34 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lclgaa-ba-in-f2.1e100.net

pagead2.googlesyndication.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 142.251.154.119 (United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 142.250.217.10 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: pnlgaa-as-in-f10.1e100.net

fonts.googleapis.com 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

8 142.251.211.97 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lclgaa-bb-in-f1.1e100.net

tpc.googlesyndication.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 172.67.68.154 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

ban.2trk.info 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 142.251.211.162 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: lclgaa-as-in-f2.1e100.net

googleads.g.doubleclick.net 56yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 159.127.42.108 (United States) 2 redirects

ASN26762 (CNVR-US-EAST - Conversant, LLC, US)
PTR: iad04-nessy-float2.dotomi.com

dclk-match.dotomi.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 172.64.150.63 (Ascension Island) 2 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

a.tribalfusion.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
s.tribalfusion.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 3.235.212.84 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-235-212-84.compute-1.amazonaws.com

sync.ipredictive.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 185.184.8.90 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS RTB Marketing and Tech Services Ltd, CY)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 3.95.142.2 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-95-142-2.compute-1.amazonaws.com

bb.lijit.com 4mo old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 3.210.120.90 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-210-120-90.compute-1.amazonaws.com

google.partners.tremorhub.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 35.169.74.153 (Ashburn, United States) 4 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-35-169-74-153.compute-1.amazonaws.com

eb2.3lift.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 35.241.1.16 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 16.1.241.35.bc.googleusercontent.com

b.applovin.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 34.111.130.7 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 7.130.111.34.bc.googleusercontent.com

pixelfnt-us.dsp-api.moloco.com 9mo old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 69.194.240.13 (United States) 1 redirects

ASN26120 (RHYTHMONE - RhythmOne, LLC, US)

sync.1rx.io 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 172.233.235.52 (Ashburn, United States) 1 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 172-233-235-52.ip.linodeusercontent.com

cm-mx.advolve.io 10mo old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 104.16.55.62 (Ascension Island) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

s.seedtag.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 142.250.72.2 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: den08s06-in-f2.1e100.net

www.googletagservices.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 192.184.68.228 (United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)

secure.quantserve.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
pixel.quantserve.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 3.168.122.105 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-3-168-122-105.jfk52.r.cloudfront.net

rules.quantcount.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 35.244.154.8 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 8.154.244.35.bc.googleusercontent.com

idsync.rlcdn.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 107.178.254.65 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com 11yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 104.18.26.193 (Ascension Island) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

dsum-sec.casalemedia.com 12yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 216.19.192.2 (United States)

ASN26667 (RUBICONPROJECT - Magnite, Inc., US)

pixel.rubiconproject.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

	Apex Domain Subdomains	Transfer
64	doubleclick.net 1 redirects ad.doubleclick.net — Cisco Umbrella Rank: 185 9yr old stats.g.doubleclick.net — Cisco Umbrella Rank: 161 56yr old securepubads.g.doubleclick.net — Cisco Umbrella Rank: 294 9yr old cm.g.doubleclick.net — Cisco Umbrella Rank: 275 9yr old googleads.g.doubleclick.net — Cisco Umbrella Rank: 60 56yr old	274 KB
32	googlesyndication.com 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com 1mo old pagead2.googlesyndication.com — Cisco Umbrella Rank: 138 9yr old tpc.googlesyndication.com — Cisco Umbrella Rank: 212 13yr old	131 KB
20	ezoic.net g.ezoic.net — Cisco Umbrella Rank: 13402 11yr old	133 KB
20	mediafire.com 1 redirects www.mediafire.com — Cisco Umbrella Rank: 48992 13yr old static.mediafire.com — Cisco Umbrella Rank: 72864 8yr old	186 KB
19	ezodn.com go.ezodn.com — Cisco Umbrella Rank: 15901 6yr old	512 KB
11	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 1268 9yr old	2 KB
10	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 94 56yr old	62 KB
8	gstatic.com www.gstatic.com — Cisco Umbrella Rank: 6 9yr old fonts.gstatic.com — Cisco Umbrella Rank: 23 9yr old	98 KB
7	googleapis.com translate.googleapis.com — Cisco Umbrella Rank: 817 9yr old fonts.googleapis.com — Cisco Umbrella Rank: 42 56yr old	122 KB
7	google.com 2 redirects translate.google.com — Cisco Umbrella Rank: 1169 9yr old analytics.google.com — Cisco Umbrella Rank: 152 8yr old www.google.com — Cisco Umbrella Rank: 3 56yr old	29 KB
6	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 2058 6yr old google-bidout-d.openx.net — Cisco Umbrella Rank: 1970 7yr old us-u.openx.net — Cisco Umbrella Rank: 611 9yr old	2 KB
6	criteo.com gum.criteo.com — Cisco Umbrella Rank: 467 9yr old	8 KB
5	adtrafficquality.google ep1.adtrafficquality.google — Cisco Umbrella Rank: 347 2yr old ep2.adtrafficquality.google — Cisco Umbrella Rank: 349 2yr old	27 KB
5	btloader.com btloader.com — Cisco Umbrella Rank: 1151 6yr old api.btloader.com — Cisco Umbrella Rank: 1447 6yr old	32 KB
4	quantserve.com 1 redirects secure.quantserve.com — Cisco Umbrella Rank: 2141 9yr old pixel.quantserve.com — Cisco Umbrella Rank: 1379 9yr old	14 KB
4	3lift.com 4 redirects eb2.3lift.com — Cisco Umbrella Rank: 477 9yr old	1 KB
4	eu-1-id5-sync.com lbs.eu-1-id5-sync.com — Cisco Umbrella Rank: 1118 4yr old lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 914 4yr old	1 KB
4	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 786 6yr old id5-sync.com — Cisco Umbrella Rank: 524 9yr old	65 KB
3	creativecdn.com 2 redirects invstatic101.creativecdn.com — Cisco Umbrella Rank: 1719 4yr old creativecdn.com — Cisco Umbrella Rank: 559 13yr old	4 KB
3	adsrvr.org 1 redirects match.adsrvr.org — Cisco Umbrella Rank: 386 9yr old	1 KB
3	rlcdn.com 2 redirects api.rlcdn.com — Cisco Umbrella Rank: 1121 8yr old idsync.rlcdn.com — Cisco Umbrella Rank: 621 9yr old	1 KB
3	yahoo.com ups.analytics.yahoo.com — Cisco Umbrella Rank: 499 7yr old connectid.analytics.yahoo.com — Cisco Umbrella Rank: 1952 4yr old	9 KB
3	bidsystem.ai ads.bidsystem.ai — Cisco Umbrella Rank: 32188 9mo old	39 KB
3	ezojs.com www.ezojs.com — Cisco Umbrella Rank: 16084 9yr old	182 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39 56yr old	429 KB
3	gatekeeperconsent.com cmp.gatekeeperconsent.com — Cisco Umbrella Rank: 21244 1yr old the.gatekeeperconsent.com — Cisco Umbrella Rank: 19851 3yr old privacy.gatekeeperconsent.com — Cisco Umbrella Rank: 25586 3yr old	4 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 677 12yr old	1 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 400 9yr old	86 KB
2	lijit.com 2 redirects bb.lijit.com — Cisco Umbrella Rank: 1840 4mo old	1008 B
2	tribalfusion.com 2 redirects a.tribalfusion.com — Cisco Umbrella Rank: 1225 9yr old s.tribalfusion.com — Cisco Umbrella Rank: 3258 10yr old	1 KB
2	dotomi.com 2 redirects dclk-match.dotomi.com — Cisco Umbrella Rank: 2497 8yr old	897 B
2	2trk.info ban.2trk.info — Cisco Umbrella Rank: 36776 2yr old
2	ccgateway.net carbon-cdn.ccgateway.net — Cisco Umbrella Rank: 5804 8yr old privacy-location-edge.ccgateway.net — Cisco Umbrella Rank: 6988 5yr old	8 KB
2	teads.tv at.teads.tv — Cisco Umbrella Rank: 4748 5yr old	763 B
2	pubmatic.com image6.pubmatic.com — Cisco Umbrella Rank: 888 9yr old image2.pubmatic.com Failed 9yr old	326 B
2	crwdcntrl.net id.crwdcntrl.net — Cisco Umbrella Rank: 2568 5yr old tags.crwdcntrl.net — Cisco Umbrella Rank: 999 13yr old	14 KB
2	ad.gt id.hadron.ad.gt — Cisco Umbrella Rank: 2151 4yr old	271 B
2	flashtalking.com d9.flashtalking.com — Cisco Umbrella Rank: 1662 11yr old	11 KB
2	a-mx.com id.a-mx.com — Cisco Umbrella Rank: 1288 5yr old	935 B
2	33across.com lexicon.33across.com — Cisco Umbrella Rank: 1584 5yr old	3 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 267 13yr old	2 KB
2	rubiconproject.com link.rubiconproject.com — Cisco Umbrella Rank: 8915 1yr old pixel.rubiconproject.com — Cisco Umbrella Rank: 452 9yr old	2 KB
2	google.ca www.google.ca — Cisco Umbrella Rank: 5648 9yr old	126 B
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 950 9yr old	858 B
2	dns-finder.com ab.dns-finder.com — Cisco Umbrella Rank: 1503 7mo old	233 B
2	econventa.com cdn.econventa.com — Cisco Umbrella Rank: 76950 1yr old econventa.com — Cisco Umbrella Rank: 69110 1yr old	50 KB
2	amplitude.com cdn.amplitude.com — Cisco Umbrella Rank: 2100 9yr old api.amplitude.com — Cisco Umbrella Rank: 3631 9yr old	22 KB
1	pippio.com pippio.com — Cisco Umbrella Rank: 1071 11yr old	571 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 2197 9yr old	632 B
1	seedtag.com 1 redirects s.seedtag.com — Cisco Umbrella Rank: 1077 8yr old	668 B
1	advolve.io 1 redirects cm-mx.advolve.io — Cisco Umbrella Rank: 1648 10mo old	561 B
1	1rx.io 1 redirects sync.1rx.io — Cisco Umbrella Rank: 573 9yr old	306 B
1	moloco.com 1 redirects pixelfnt-us.dsp-api.moloco.com — Cisco Umbrella Rank: 1826 9mo old	932 B
1	applovin.com 1 redirects b.applovin.com — Cisco Umbrella Rank: 2162 2yr old	228 B
1	tremorhub.com 1 redirects google.partners.tremorhub.com — Cisco Umbrella Rank: 4281 9yr old	677 B
1	ipredictive.com 1 redirects sync.ipredictive.com — Cisco Umbrella Rank: 906 9yr old	701 B
1	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 891 9yr old	442 B
1	rtbhouse.com esp.rtbhouse.com — Cisco Umbrella Rank: 1892 4yr old	531 B
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 877 13yr old	15 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1821 7yr old	8 KB
1	liadm.com d-code.liadm.com — Cisco Umbrella Rank: 3707 3yr old	47 KB
1	mediafiredls.com www.mediafiredls.com — Cisco Umbrella Rank: 72704 2yr old	504 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 64 56yr old	21 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 119 56yr old	7 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 307 7yr old	11 KB
0	yellowblue.io Failed cs-ob.yellowblue.io Failed 1yr old
302	66

	Domain	Requested by
33	securepubads.g.doubleclick.net	securepubads.g.doubleclick.net www.mediafire.com
21	pagead2.googlesyndication.com	securepubads.g.doubleclick.net ep2.adtrafficquality.google 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com pagead2.googlesyndication.com www.googleadservices.com
20	g.ezoic.net	www.ezojs.com www.mediafire.com go.ezodn.com
19	cm.g.doubleclick.net	1 redirects securepubads.g.doubleclick.net google-bidout-d.openx.net 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
19	go.ezodn.com	www.mediafire.com
12	static.mediafire.com	www.mediafire.com
11	ad-delivery.net	btloader.com
10	www.googleadservices.com	pagead2.googlesyndication.com www.googleadservices.com
8	tpc.googlesyndication.com	17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
8	www.mediafire.com	1 redirects www.mediafire.com static.cloudflareinsights.com
7	ad.doubleclick.net	btloader.com
6	gum.criteo.com	go.ezodn.com static.criteo.net gum.criteo.com
5	fonts.gstatic.com	www.mediafire.com fonts.googleapis.com
4	eb2.3lift.com	4 redirects
4	googleads.g.doubleclick.net	17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
4	fonts.googleapis.com	17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
3	pixel.quantserve.com	1 redirects
3	www.google.com	2 redirects ep2.adtrafficquality.google 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
3	us-u.openx.net	google-bidout-d.openx.net
3	ep2.adtrafficquality.google	securepubads.g.doubleclick.net ep2.adtrafficquality.google
3	17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	lb.eu-1-id5-sync.com	cdn.id5-sync.com go.ezodn.com
3	match.adsrvr.org	1 redirects go.ezodn.com
3	ads.bidsystem.ai	go.ezodn.com ads.bidsystem.ai
3	analytics.google.com	www.googletagmanager.com
3	translate.googleapis.com	translate.googleapis.com
3	www.gstatic.com	www.mediafire.com www.gstatic.com
3	api.btloader.com	btloader.com
3	www.ezojs.com	www.mediafire.com www.ezojs.com
3	www.googletagmanager.com	www.mediafire.com www.googletagmanager.com
2	dsum-sec.casalemedia.com	1 redirects
2	idsync.rlcdn.com	2 redirects
2	www.googletagservices.com	www.googleadservices.com
2	bb.lijit.com	2 redirects
2	creativecdn.com	2 redirects
2	dclk-match.dotomi.com	2 redirects
2	ban.2trk.info	www.mediafire.com
2	ep1.adtrafficquality.google	securepubads.g.doubleclick.net
2	oajs.openx.net	1 redirects www.mediafire.com
2	at.teads.tv	go.ezodn.com
2	image6.pubmatic.com	go.ezodn.com
2	id5-sync.com	go.ezodn.com cdn.id5-sync.com
2	id.hadron.ad.gt	go.ezodn.com
2	d9.flashtalking.com	go.ezodn.com d9.flashtalking.com
2	ups.analytics.yahoo.com	go.ezodn.com connectid.analytics.yahoo.com google-bidout-d.openx.net
2	id.a-mx.com	go.ezodn.com
2	lexicon.33across.com	go.ezodn.com
2	cdn.jsdelivr.net	go.ezodn.com securepubads.g.doubleclick.net
2	www.google.ca	www.mediafire.com
2	cdn.id5-sync.com	www.ezojs.com go.ezodn.com
2	static.xx.fbcdn.net	www.facebook.com
2	ab.dns-finder.com	btloader.com
2	btloader.com	www.mediafire.com btloader.com
1	pixel.rubiconproject.com
1	pippio.com
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	go.ezodn.com
1	s.seedtag.com	1 redirects
1	cm-mx.advolve.io	1 redirects
1	sync.1rx.io	1 redirects
1	pixelfnt-us.dsp-api.moloco.com	1 redirects
1	b.applovin.com	1 redirects
1	google.partners.tremorhub.com	1 redirects
1	sync.ipredictive.com	1 redirects
1	s.tribalfusion.com	1 redirects
1	a.tribalfusion.com	1 redirects
1	ad.turn.com	1 redirects
1	google-bidout-d.openx.net	oa.openxcdn.net
1	esp.rtbhouse.com	invstatic101.creativecdn.com
1	privacy-location-edge.ccgateway.net	carbon-cdn.ccgateway.net
1	connectid.analytics.yahoo.com	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	carbon-cdn.ccgateway.net	link.rubiconproject.com
1	lbs.eu-1-id5-sync.com	cdn.id5-sync.com
1	id.crwdcntrl.net	go.ezodn.com
1	api.rlcdn.com	go.ezodn.com
1	link.rubiconproject.com
1	d-code.liadm.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	www.mediafiredls.com	www.mediafire.com
1	www.google-analytics.com	www.googletagmanager.com
1	econventa.com	cdn.econventa.com
1	www.facebook.com	www.mediafire.com
1	api.amplitude.com	cdn.amplitude.com
1	cdn.econventa.com	www.mediafire.com
1	cdn.amplitude.com	www.mediafire.com
1	privacy.gatekeeperconsent.com	the.gatekeeperconsent.com
1	static.cloudflareinsights.com	www.mediafire.com
1	translate.google.com	www.mediafire.com
1	the.gatekeeperconsent.com	www.mediafire.com
1	cmp.gatekeeperconsent.com	www.mediafire.com
0	image2.pubmatic.com Failed
0	cs-ob.yellowblue.io Failed	17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
302	96

This site contains links to these domains. Also see Links.

Domain
download2333.mediafire.com
blog.mediafire.com
www.fast.io
mediafire.zendesk.com
translate.google.com
twitter.com
www.facebook.com
adclick.g.doubleclick.net

Subject Issuer	Validity	Valid
*.mediafire.com Sectigo Public Server Authentication CA DV R36	`2025-08-05` - `2026-07-30`	1yr	crt.sh
gatekeeperconsent.com WE1	`2026-04-04` - `2026-07-03`	3mo	crt.sh
*.google-analytics.com WR2	`2026-03-23` - `2026-06-15`	3mo	crt.sh
btloader.com WE1	`2026-04-01` - `2026-06-30`	3mo	crt.sh
www.ezojs.com WE1	`2026-04-12` - `2026-07-11`	3mo	crt.sh
*.google.com WR2	`2026-03-23` - `2026-06-15`	3mo	crt.sh
cloudflareinsights.com WE1	`2026-02-17` - `2026-05-18`	3mo	crt.sh
cdn.amplitude.com Amazon RSA 2048 M01	`2025-10-15` - `2026-11-13`	1yr	crt.sh
econventa.com WE1	`2026-03-10` - `2026-06-08`	3mo	crt.sh
*.amplitude.com Amazon RSA 2048 M04	`2025-12-02` - `2026-12-30`	1yr	crt.sh
*.facebook.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2026-01-25` - `2026-04-25`	3mo	crt.sh
ad-delivery.net WE1	`2026-02-25` - `2026-05-27`	3mo	crt.sh
*.doubleclick.net WR2	`2026-03-23` - `2026-06-15`	3mo	crt.sh
ab.dns-finder.com WR3	`2026-04-01` - `2026-06-30`	3mo	crt.sh
api.btloader.com WR3	`2026-03-07` - `2026-06-05`	3mo	crt.sh
ezoic.net E7	`2026-03-10` - `2026-06-08`	3mo	crt.sh
ezodn.com WE1	`2026-04-01` - `2026-06-30`	3mo	crt.sh
*.gstatic.com WR2	`2026-03-23` - `2026-06-15`	3mo	crt.sh
upload.video.google.com WR2	`2026-03-23` - `2026-06-15`	3mo	crt.sh
mediafiredls.com WE1	`2026-02-28` - `2026-05-29`	3mo	crt.sh
id5-sync.com WE1	`2026-03-16` - `2026-06-14`	3mo	crt.sh
*.g.doubleclick.net WR2	`2026-03-30` - `2026-06-22`	3mo	crt.sh
*.google.ca WR2	`2026-03-23` - `2026-06-15`	3mo	crt.sh
*.liadm.com Amazon RSA 2048 M04	`2025-09-30` - `2026-10-28`	1yr	crt.sh
*.rubiconproject.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2026-03-25` - `2026-09-30`	6mo	crt.sh
bidsystem.ai WE1	`2026-03-26` - `2026-06-24`	3mo	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2026-03-26` - `2026-06-26`	3mo	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2025-04-25` - `2026-05-04`	1yr	crt.sh
*.33across.com Sectigo Public Server Authentication CA DV R36	`2025-09-12` - `2026-09-30`	1yr	crt.sh
id.a-mx.com E7	`2026-03-17` - `2026-06-15`	3mo	crt.sh
*.pubgw.ads.yahoo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2026-03-10` - `2026-04-29`	2mo	crt.sh
*.flashtalking.com Amazon RSA 2048 M04	`2025-06-30` - `2026-07-29`	1yr	crt.sh
id.hadron.ad.gt WE1	`2026-03-05` - `2026-06-03`	3mo	crt.sh
*.rlcdn.com Sectigo Public Server Authentication CA DV R36	`2026-02-05` - `2027-03-05`	1yr	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M04	`2025-08-09` - `2026-09-07`	1yr	crt.sh
*.pubmatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2026-02-18` - `2027-03-19`	1yr	crt.sh
*.teads.tv Thawte TLS RSA CA G1	`2026-03-29` - `2026-10-13`	7mo	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2026-03-04` - `2027-04-02`	1yr	crt.sh
eu-1-id5-sync.com R12	`2026-03-01` - `2026-05-30`	3mo	crt.sh
ccgateway.net E7	`2026-03-03` - `2026-06-01`	3mo	crt.sh
oa.openxcdn.net WR3	`2026-02-23` - `2026-05-24`	3mo	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2026-03-09` - `2026-06-05`	3mo	crt.sh
invstatic101.creativecdn.com WR3	`2026-03-26` - `2026-06-24`	3mo	crt.sh
connectid.analytics.yahoo.com GlobalSign ECC OV SSL CA 2018	`2026-01-12` - `2026-07-09`	6mo	crt.sh
esp.rtbhouse.com WR3	`2026-03-14` - `2026-06-12`	3mo	crt.sh
adtrafficquality.google WR2	`2026-03-23` - `2026-06-15`	3mo	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2025-08-12` - `2026-08-19`	1yr	crt.sh
tpc.googlesyndication.com WR2	`2026-03-23` - `2026-06-15`	3mo	crt.sh
2trk.info WE1	`2026-04-05` - `2026-07-04`	3mo	crt.sh
quantserve.com R13	`2026-04-15` - `2026-07-14`	3mo	crt.sh

This page contains 19 frames:

Primary Page: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Frame ID: 24197B933DDDCF21155C7911F30C75D7
Requests: 200 HTTP requests in this frame

Frame: https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b0a7532ac8ec/main.js
Frame ID: 7C91622C192D3EDB06EA9D4642C8ECA0
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575
Frame ID: 3AA63663076EDDF0BF2B93B966E4A7AD
Requests: 3 HTTP requests in this frame

Frame: https://btloader.com/trustedIframe.html?o=5678961798414336&upapi=true
Frame ID: B6E6A407382750B9E1872EA0B81A0D4F
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 6F336899A80491D10A99B603A63A1908
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/partnerpixels?gdpr=0&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile
Frame ID: 0B67E8819A99A694DDD241638CC4B156
Requests: 1 HTTP requests in this frame

Frame: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Frame ID: 65136DC51BF3BE01587C137DF9E02881
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=
Frame ID: 239CBE8715F0E3A7F43E25FABECD6B3B
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: F0F8290CB6E363C79B0FBAF00D52C828
Requests: 6 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/254/runner.html
Frame ID: 3E080BFC32B61186B2AC312EEBCDD628
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 82E6A003C40F0E9EE54DDDA220185450
Requests: 2 HTTP requests in this frame

Frame: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Frame ID: BEE0F605451D67CA9311F31C17C08FF1
Requests: 20 HTTP requests in this frame

Frame: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Frame ID: 7FF972F9C17E62C24F00CF206A570B85
Requests: 20 HTTP requests in this frame

Frame: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html
Frame ID: 4997514E1B4F250FC9C42EA131DBA941
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D102C6C7C8BBA2B68E1C0D96DF16A6FE
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 719ED0E9A264EC44D2514D2CB1BB1E81
Requests: 9 HTTP requests in this frame

Frame: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html
Frame ID: BD11E443D3C85EA5B0841890F94024AD
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: AB28201FB1578645E47D553029887341
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DE3B511207D4F268A073797215FD75D4
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PEAK

Detected technologies

Onsen UI (Mobile frameworks) Expand

Overall confidence: 100%
Detected patterns

(/.*onsen.*min\.js|.*angular-onsenui\.min\.js)

Snowplow Analytics (Analytics) Expand

Overall confidence: 50%
Detected patterns

sp\.js

Amplitude (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.(?:segment.+)?amplitude(?:\.com|-plugins)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Floodlight (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.doubleclick\.net

Google AdSense (Advertising) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js
google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag managers) Expand

Overall confidence: 100%
Detected patterns

\.googletagmanager\.com/
googletagmanager\.com/gtm\.js

OpenX (Advertising) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

cdn\.jsdelivr\.net

33Across (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.33across\.com/

Cloudflare Bot Management (Security) Expand

Overall confidence: 100%
Detected patterns

Ezoic (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.ezo(?:js|ic|dn)\.(?:com|net)

Google Publisher Tag (Advertising) Expand

Overall confidence: 100%
Detected patterns

securepubads\.g\.doubleclick.net/tag/js/gpt\.js

ID5 (Advertising) Expand

Overall confidence: 100%
Detected patterns

^https://(?:cdn\.)?id5-sync\.com/

LiveIntent (Email) Expand

Overall confidence: 100%
Detected patterns

\.liadm\.com

Teads (Advertising) Expand

Overall confidence: 100%
Detected patterns

teads\.tv

theTradeDesk (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.adsrvr\.org/

Page Statistics

302
Requests

89 %
HTTPS

0 %
IPv6

66
Domains

96
Subdomains

76
IPs

5
Countries

2678 kB
Transfer

10105 kB
Size

124
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://download2333.mediafire.com/4vjcaqplhsygbFAhTIeebAWaqfcp_y6NoBrMknCab53YhUAYBPBuv7v10Bv_uvVwex9feAuAhAE6lAt31kN5s7Ag8_L0x67k9v_Y7uAoJiPR-baksKq2CGnUHqsNNW8sxjF-36LgwCgO0GRVEusU6jApVBmcZ9M1WwJl5zJ-J58/kyink5vgb4rtnsf/PEAK.zip
Title: Download (1.56GB)

Search URL Search Domain Scan URL

URL: http://blog.mediafire.com/
Title: Company Blog

Search URL Search Domain Scan URL

URL: https://www.fast.io/?utm_source=mfftr_file
Title: Cloud Storage for Teams

Search URL Search Domain Scan URL

URL: https://www.fast.io/alternatives?utm_source=mfftr_file
Title: Compare

Search URL Search Domain Scan URL

URL: https://www.fast.io/alternatives/dropbox?utm_source=mfftr_file
Title: Dropbox Alternative

Search URL Search Domain Scan URL

URL: https://www.fast.io/alternatives/box?utm_source=mfftr_file
Title: Box.com Alternative

Search URL Search Domain Scan URL

URL: https://www.fast.io/alternatives/google-drive?utm_source=mfftr_file
Title: Google Drive Alternative

Search URL Search Domain Scan URL

URL: https://mediafire.zendesk.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://translate.google.com/
Title: Translate

Search URL Search Domain Scan URL

URL: https://twitter.com/#!/mediafire

Search URL Search Domain Scan URL

URL: https://www.facebook.com/mediafire

Search URL Search Domain Scan URL

URL: https://twitter.com/mediafire
Title: Twitter Page

Search URL Search Domain Scan URL

URL: https://blog.mediafire.com/
Title: MediaFire Blog

Search URL Search Domain Scan URL

URL: https://adclick.g.doubleclick.net/aclk?sa=L&ai=Cap9CvrjhadP3NYio3ugPjpny6A_PlantgwHns7mozAzAjbcBEAEg9PnGJWD96KKB8APIAQngAgCoAwHIAwKqBM4CT9CL86f7H12yu5oAIReSoyK85RWJeThaP6NO-7OtYAwsPjEm72D-tkwZKN4ObT63CF-86-dJgc2UAI4ADwe2xe_afMMes80zdT--mLmnIJwnuicalVPZNXk18mG6IH8_DFe6241fShcCeSDL68YZ7jzfi2XZHm3oj5NUxgKtVZruhwMxa8ix0jubmm6fK2raj55_E56aOv2J7Rd3KL7pw-_iLBOvpdqFylxZvXb4WVuIh2v1QCHydwdfKfgQGcDKnlbxFa9zm3ljDiDLlud-Grd31hYx3JnzHo0nmBWMVrP-HOLB57e8jG5vNfMZBKNfoOBsZuzgVWMM9gBJ3IEN1hFlgHWMqwc2-WBhyZNS1TXaa5uBizrm_bfb7YjVotSTDYTkM4tTSwRhmvmaxcYlcusfSF8aFS0k3M3NdgQl_v5hbOTRm0n9G7m40l5AL-AEAYAGuarPsrS_tKLAAaAGIagHk9ixAqgHlNixAqgHldixAqgHmuGxAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQKoB62-sQKoB7_TsQLYBwDSCCwIgGEQATIIioKAgICAgAg6DYBAgMCAgICAqIACqANIvf3BOlidgvfph_STA_oLAggBgAwBqg0CQ0HiDRMIgbr36Yf0kwMVCJQXBx2OjBz96g0TCI3U-OmH9JMDFQiUFwcdjowc_YgO____________AdAVAYAXAbIXEBgMKgozMzQ1MzgzNzc0UAGqGBcJ9ihcjwSOEkESCjMzNDUzODM3NzQYAQ&num=1&sig=AOD64_2l9Kh3WkbeP21GvkV7GGBxgy_vrw&client=ca-pub-6396844742497208&adurl=https://ban.2trk.info/click?requiredParamsv1=H4sIAAAAAAAA_31SbW_aMBD-K1GlSq1ojB2f39injLE3XlYGGt2-oISYkRJIGkKByj9-l8CHrpqm851Pj89n391zJR1F6YajZqdumG-r0kbZXTf0x13nM8QY4AnhGg1l2gCjyhjH3Qi1tgJjRo45qMNHjatrvNjHvuRGagAFARgVUO0CcXmJNrdqBScFl4ErknS-SuP5focvBQhzxyhVTDtDaE85evdGMCSggfQp-Eydv8iUkkCpUGCAn_P6DJpEHVQ0hHZQyBt1Nf5KsSW9Se_br9NCVJt9bwqzx4r1NOX2lLvppJW0iuTYqlrJM7ocnfdf0GGMai2xUCMMYpMpYoFo7Vu4RuEUbXfQx4qlggiUML4ADj5oqX0tTOTHfMGMTRIa2AWGDfOXNMuitiDUu3lg7J03SLf7o3fUci7h1guLIrMzG_fTqi24Ilx6N_3P0-HgzsvStfU-2cU6v_W6qzLf2DYDRWgt3iRaRmV6ueJmsabx488-_xpmT99Xiw_j3cM4xOavqqrYXfPwOviI63A4kI1N0miZlpYs8g1iyzSzuK1P6XYtnn_HUFbb3RKR-17YJy9pcYlphl2Ve1vP4UwW1MCxCw_-yZTXzfzvOBrK1XkZETVHkQRtCu2aGh6FDsfxKgyZ_7jvXnjc8OuvYpyWhFFJDJ4wqFNe_QE8ariTHAMAAA%3Bdurl155=::c15=4819::ul15=https%3A%2F%2Fwww.awin1.com%2Fcread.php%3Fs%3D4519990%26v%3D94251%26q%3D523479%26r%3D2210639%26clickref%3D%5B%7Bcreative_id%7D%5D%7Breffer_d%7D%26pref1%3D%7Breffer_url%7D%26extr%3D%7Breffer_url%7D
Title: Healthy Feet, Happy Life

Search URL Search Domain Scan URL

URL: https://adclick.g.doubleclick.net/aclk?sa=L&ai=Cyo4SvrjhaZu0OaLn6toPjPjz6AXPlantgwHns7mozAzAjbcBEAEg9PnGJWD96KKB8APIAQngAgCoAwHIAwKqBM4CT9C8OLnNSx2J17qCBW_P-i6gmigbUfilkRQ3MEptXwKXCtFQrbP0Z4AYiqC12r10pMnlYo2vF8VdNmrN2WH3D-oBwsGz7Mw-ZIfci6fPBACIZZ9Odrb73lsLxWwEpYZsyzLQyrDgdzbmD9-x8-uuiQPtLSjvU_fDAuOe1Zoy536NEXW4vWn9AL6y1WWWmaWscr0uCGwgA43w7ox4_gv_3vIRsjZkusas_SU2--GYlWJ3LEE0r_HoznWudGiBPdk_rC5ImJygkm9o_jfhLDvQJaPpRizd1_vtCiT0t4vrrvgO1jXJnft4c7YSxxVsyPkKIZpBJ9zW88ZpsMaqgSBgRo08avq6OfDYeszs47XmToPyeQlGOje15tFao4VZSlmj3lWyscsFsKluz9jwFAOU1Lf7mOktTfBIK_NeGwS3seG4QrsBzSNupgpIJNDBFeAEAYAG98SyveeK2stnoAYhqAeT2LECqAeU2LECqAeV2LECqAea4bECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAqgHrb6xAqgHv9OxAtgHANIILAiAYRABMgiKgoCAgICACDoNgECAwICAgICogAKoA0i9_cE6WJj0-emH9JMD-gsCCAGADAGqDQJDQeINEwiUyPrph_STAxWis1oFHQz8HF3qDRMIhuH76Yf0kwMVorNaBR0M_BxdiA7___________8B0BUBgBcBshcQGAwqCjMzNDUzODM3NzRQAaoYFwn2KFyPBI4SQRIKMzM0NTM4Mzc3NBgB&num=1&sig=AOD64_0Wb_EauwdvpoxTV1qFfpJHzkAhRw&client=ca-pub-6396844742497208&adurl=https://ban.2trk.info/click?requiredParamsv1=H4sIAAAAAAAA_31SWW_bMAz-K0aBAi0cK7olZ0-O5x1I4rZI0BZ7CRwfqxc7NlLnKvTjRzl56LphoHiAIimR_K6kwUBhEPcam1mz6bZ5Ug3CwHsIjUeM4L7knPlMcy18IX1tCIdQxDQITCkmimLJDTMxsJUCCsWGGG7z497UHFS7W3mS-VJzrjjlPuRpQ8XladxnWeZGSgb-Njks67pepol9zjAkoDzBWBFtfIQjZfDgA0EuxVR6mHtEnT9JlJIcY6EE5uJc2bMdQKERMAiER0DoAxvrf8cwpWge3f04paKrd9GCP_3qSKQxy0-NWczdzG2zo9u52R5MBsb4OxiEYK0ltOoLH3yfre_vkcLNfAE3VLg7F04cLECG0wlMw2d0pbKs8CSVhccToT2tVeqpLCUpEzldJQWEzZq3sqqSoUDYuXkm5JMzLTe7o3PUcin5rRO0bZU_5atJ2Q0FU4hJ52bybTGbDpyqXOfO1zxdN7dO-LJt6nxIuELYkjNPimRbXlLMPpqN18fx4a4TXvXov8KGnk8PsJaXrmtfr1lwTb_AORwOqM6zMinKbY7SpgZfUVY5qPWp3KzF_ueKb7vNawGe-yiYoLeyvcT0QOi2u9xu6AwkYGroBSP_RNH7Mf93UT0cbV2GLIhhy2qI-dCCxsF8xGDxGkKWj_fhBeM99v5oxmiJCJbIx4gSC-z46jci9CzQSQMAAA%3Bdurl155=::c15=5383::ul15=https%3A%2F%2Fwww.awin1.com%2Fcread.php%3Fs%3D4542265%26v%3D106855%26q%3D583706%26r%3D956601%26clickref%3D%5B%7Bcreative_id%7D%5D%7Breffer_d%7D%26pref1%3D%7Breffer_url%7D%26extr%3D%7Breffer_url%7D
Title: Cool Sleep, Warm Welcome

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b0a7532ac8ec/main.js

Request Chain 144

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&rid=esp&cc=1

Request Chain 160

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDtvCgQFXZLdPu8er6SrYeY&google_cver=1

Request Chain 162

https://match.adsrvr.org/track/cmf/openx?oxid=94796ad0-8114-7718-d16e-e0b47cf593f5&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072971&val=326187df-6ff0-40d7-9fac-35fab8801dae&ttd_puid=94796ad0-8114-7718-d16e-e0b47cf593f5&gdpr=0&gdpr_consent=

Request Chain 164

https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537073061&val=7830989017535051250&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 255

https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEGcd6v5KMH_B0H02rSr8p8g&google_cver=1&google_push=AXcoOmRxoW3WOL5gdOPfWnTrwgsufWoPa_9qe6Wp6VI3-id1QHLLGkm6k5_a-3ECJL8DpXz7snlSLV0eDGYR9kKxGL_NlP9udIqDdmwYigQqreu9v4Yp4klmD8D0WooUJ2XM-VDBefGDXuhyf3x40fM1-x-v HTTP 302
https://dclk-match.dotomi.com/match/bounce/current?DotomiTest=5aa6cd0d355f128e&is_secure=true&networkId=14000&version=1&google_gid=CAESEGcd6v5KMH_B0H02rSr8p8g&google_cver=1&google_push=AXcoOmRxoW3WOL5gdOPfWnTrwgsufWoPa_9qe6Wp6VI3-id1QHLLGkm6k5_a-3ECJL8DpXz7snlSLV0eDGYR9kKxGL_NlP9udIqDdmwYigQqreu9v4Yp4klmD8D0WooUJ2XM-VDBefGDXuhyf3x40fM1-x-v HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AQAHvDtv1QDN2QICXoYKAQEBAQEBAQCcmLiwBgEBAJyYuLAG&expiration=1776486976&google_cver=1&is_secure=true&google_gid=CAESEGcd6v5KMH_B0H02rSr8p8g&google_push=AXcoOmRxoW3WOL5gdOPfWnTrwgsufWoPa_9qe6Wp6VI3-id1QHLLGkm6k5_a-3ECJL8DpXz7snlSLV0eDGYR9kKxGL_NlP9udIqDdmwYigQqreu9v4Yp4klmD8D0WooUJ2XM-VDBefGDXuhyf3x40fM1-x-v

Request Chain 256

https://a.tribalfusion.com/i.match?p=b6&u=CAESEP_3X9cdFQE-3QNHQrlMPZM&google_cver=1&google_push=AXcoOmQahJzJhANO9puCBlVJFqMMI7RFpTHNF2NK0jiRg_66OBKlxENWpcUmphEeo2MgWBRlk_2AMQMZ4pOMwuYyijQ7FpWmANaMsxNDElpQnX6WF77eIeAEQXGTBn7DZqC0k9MsBb4osQqvCG_74jBFZ_IY&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQahJzJhANO9puCBlVJFqMMI7RFpTHNF2NK0jiRg_66OBKlxENWpcUmphEeo2MgWBRlk_2AMQMZ4pOMwuYyijQ7FpWmANaMsxNDElpQnX6WF77eIeAEQXGTBn7DZqC0k9MsBb4osQqvCG_74jBFZ_IY%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEP_3X9cdFQE-3QNHQrlMPZM&google_cver=1&google_push=AXcoOmQahJzJhANO9puCBlVJFqMMI7RFpTHNF2NK0jiRg_66OBKlxENWpcUmphEeo2MgWBRlk_2AMQMZ4pOMwuYyijQ7FpWmANaMsxNDElpQnX6WF77eIeAEQXGTBn7DZqC0k9MsBb4osQqvCG_74jBFZ_IY&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQahJzJhANO9puCBlVJFqMMI7RFpTHNF2NK0jiRg_66OBKlxENWpcUmphEeo2MgWBRlk_2AMQMZ4pOMwuYyijQ7FpWmANaMsxNDElpQnX6WF77eIeAEQXGTBn7DZqC0k9MsBb4osQqvCG_74jBFZ_IY%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=exp&google_push=AXcoOmQahJzJhANO9puCBlVJFqMMI7RFpTHNF2NK0jiRg_66OBKlxENWpcUmphEeo2MgWBRlk_2AMQMZ4pOMwuYyijQ7FpWmANaMsxNDElpQnX6WF77eIeAEQXGTBn7DZqC0k9MsBb4osQqvCG_74jBFZ_IY&google_ula=2786954&google_hm=18072661955249290803

Request Chain 257

https://sync.ipredictive.com/d/sync/cookie/generic?https://cm.g.doubleclick.net/pixel?google_nid=adelphic_mobile&google_gid=CAESEAABzg3aGp7jGrhu9kwg9RQ&google_cver=1&google_push=AXcoOmQFMVtcRipg5S61Xp_jpRDK-JOSKW8R5l9f1ya0iXOTt_eOYqqHqJ5UpNTdSeKtKVAF4wwqP7dWXPX9SfmmBr3uIzXcNGvBXjhryPwgm9r6S2uBAhmXusu99aOllgJLlIscBLsRbHbgT8Ln3rre1LQ&google_hm=${ADELPHIC_CUID_B64} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adelphic_mobile&google_gid=CAESEAABzg3aGp7jGrhu9kwg9RQ&google_cver=1&google_push=AXcoOmQFMVtcRipg5S61Xp_jpRDK-JOSKW8R5l9f1ya0iXOTt_eOYqqHqJ5UpNTdSeKtKVAF4wwqP7dWXPX9SfmmBr3uIzXcNGvBXjhryPwgm9r6S2uBAhmXusu99aOllgJLlIscBLsRbHbgT8Ln3rre1LQ&google_hm=rV3fIeM5QZWc85JYRqROtw==

Request Chain 258

https://creativecdn.com/cm-notify?pi=adxab&google_nid=rtb_house&google_gid=CAESEImVu45Rk247GcdnwAqnQWE&google_cver=1&google_push=AXcoOmRK6y2qq8CdFodgzM_jn_asYo3sYp6hMlCkWm-K01NALlHIaH1V4HBRtdc1I29Qy-EjgPJKwnjhkwUg0twM1QACn6ynePCM1xsVGKR31QOHSslDuNFZpZj1mWsGeG7aHLGrystZ77SUv3Iou_4G2FtI HTTP 302
https://creativecdn.com/cm-notify?pi=adxab&google_nid=rtb_house&google_gid=CAESEImVu45Rk247GcdnwAqnQWE&google_cver=1&google_push=AXcoOmRK6y2qq8CdFodgzM_jn_asYo3sYp6hMlCkWm-K01NALlHIaH1V4HBRtdc1I29Qy-EjgPJKwnjhkwUg0twM1QACn6ynePCM1xsVGKR31QOHSslDuNFZpZj1mWsGeG7aHLGrystZ77SUv3Iou_4G2FtI&tc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_ula=5153224&google_hm=16sQnisZYvx_Sa12PLO7zHvm9YbRs6DT6Decnudsuxk&pi=adx&tdc=ams&pi=adxab&google_nid=rtb_house&google_gid=CAESEImVu45Rk247GcdnwAqnQWE&google_cver=1&google_push=AXcoOmRK6y2qq8CdFodgzM_jn_asYo3sYp6hMlCkWm-K01NALlHIaH1V4HBRtdc1I29Qy-EjgPJKwnjhkwUg0twM1QACn6ynePCM1xsVGKR31QOHSslDuNFZpZj1mWsGeG7aHLGrystZ77SUv3Iou_4G2FtI&tc=1

Request Chain 259

https://bb.lijit.com/dsp/google/pixelmatch?google_gid=CAESED_xjoqdSfO0H7tBR6veMPM&google_cver=1&google_push=AXcoOmRXmv1Lrvk68tJD6CZrk9YXsykJkyLL6rtRgM4eoi9YIkDPXTAgecierlt9Y0VmgZQjkKGUoHVqP1_MzYjTdl9gCrrDBLV8OfmSfSw5t8COg0JWA8ayCaPQvqBPDruTugRLKGGgFim1skIMsXYHE4c HTTP 307
https://bb.lijit.com/dsp/google/pixelmatch?google_gid=CAESED_xjoqdSfO0H7tBR6veMPM&google_cver=1&google_push=AXcoOmRXmv1Lrvk68tJD6CZrk9YXsykJkyLL6rtRgM4eoi9YIkDPXTAgecierlt9Y0VmgZQjkKGUoHVqP1_MzYjTdl9gCrrDBLV8OfmSfSw5t8COg0JWA8ayCaPQvqBPDruTugRLKGGgFim1skIMsXYHE4c&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRXmv1Lrvk68tJD6CZrk9YXsykJkyLL6rtRgM4eoi9YIkDPXTAgecierlt9Y0VmgZQjkKGUoHVqP1_MzYjTdl9gCrrDBLV8OfmSfSw5t8COg0JWA8ayCaPQvqBPDruTugRLKGGgFim1skIMsXYHE4c&google_hm=Mg7UAGZHR_zjofCvTcGebDxA

Request Chain 260

https://google.partners.tremorhub.com/sync?UIDF=CAESEDOvaB4HbIBTsUcAFcwQ-to&google_cver=1&google_push=AXcoOmSAdDZfAiMO3J7tUlAXsXhgzwMvpyZ5iT-0lCYk6Oh-sJAY1CheV4hi3wLVxvQTsuChhF7jj4Lar9i0ZysGJzoyTmrR2BGPG5M77XNNuT6M9XyZ5ir66cOC-MAKWOxYJhwzYlKbSq9wsMoVNy77zi4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=ZGQ1ZDA4M2NhZjExNGM5N2E2YzdjYTRlMDYwM2VmZWI%3D&UIDF=CAESEDOvaB4HbIBTsUcAFcwQ-to&google_cver=1&google_push=AXcoOmSAdDZfAiMO3J7tUlAXsXhgzwMvpyZ5iT-0lCYk6Oh-sJAY1CheV4hi3wLVxvQTsuChhF7jj4Lar9i0ZysGJzoyTmrR2BGPG5M77XNNuT6M9XyZ5ir66cOC-MAKWOxYJhwzYlKbSq9wsMoVNy77zi4

Request Chain 261

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEMY7xr3N7VbKXZ1-f0XIr4A&google_cver=1&google_push=AXcoOmRybbvKod9i0H9tSRWn7a32bdI_aOqhai8nMj8ayWs6ZFk3Wz1pr82lHN3BZK3g-0fWW8rnO_5PDv_DCGC6x8AOpMnl5A-nUI6IWgiV_F3doT8aIlMEJI7ymlflJEXgCBNO64mSqjxLurevTs-Fr7Ge HTTP 302
https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEMY7xr3N7VbKXZ1-f0XIr4A&google_cver=1&google_push=AXcoOmRybbvKod9i0H9tSRWn7a32bdI_aOqhai8nMj8ayWs6ZFk3Wz1pr82lHN3BZK3g-0fWW8rnO_5PDv_DCGC6x8AOpMnl5A-nUI6IWgiV_F3doT8aIlMEJI7ymlflJEXgCBNO64mSqjxLurevTs-Fr7Ge&ld=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_push=AXcoOmRybbvKod9i0H9tSRWn7a32bdI_aOqhai8nMj8ayWs6ZFk3Wz1pr82lHN3BZK3g-0fWW8rnO_5PDv_DCGC6x8AOpMnl5A-nUI6IWgiV_F3doT8aIlMEJI7ymlflJEXgCBNO64mSqjxLurevTs-Fr7Ge&google_hm=MTI3NDA2NTc5NTQyMzA1MDgzMTI1Nw%3D%3D

Request Chain 263

https://b.applovin.com/v1/gcm/push?google_gid=CAESEO_NWncdgwCwcEe2TsdwSPE&google_cver=1&google_push=AXcoOmTxf0I59p5_RgE4f-W1hZryY14WLo7ZZwZX-cPKlQT1z_vgMafQJpwXU49vczYXTxfGEXBdGfjLu5aVwzqd5aN66NXQxqnJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=aplv&google_push=AXcoOmTxf0I59p5_RgE4f-W1hZryY14WLo7ZZwZX-cPKlQT1z_vgMafQJpwXU49vczYXTxfGEXBdGfjLu5aVwzqd5aN66NXQxqnJ

Request Chain 264

https://pixelfnt-us.dsp-api.moloco.com/v1/cm/adxpm?google_gid=CAESEG4HPqWGAht-ibv1Uvsf-pY&google_cver=1&google_push=AXcoOmTXspHbVY1WO6jCpf4PSAtNTKERBK2glLNCXzYZ0yw6fsY_wZtyHsUzPssoROFhpn8ZtbdJW3MWIlvXdl5A487a__kRv6vV HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=moloco_ads&google_hm=himcSM1RRHejsveUypoCFg&google_push=AXcoOmTXspHbVY1WO6jCpf4PSAtNTKERBK2glLNCXzYZ0yw6fsY_wZtyHsUzPssoROFhpn8ZtbdJW3MWIlvXdl5A487a__kRv6vV

Request Chain 265

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEOd_Itq082npOGmK-EH3nN8&google_cver=1&google_push=AXcoOmTbgiGm3e3N9jCPI4MsCWk_UaITHXKGioUdvtAkYBZCGjFzeNnFTeQCD6rzuToJFhiaSp-x7wytG4hJug6aIJrMDzONMlS3 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmTbgiGm3e3N9jCPI4MsCWk_UaITHXKGioUdvtAkYBZCGjFzeNnFTeQCD6rzuToJFhiaSp-x7wytG4hJug6aIJrMDzONMlS3&google_hm=

Request Chain 266

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEMY7xr3N7VbKXZ1-f0XIr4A&google_cver=1&google_push=AXcoOmQnQGQ6r504KdBpddtMFKgoFqtAcbYYqwt2reMkJ5WTI5CiBY5nLT9_Vs8oN7_Cb2a6bYYEJJhHUI5rRRAvBR_xpKttB5Y HTTP 302
https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEMY7xr3N7VbKXZ1-f0XIr4A&google_cver=1&google_push=AXcoOmQnQGQ6r504KdBpddtMFKgoFqtAcbYYqwt2reMkJ5WTI5CiBY5nLT9_Vs8oN7_Cb2a6bYYEJJhHUI5rRRAvBR_xpKttB5Y&ld=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_push=AXcoOmQnQGQ6r504KdBpddtMFKgoFqtAcbYYqwt2reMkJ5WTI5CiBY5nLT9_Vs8oN7_Cb2a6bYYEJJhHUI5rRRAvBR_xpKttB5Y&google_hm=MjcyOTU4NTk5MTQyNTA0Mzk0NzQ3Nw%3D%3D

Request Chain 268

https://cm-mx.advolve.io/pixel?google_gid=CAESEB24Sb4zirWV1Bd_wqawuzo&google_cver=1&google_push=AXcoOmTkIPV5ks7rOE4i1ufnWz_0PlISnK6drRPqSA9SskCEsOOAx77giChPUZ38S0jRcsmy3L7Dckw9V_udEV-6isZAVRgaRmjNmA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=advolve&google_push=AXcoOmTkIPV5ks7rOE4i1ufnWz_0PlISnK6drRPqSA9SskCEsOOAx77giChPUZ38S0jRcsmy3L7Dckw9V_udEV-6isZAVRgaRmjNmA&google_hm=69e1b8c1036ece8017af66a4&google_ula=9190312969

Request Chain 269

https://s.seedtag.com/cs/cookiesync/google?google_gid=CAESEMVMuqAwijZGcAC10OQCkFU&google_cver=1&google_push=AXcoOmQfWt3mVwi2cNVtbKNyYzykTwTk8aWXrjeij9jQe8VQg_52HPISK1a4RwzrI53nW5enud-etXWyVmzuMDpId-2Ej6XcD1tz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=seedtag_beachfront&google_hm=019d99b9-b0c3-7604-b1fa-159be8e222d2&google_push=AXcoOmQfWt3mVwi2cNVtbKNyYzykTwTk8aWXrjeij9jQe8VQg_52HPISK1a4RwzrI53nW5enud-etXWyVmzuMDpId-2Ej6XcD1tz

Request Chain 285

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 286

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 292

https://pixel.quantserve.com/cs?a=p-31iz6hfFutd16&gdpr=0 HTTP 302
https://pixel.quantserve.com/cs?a=p-31iz6hfFutd16&gdpr=0&__qcmcs=1

Request Chain 293

https://idsync.rlcdn.com/380609.gif?gdpr=0&partner_uid=UVtX-AVaUfhKA1P6BFYf8FFXB_xKWwf8UFXs49PX HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CMGdFxIzCi8IARCfOBooVVZ0WC1BVmFVZmhLQTFQNkJGWWY4RkZYQl94S1d3ZjhVRlhzNDlQWBAAGg0IwfGGzwYSBQjoBxAAQgBKAA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=819369a69c0c1e9b64d186defa75a85850fd699184d5bdc0f064c9bde41f8865791426b5417dce21&_=2

Request Chain 294

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=5F2UybBcksn_BZDLsVDcweRRxM3_XcTN5VOcOwJX HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=5F2UybBcksn_BZDLsVDcweRRxM3_XcTN5VOcOwJX&C=1

302 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request file Show response
www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/ 326 KB
86 KB 197ms
173ms Document
text/html 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

20467529973311fe76ff914096e9acefc5d108f1c65997f52940e667403c0a3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

access-control-allow-methods: OPTIONS, POST, GET
access-control-allow-origin: https://www.mediafire.com
alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 9ed8ba23ea9ca2b4-YUL
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 17 Apr 2026 04:36:09 GMT
expires: 0
pragma: no-cache
priority: u=0,i
server: cloudflare
server-timing: cfCacheStatus;desc="DYNAMIC" cfEdge;dur=23,cfOrigin;dur=0,cfWorker;dur=131 cfExtPri
strict-transport-security: max-age=0
vary: Accept-Encoding
x-by
x-frame-options: SAMEORIGIN
x-mf-env: liveApi
x-mf-fe: mf2
x-robots-tag: noindex, nofollow

GET
H3 200 min.js Show response
cmp.gatekeeperconsent.com/ 1 KB
801 B 63ms
26ms Script
application/javascript 104.21.42.32
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cmp.gatekeeperconsent.com/min.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.32 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 345dbaad5cd394bb195e79a7d835ee2af91c02c76413d974f2e7fd3b9fcbfe39

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: zstd
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ijQjvDDaXhU2NKdllZ8pRhSadcI5eCX53hqEDHqCsJ1Zk3pPb%2Ba6fJFYA8bTzT9KXNhpDisqiw48QxT56C%2Fop5RCkU3n0zdUbl1MT8fEdUm2CWVby7KmKPipsGvH1WRsWjulhYlA6t%2BSNFnQ"}]}
cf-ray: 9ed8ba25ab7a1185-YYZ
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: application/javascript
server: cloudflare
priority: u=1,i=?0

GET
H3 200 cmp.min.js Show response
the.gatekeeperconsent.com/ 8 KB
3 KB 61ms
27ms Script
application/javascript 104.21.42.32
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://the.gatekeeperconsent.com/cmp.min.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.42.32 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06c87cfc79d31896761b14ed789b3f747f1b885dac0ed193c16fb8d1d305083d

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: gzip
cf-cache-status: HIT
age: 134
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=etZ%2BZ1I4bwPQfk7MdeZiM1HozkAEPftqoOm7JWKiWkh9vFpNhu1rrZSmmzN8BJNifkJAWcFTpmCJKIn5fWZb6hqCXHfYU%2BlvB%2FB%2FXTh9MT5vx494CF18%2F%2FGJNtGDWwg7IEUo80vKw3YBB1bg"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:09 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 17 Apr 2026 04:33:55 GMT
priority: u=1,i=?0
cache-control: max-age=300, public
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba25ab781185-YYZ
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 319 KB
116 KB 133ms
49ms Script
application/javascript 142.251.210.40
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-829541-1

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.210.40 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

b8888a5d3bab25c13be153b403d8e76ab279e8ce9c87165182afd95261ea7d27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
expires: Fri, 17 Apr 2026 04:36:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 17 Apr 2026 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 118252
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 tag Show response
btloader.com/ 90 KB
30 KB 102ms
35ms Script
application/javascript 172.66.171.133
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.171.133 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 987483faa3960dcc7b63c8f366f5fe78487356e01f60f9b85b4c9f466f5d4dcd

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, nofollow
cache-control: public, max-age=300, stale-if-error=3600, stale-while-revalidate=300
content-encoding: br
cf-cache-status: HIT
etag: W/"a6037c96ed0d497ccc66bb6a7e1d4569"
via: 1.1 google
cf-ray: 9ed8ba264ad6ac9c-YYZ
access-control-allow-origin: *
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: application/javascript
last-modified: Fri, 17 Apr 2026 03:40:26 GMT
server: cloudflare
vary: Accept-Encoding, X-Acceptable-Ads, DNT

GET
H3 200 sa.min.js Show response
www.ezojs.com/ezoic/ 211 KB
66 KB 101ms
30ms Script
application/javascript 172.67.170.144
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://www.ezojs.com/ezoic/sa.min.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e107e5cd873b09408535a6e7b824137dcfb52c3584c627c91a6c73803ce58874

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: gzip
cf-cache-status: HIT
etag: W/"b4f2cb66bc20a293e683d8e0c26485d2"
age: 542
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=L6uUFDFvGPmEEeyHew6DAuYjYTeb7448ANffVV6UljCwKeumTS9tFya7NCLj4qz%2FkljC393wq%2FbQooGfdjv3t%2B2yVdB2ekyA5a47ACRnlfkNx3fnF8ZpXzGZBPehB5AT"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:09 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
priority: u=3,i=?0
cache-control: public, max-age=600, stale-while-revalidate=3600
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba265aedaae0-YYZ
server: cloudflare

GET
H2 200 element.js Show response
translate.google.com/translate_a/ 79 KB
28 KB 197ms
86ms Script
text/javascript 142.251.211.206
Google LLC

General

Check archive.org

Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=googFooterTranslate

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.211.206 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-ba-in-f14.1e100.net

Software

ESF /

Resource Hash

4695fc55c74f843f9e0f9fd470139bfd9eea16aa0091c48e48871f9403ccae77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:09 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
server: ESF
x-frame-options: SAMEORIGIN

GET
H2 200 v8c78df7c7c0f484497ecbca7046644da1771523124516 Show response
static.cloudflareinsights.com/beacon.min.js/ 30 KB
11 KB 67ms
26ms Script
text/javascript 104.16.79.73
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.79.73 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b77eae349a8cbcea7133cf3640a64ebf1f69d54d8f6469d7be6fdc188ca4ca4

Request headers

Origin: https://www.mediafire.com
sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"2026.2.0"
cross-origin-resource-policy: cross-origin
cf-ray: 9ed8ba262b8fa26d-YUL
access-control-allow-origin: *
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Thu, 19 Feb 2026 17:45:24 GMT
server: cloudflare

GET
H3 200 consent_modules.json Show response
privacy.gatekeeperconsent.com/ 34 B
522 B 62ms
26ms XHR
application/json 172.67.199.186
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://privacy.gatekeeperconsent.com/consent_modules.json
Requested by: Host: the.gatekeeperconsent.com
URL: https://the.gatekeeperconsent.com/cmp.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.199.186 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24434236112e2c40b190268b75b5a499d50fa6a4cd93664b9ec82f7852865ebf

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=15780000, public
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=zDEoapDSkwa0n0p9wXEK8dFxEnKFHjCCcXogShBYZCom0Pl%2F9w5kysGIXAmuGAOb0MdRPSwLjltkp%2Bret%2BNcy6%2Bb%2BJzAYKqyQb5kUM6jtbfAzxjz2Yni98IagIdIJgl3Ubj2GpSisiNzKlxmFcoR8w%3D%3D"}]}
cf-ray: 9ed8ba262c41ab76-YYZ
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 34
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: application/json;charset=UTF-8
server: cloudflare
priority: u=1,i

GET
H2 200 amplitude-8.5.0-min.gz.js Show response
cdn.amplitude.com/libs/ 68 KB
22 KB 83ms
24ms Script
application/javascript 108.139.29.53
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.53 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-108-139-29-53.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4

Request headers

Origin: https://www.mediafire.com
sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: "660c3b546f2a131de50b69b91f26c636"
x-amz-version-id: NY8_7uBz3xoXYJBVsMSBAGHOz8ixMBS3
age: 56532
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: vUUi15RYj9JXxJnCbUI06Le7P5G5DO9kM3U1VT9jy3r7pdD8okyiDw==
date: Thu, 16 Apr 2026 12:53:57 GMT
content-type: application/javascript
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified: Fri, 13 Aug 2021 22:37:42 GMT
cache-control: max-age=31536000
via: 1.1 8ca36406fe3aa11c1641e5bc917c8a74.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 22154
x-amz-cf-pop: JFK50-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 426 KB
136 KB 214ms
141ms Script
application/javascript 142.251.210.40
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.210.40 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

c2997018cce4f4ef76461aefae4f66bcee11960d04f372e37aba7a88dfc41354

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: zstd
expires: Fri, 17 Apr 2026 04:36:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 17 Apr 2026 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 139069
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 mf_logo_full_color.svg
static.mediafire.com/images/backgrounds/header/ 3 KB
2 KB 42ms
33ms Image
image/svg+xml 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"5813cfb2-d1d"
age: 8649
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/svg+xml
last-modified: Fri, 28 Oct 2016 22:22:42 GMT
priority: u=3,i
x-mf-fe: mf1
cf-ray: 9ed8ba260dd9a2b4-YUL
access-control-allow-origin: *
server: cloudflare

GET
H3 200 file-zip-v3.png
static.mediafire.com/images/filetype/ 2 KB
2 KB 41ms
32ms Image
image/png 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://static.mediafire.com/images/filetype/file-zip-v3.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4448e430d3c53bad548a5d135e1c7e2f9593e806ba47892640d430ea752e979e

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cf-cache-status: HIT
etag: "62deda56-750"
age: 14277
access-control-allow-methods: OPTIONS, POST, GET
expires: Sun, 17 May 2026 00:38:11 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/png
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
priority: u=3,i
cache-control: max-age=2592000
x-mf-fe: mf1
cf-ray: 9ed8ba260dd6a2b4-YUL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1872
server: cloudflare

GET
H3 200 icons_sprite.svg
www.mediafire.com/images/icons/svg_light/ 36 KB
9 KB 80ms
79ms Image
image/svg+xml 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://www.mediafire.com/images/icons/svg_light/icons_sprite.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"62deda56-90ab"
age: 7765
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
priority: u=3,i
cf-ray: 9ed8ba260dc8a2b4-YUL
x-mf-fe: mf2
access-control-allow-origin: *
server: cloudflare

GET
H3 200 apps_list_sprite-v6.png
static.mediafire.com/images/backgrounds/download/ 8 KB
8 KB 41ms
34ms Image
image/png 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/apps_list_sprite-v6.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc54b817820f14ce6395ba2a037f37d4bb0af75d5b017336140793fbe2f7f738

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cf-cache-status: HIT
etag: "62deda56-1fd1"
age: 320
access-control-allow-methods: OPTIONS, POST, GET
expires: Sun, 17 May 2026 04:30:49 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/png
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
priority: u=3,i
cache-control: max-age=2592000
x-mf-fe: mf2
cf-ray: 9ed8ba260dd5a2b4-YUL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 8145
server: cloudflare

GET
H3 200 arrow_dropdown.svg
www.mediafire.com/images/icons/svg_dark/ 315 B
496 B 110ms
107ms Image
image/svg+xml 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"62deda56-13b"
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
priority: u=3,i
cf-ray: 9ed8ba260dcba2b4-YUL
x-mf-fe: mf1
access-control-allow-origin: *
x-by
server: cloudflare

GET
H3 200 check_circle_green.svg
static.mediafire.com/images/icons/svg_dark/ 444 B
534 B 33ms
32ms Image
image/svg+xml 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://static.mediafire.com/images/icons/svg_dark/check_circle_green.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"62deda56-1bc"
age: 3653
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
priority: u=1,i
x-mf-fe: mf1
cf-ray: 9ed8ba262df7a2b4-YUL
access-control-allow-origin: *
server: cloudflare

GET
H3 200 fb_16x16.png
static.mediafire.com/images/backgrounds/download/social/ 181 B
438 B 32ms
31ms Image
image/png 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/social/fb_16x16.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 720671166ac43aba99e3952b0b9341ab4e0fee1fd891db54e2a07f05db653142

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cf-cache-status: HIT
etag: "62deda56-b5"
age: 318
access-control-allow-methods: OPTIONS, POST, GET
expires: Sun, 17 May 2026 04:30:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/png
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
priority: u=1,i
cache-control: max-age=2592000
x-mf-fe: mf2
cf-ray: 9ed8ba262df5a2b4-YUL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 181
server: cloudflare

GET
H3 200 infinity.js.aspx Show response
cdn.econventa.com/Scripts/ 160 KB
47 KB 78ms
41ms Script
text/javascript 104.26.8.66
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cdn.econventa.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.8.66 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26c3c701626ccdf73fb245abb8129d074266393359113e6e51b806181a69a5de

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=1200, no-transform
content-encoding: gzip
cf-cache-status: HIT
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
age: 859
cf-ray: 9ed8ba269beb880c-YYZ
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: text/javascript
vary: Accept-Encoding
server: cloudflare
last-modified: Fri, 17 Apr 2026 04:21:50 GMT
priority: u=3,i=?0

GET
H3 200 footerIcons.png
static.mediafire.com/images/backgrounds/footer/social/ 583 B
841 B 35ms
34ms Image
image/png 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cf-cache-status: HIT
etag: "62deda56-247"
age: 6315
access-control-allow-methods: OPTIONS, POST, GET
expires: Sun, 17 May 2026 02:50:54 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/png
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
priority: u=3,i
cache-control: max-age=2592000
x-mf-fe: mf2
cf-ray: 9ed8ba266e41a2b4-YUL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 583
server: cloudflare

GET
H3

200

main.js Show response
www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b0a7532ac8ec/ Frame 7C91
Redirect Chain

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b0a7532ac8ec/main.js?

27 KB
12 KB

31ms
30ms

Script
application/javascript

104.17.148.83
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b0a7532ac8ec/main.js?

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file

Protocol

Server

104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2feb65a69a2bc9f2f95fe88598da7ebcb50a20328709596b01bba5866e38bdf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
content-encoding: gzip
x-content-type-options: nosniff
cf-ray: 9ed8ba270f2da2b4-YUL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
priority: u=3,i=?0

Redirect headers

cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/b0a7532ac8ec/main.js?
cf-ray: 9ed8ba26bebda2b4-YUL
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:09 GMT
server: cloudflare
priority: u=3,i=?0

POST
H2 200 / Show response
api.amplitude.com/ 7 B
137 B 261ms
87ms XHR
text/html 52.10.154.206
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://api.amplitude.com/

Requested by

Host: cdn.amplitude.com
URL: https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.10.154.206 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-10-154-206.us-west-2.compute.amazonaws.com

Software

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=15768000
access-control-allow-origin: *
content-length: 7
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: text/html;charset=utf-8

GET
H3 200 like.php Show response
www.facebook.com/plugins/ Frame 3AA6 18 KB
7 KB 96ms
59ms Document
text/html 157.240.241.35
Facebook

General

Check archive.org

Download Go to

Full URL

https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.35 New York, United States, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

edge-star-mini-shv-02-lga3.facebook.com

Software

Resource Hash

0b887160fe14be4d99e139f8b766e0dd9135dfc9dd381682aea27ee4c989f14c

Security Headers

Name	Value
Content-Security-Policy	default-src blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net .facebook.net .whatsapp.com .whatsapp.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1: 'nonce-q1WIDnCC' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com .instagram.com https://accounts.google.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;child-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net accounts.meta.com .accounts.meta.com https://trustly.one/ https://.trustly.one/ https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;manifest-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;object-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: zstd
content-security-policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net *.facebook.net *.whatsapp.com *.whatsapp.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-q1WIDnCC' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://accounts.google.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none;report-to="coop_report"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Apr 2026 04:36:09 GMT
document-policy: force-load-at-top include-js-call-stacks-in-crash-reports
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?1
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self "https://www.fbsbx.com"), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma: no-cache
priority: u=0,i
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7629582349739586981&cpp=C3&cv=1037539916&st=1776400569564"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7629582349739586981&cpp=C3&cv=1037539916&st=1776400569564", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=23, rtx=0, c=23, mss=1232, tbw=4945, tp=8, tpl=0, uplat=38, ullat=0
x-fb-debug: Y5GqCercb0zvzLddDti7FY5s6um+6u7BbsM1PaJRMqX6fnblRkpI4WH1H+BycT0BWd4CuG90KRXU8xo1m06B/w==
x-xss-protection: 0

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
109 B 99ms
27ms Fetch
image/gif 104.20.47.80
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=2&e=0.7615866781341674
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.47.80 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 4
x-goog-stored-content-encoding: identity
expires: Fri, 20 Mar 2026 08:25:52 GMT
x-goog-stored-content-length: 43
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: AOCedOE4ceqfKqcxsn6FfQCul5MU3fPppaJoaSAD4zIpDi_AuCRSOF0vpherOnDkBFq5ISKOXI37mOc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9ed8ba27ac97ac9f-YYZ
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H3 200 favicon.ico Show response
ad.doubleclick.net/ 1 KB
129 B 124ms
61ms Fetch
image/x-icon 142.251.211.166
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.18733801555118512

Requested by

Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.211.166 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Sat, 18 Apr 2026 04:36:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Tue, 08 May 2012 13:08:06 GMT
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
611 B 95ms
30ms Fetch
image/gif 104.20.47.80
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.819443531460998
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.47.80 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 4
x-goog-stored-content-encoding: identity
expires: Fri, 20 Mar 2026 08:25:52 GMT
x-goog-stored-content-length: 43
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: AOCedOE4ceqfKqcxsn6FfQCul5MU3fPppaJoaSAD4zIpDi_AuCRSOF0vpherOnDkBFq5ISKOXI37mOc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9ed8ba27ac99ac9f-YYZ
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H2 200 dns Show response
ab.dns-finder.com/meta/ 2 B
233 B 109ms
44ms Fetch
text/plain 34.36.200.111
Google LLC

General

Check archive.org

Download Go to

Full URL: https://ab.dns-finder.com/meta/dns
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.36.200.111 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 111.200.36.34.bc.googleusercontent.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: private, max-age=180, stale-if-error=180, stale-while-revalidate=180
access-control-expose-headers: X-Resolver
x-resolver: default
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: text/plain; charset=utf-8
vary: Origin

GET
H2 200 trustedIframe.html Show response
btloader.com/ Frame B6E6 6 KB
2 KB 77ms
29ms Document
text/html 104.20.20.189
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://btloader.com/trustedIframe.html?o=5678961798414336&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.20.189 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f124cdc02a40817853db0a92e2dd20e0d4342c9b3532edb34429a78a2bbac54

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

cache-control: public, max-age=3600, stale-while-revalidate=3600
cf-ray: 9ed8ba27cae274a5-YYZ
content-encoding: br
content-type: text/html
date: Fri, 17 Apr 2026 04:36:09 GMT
server: cloudflare

GET
H3 200 Tag.engine Show response
econventa.com/ 2 KB
3 KB 72ms
57ms Script
application/json 104.26.8.66
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://econventa.com/Tag.engine?time=420&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=4794&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=-480&fpe=1&bw=1600&bh=1200&res=1600x1200&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone
Requested by: Host: cdn.econventa.com
URL: https://cdn.econventa.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.8.66 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: be514bd685c7bce2cc33ee1047411c157196d703bff6d975f291c0ed9b1f18d4

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
cf-ray: 9ed8ba27ac01880c-YYZ
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
priority: u=3,i=?0

GET
H3 200 world.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 143 KB
53 KB 76ms
69ms Image
image/svg+xml 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/world.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4342feac38021c4fe3069eba0edf1c2e1b4345e2b548b0afb7ab21b7369b3bc8

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"62deda56-23ce2"
age: 6760
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
priority: u=3,i
x-mf-fe: mf2
cf-ray: 9ed8ba279fe1a2b4-YUL
access-control-allow-origin: *
server: cloudflare

GET
H3 200 continent-sa.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 10 KB
4 KB 48ms
39ms Image
image/svg+xml 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/continent-sa.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c42f6f372e1047cacdeafa25cee35701fbe2abfde78a89e6e1efb08912d1f629

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"62deda56-2725"
age: 10763
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
priority: u=3,i
x-mf-fe: mf2
cf-ray: 9ed8ba279fe8a2b4-YUL
access-control-allow-origin: *
server: cloudflare

GET
H3 200 chl.svg
static.mediafire.com/images/flags_svg/ 595 B
551 B 51ms
44ms Image
image/svg+xml 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://static.mediafire.com/images/flags_svg/chl.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 182cfbccaaf2caa5d9af0f7b37ef6197cec542af2f0c4813f604b80fd1fec297

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"62deda56-253"
age: 12933
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
priority: u=3,i
x-mf-fe: mf2
cf-ray: 9ed8ba279feaa2b4-YUL
access-control-allow-origin: *
server: cloudflare

GET
H3 200 flag.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 234 B
440 B 37ms
30ms Image
image/svg+xml 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/flag.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f52a0c7d9fa7ae8e45916c491ae7193f9a1e289f128f05264122c53d8da970db

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"62deda56-ea"
age: 7148
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
priority: u=3,i
x-mf-fe: mf2
cf-ray: 9ed8ba279feca2b4-YUL
access-control-allow-origin: *
server: cloudflare

GET
H3 200 mf_round.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 1 KB
1 KB 40ms
33ms Image
image/svg+xml 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/mf_round.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1a67642fc97b508ce07cf6df329022bf5184a1c573044dc021e0d6e64688c64

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"62deda56-5b1"
age: 12810
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
priority: u=3,i
x-mf-fe: mf1
cf-ray: 9ed8ba279fefa2b4-YUL
access-control-allow-origin: *
server: cloudflare

GET
H3 200 browser_chrome.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 8 KB
2 KB 47ms
41ms Image
image/svg+xml 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/browser_chrome.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c6ba1010c2cc88c59de9e9584728da124770fa399643ffc1beffcec54b84be7

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"62deda56-1e24"
age: 7710
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
priority: u=3,i
x-mf-fe: mf1
cf-ray: 9ed8ba279ff0a2b4-YUL
access-control-allow-origin: *
server: cloudflare

POST
H3 200 9ed8ba23ea9ca2b4 Show response
www.mediafire.com/cdn-cgi/challenge-platform/h/g/jsd/oneshot/b0a7532ac8ec/0.7040220672290953:1776398894:CiQBm4pLNeI6oM5OpbLWDQlh_1liApyMfEJ491mx-PE/ Frame 7C91 0
1 KB 30ms
22ms XHR
text/plain 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/jsd/oneshot/b0a7532ac8ec/0.7040220672290953:1776398894:CiQBm4pLNeI6oM5OpbLWDQlh_1liApyMfEJ491mx-PE/9ed8ba23ea9ca2b4
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0

Response headers

timing-allow-origin: https://www.mediafire.com
cf-ray: 9ed8ba2828c5a2b4-YUL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
content-length: 0
cf-chl-out-s: R6PkrsZtv0DCE3knsvcp5uhx1UsLV2+94zqN01r6uDn2QB3n0zkXhwY0KIwWnnDOfsYmEK0GCmc4GtV6GRwgVzkXsDdOB3NBj+KpjQokHDakU72n8R6kgunHq2/LJ1gK98ffRKZuj7FwjoBlkRizNGuYQjqtE9itupZZM2lKquR8hwwif0AuQbl/MO+8/DxQx5qGhix/YZgkacvE6kTp0Zzu1IKqK1rpw8gAz4GIySSOl8qIWtdLwOZa8M48U6jU$Jidbd1lsqSdeTNrQgcnL+w==
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare
priority: u=1,i

GET
H3 200 aSF1HWkDHx7.css
static.xx.fbcdn.net/rsrc.php/v5/yA/l/0,cross/ Frame 3AA6 232 B
378 B 141ms
25ms Stylesheet
text/css 57.144.180.128
Facebook

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v5/yA/l/0,cross/aSF1HWkDHx7.css

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.180.128 New York, United States, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

xx-fbcdn-shv-03-lga3.fbcdn.net

Software

Resource Hash

30f1570e0bca7ac216d47126b186e268719195f4967fb017d8cae01004a07c03

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
sec-ch-ua-platform: "Linux"
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-md5: mxrgSWsB/7u6Nw5IFanwKg==
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 14 Apr 2027 22:53:35 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: TiGYYohKmHZpv+ChgpcJ0T8KCKtv0ZtqX+0EV4ZwSsFpDNjhI7Hnkp4yHcBidVnTH4mMuBWR/cXB8l2OVQXm3w==
priority: u=0
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=23, mss=1232, tbw=5055, tp=10, tpl=0, uplat=0, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 232
origin-agent-cluster: ?1

GET
H3 200 yPnE3me-9-0.css
static.xx.fbcdn.net/rsrc.php/v5/yb/l/0,cross/ Frame 3AA6 659 B
480 B 143ms
26ms Stylesheet
text/css 57.144.180.128
Facebook

General

Check archive.org

Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v5/yb/l/0,cross/yPnE3me-9-0.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.180.128 New York, United States, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

xx-fbcdn-shv-03-lga3.fbcdn.net

Software

Resource Hash

afc222aabf430f1be68418c8a2b29e3423d64530dbcd9032ab9b1c5d49f67b36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
sec-ch-ua-platform: "Linux"
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-md5: WW6Ma/wB+QbCthQNgKAgSQ==
content-encoding: zstd
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Thu, 08 Apr 2027 23:36:38 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
x-fb-debug: 13dtynVh/iDPkqdItvT2K6yEd7LZu2QsMR2QQKIGlY4mZO2nU7N9nt+JX4VFkh5qzgN7bxUqKfR9fkwQR3N99w==
priority: u=0
vary: Origin
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=23, mss=1232, tbw=6799, tp=13, tpl=0, uplat=0, ullat=-1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top, include-js-call-stacks-in-crash-reports
access-control-allow-origin: https://www.facebook.com
content-length: 338
origin-agent-cluster: ?1

POST
H2 204 exd
api.btloader.com/ 0
0 214ms
48ms Fetch 130.211.23.194
Google LLC

General

Check archive.org

Download Go to

Full URL: https://api.btloader.com/exd?tid=BmvXGD7Q-AxCnu7kMr-9d99b9946e&sid=ZKioY3vyun-r2CU7H18A3-9d99b9946e&cv=2.1.186-5-gb7ec539&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

via: 1.1 google
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:09 GMT
vary: Origin

GET
H3 200 columbus.js Show response
www.ezojs.com/detroitchicago/ 33 KB
15 KB 60ms
59ms Script
application/javascript 172.67.170.144
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://www.ezojs.com/detroitchicago/columbus.js
Requested by: Host: www.ezojs.com
URL: https://www.ezojs.com/ezoic/sa.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5f3b0b14d09909398ca69f59408911181d25700a0dd9203fd20417d968747cc

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: gzip
cf-cache-status: BYPASS
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=m4L5fgqGert1%2BXpqO5btoX0k4e6fEr0ZXXBYyJGFUuUXdLvb2J%2FM32TfSGrnioMxJen%2BFh%2B1i8M6wK0i6DgAuk7jg%2ByOkrIYuobQfL0XNlRMU0mLiJCaS8V9eUjMR48Y"}]}
cf-ray: 9ed8ba290af0aae0-YYZ
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:09 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare
priority: u=3,i=?0

POST
H2 200 saa.go Show response
g.ezoic.net/ 27 KB
8 KB 188ms
36ms XHR
text/javascript 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/saa.go
Requested by: Host: www.ezojs.com
URL: https://www.ezojs.com/ezoic/sa.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: edd680c9b54bb3b32fc33c190a61bee45ae32830556682300465f0aaddf86e38

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex
access-control-max-age: 1728000
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-encoding: br
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, OPTIONS
expires: Thu, 16 Apr 2026 04:36:09 GMT
access-control-allow-origin: https://www.mediafire.com
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: text/javascript
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-headers: Content-Type

OPTIONS
H2 200 ezconfig
g.ezoic.net/detroitchicago/ Frame 0
0 90ms
24ms Preflight 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/detroitchicago/ezconfig
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.mediafire.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
content-length: 0
date: Fri, 17 Apr 2026 04:36:10 GMT
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers

GET
H3 200 boise.js Show response
go.ezodn.com/detroitchicago/ 860 B
969 B 58ms
23ms Script
application/javascript 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/detroitchicago/boise.js?gcb=195-16&cb=5
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c656d50263d423e681e4963066e86f087cb646cab3b440b3b082a0da28eb79ea

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: br
cf-cache-status: HIT
age: 432540
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=skFSEUNdi%2FBDZ%2FZCQgpNsbw6h14dTUE5ZyEZk1iidQ5D%2BgHDvHbL0y9ZdDyWYBRDBgDN2V8oR7nPX2QgROe0tY7deRWI7SD%2BStk5S%2FdJiIyMJDZmxs9wRfvZR%2ByR3P8%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 12 Apr 2026 04:27:09 GMT
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba2a8bffe702-YYZ
accept-ranges: bytes
content-length: 429
server: cloudflare

GET
H3 200 mulvane.js Show response
go.ezodn.com/parsonsmaize/ 1 KB
1 KB 67ms
32ms Script
application/javascript 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/parsonsmaize/mulvane.js?gcb=195-16&cb=e75e48eec0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a163c9c1e18a0fae78f3ce587d463c4aa6d39991639580d1106a9fa0774b8e8

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: br
cf-cache-status: HIT
age: 432540
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=e%2F0dZIcfVt8b4DfIVzI1xLZCddzldm0P5ijGwQoF1bVNXgNcJ0WCASV6jyPiyRaEVLcK%2FJ%2BlLce9m4Uf7kejiujXFNynwjFahcxq5PLsQaFzASYYWU7ldVesvrbkSOw%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 12 Apr 2026 04:27:09 GMT
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba2a8c00e702-YYZ
accept-ranges: bytes
content-length: 526
server: cloudflare

GET
H3 200 birmingham.js Show response
go.ezodn.com/detroitchicago/ 752 B
876 B 64ms
31ms Script
application/javascript 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/detroitchicago/birmingham.js?gcb=195-16&cb=539c47377c
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30be558393bd8b0585c806a6eaed6d6f5b51d1ca63c0113061dfe35eaa128ce3

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: br
cf-cache-status: HIT
age: 432540
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=T6fCXBGW42j3zyF2zbwINGJJQYO64gWg9asZfHi6ZmyRLLsTO3QnoEop5q4IPZ5LPaoi1z4M7NxSWSvcELA5OqBGnxXgjx5tdpu9ddG38ytMFMWPaoZbm4w%2BRSfSYVs%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 12 Apr 2026 04:27:09 GMT
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba2a8bfde702-YYZ
accept-ranges: bytes
content-length: 380
server: cloudflare

GET
H3 200 ezoicanalytics.js Show response
go.ezodn.com/ 2 KB
1 KB 58ms
24ms Script
application/javascript 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/ezoicanalytics.js?cb=1&dcb=195-16&shcb=34
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e814d50a228f54aecf40d8a58e41d48ce1dfc4376fd5fbedc28078fe0a8c5526

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: br
cf-cache-status: HIT
age: 55386
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=r9pvAWc7xBtLkPNfO2jIw30SqpHbdI7HkWHlDwHteyLd%2FSEkK1gxTDKuJLGYiiwn%2FLzGW1Bod4W2b6qu3Zz23mK2sjJRrvmU94MLahSjkiHWphN7NFg6newMbpwJuac%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 16 Apr 2026 13:13:03 GMT
priority: u=3,i=?0
cache-control: public, max-age=86400
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba2a8bfee702-YYZ
server: cloudflare

GET
H3 200 identity.js Show response
www.ezojs.com/ 359 KB
101 KB 27ms
26ms Script
application/javascript 172.67.170.144
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://www.ezojs.com/identity.js
Requested by: Host: www.ezojs.com
URL: https://www.ezojs.com/ezoic/sa.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b44cf0d9d68af7eef9acf68208ff991b1e06fc5411e36b1ae80af94f06aa388

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: gzip
cf-cache-status: HIT
etag: W/"7f1c9c0a5e0a3fc2dc10ca02ee37db48"
age: 552
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=C4ECYJGxBeAuIaTTxlVWzsHvUCa3XXeTq0udsYV9fVN3Lsc20UHsoxxXwLccrc6t7t%2B%2F6Y0l9322vXR4G1FpAgJ%2BaUEGz9y1HWKMi0C2JuinTKes98REcvQ4PAqyrr6K"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:09 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
priority: u=3,i=?0
cache-control: public, max-age=900, stale-while-revalidate=3600
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba2a5af8aae0-YYZ
server: cloudflare

POST
H2 200 ezconfig Show response
g.ezoic.net/detroitchicago/ 92 B
124 B 37ms
33ms Fetch
application/json 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/detroitchicago/ezconfig
Requested by: Host: www.ezojs.com
URL: https://www.ezojs.com/ezoic/sa.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: 1b7c4edd444f73d828aacb88e0f35efd212c8378d07e5ff848d699adf68ba550

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: application/json
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 1728000
content-encoding: br
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
content-length: 66
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: application/json
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-headers: Content-Type

GET
H2 200 ezintegration
g.ezoic.net/ 43 B
122 B 29ms
28ms Image
image/gif 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://g.ezoic.net/ezintegration?d=www.mediafire.com&ts=1776400569747
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

expires: Thu, 16 Apr 2026 04:36:09 GMT
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-length: 43
date: Fri, 17 Apr 2026 04:36:09 GMT
x-middleton-display: integration_verify
content-type: image/gif
vary: Accept-Encoding

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
135 B 30ms
26ms Fetch
image/gif 104.20.47.80
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.7933750278729425
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.47.80 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 5
x-goog-stored-content-encoding: identity
expires: Fri, 20 Mar 2026 08:25:52 GMT
x-goog-stored-content-length: 43
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: AOCedOE4ceqfKqcxsn6FfQCul5MU3fPppaJoaSAD4zIpDi_AuCRSOF0vpherOnDkBFq5ISKOXI37mOc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9ed8ba2acdedac9f-YYZ
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 125ms
29ms Script
text/javascript 142.250.217.14
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-829541-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.217.14 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-as-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

f1a61277e3f902f50ab42015d8b07218db9b7601bb0967e54a52bfdcb4fa7e81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
age: 1801
report-to: {"group":"ascnsrsgac:225:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Fri, 17 Apr 2026 06:06:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:06:09 GMT
last-modified: Tue, 15 Jul 2025 00:44:26 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:225:0
content-length: 20802
server: Golfe2

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
110 B 29ms
27ms Fetch
image/gif 104.20.47.80
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=2&e=0.015645365181398585
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.47.80 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 5
x-goog-stored-content-encoding: identity
expires: Fri, 20 Mar 2026 08:25:52 GMT
x-goog-stored-content-length: 43
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: AOCedOE4ceqfKqcxsn6FfQCul5MU3fPppaJoaSAD4zIpDi_AuCRSOF0vpherOnDkBFq5ISKOXI37mOc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9ed8ba2b3e44ac9f-YYZ
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H3 200 favicon.ico Show response
ad.doubleclick.net/ 1 KB
129 B 65ms
64ms Fetch
image/x-icon 142.251.211.166
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.11135133508162509

Requested by

Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.211.166 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Sat, 18 Apr 2026 04:36:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Tue, 08 May 2012 13:08:06 GMT
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

GET
H2 200 m=el_main_css
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.zZZZhVqDDCw.L.W.O/am=AAA4/d=0/rs=AN8SPfpXOODejAwfpX0HXTmGDSoEuMBUiQ/ 22 KB
5 KB 116ms
34ms Stylesheet
text/css 142.250.68.195
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.zZZZhVqDDCw.L.W.O/am=AAA4/d=0/rs=AN8SPfpXOODejAwfpX0HXTmGDSoEuMBUiQ/m=el_main_css

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_US.z0UCiweHGjo.O/am=AAA4/d=1/rs=AN8SPfqNjQCo8s4EoyuoNPnC2l6OOPllXA/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.68.195 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-ax-in-f3.1e100.net

Software

sffe /

Resource Hash

0ecbd1374ebd05d9733e3230e6ccaefadbfd8907cd151221d8af6fdf881b4e09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
age: 41025
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
x-content-type-options: nosniff
expires: Fri, 16 Apr 2027 17:12:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 16 Apr 2026 17:12:25 GMT
last-modified: Thu, 09 Apr 2026 01:12:55 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="rosetta"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4160
x-xss-protection: 0
server: sffe

GET
H2 200 m=el_main Show response
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_US.z0UCiweHGjo.O/am=AAAAAQ/d=1/exm=el_conf/ed=1/rs=AN8SPfoXKONoCKxgkf32Lw1Jl5DO3d0n-Q/ 409 KB
119 KB 116ms
34ms Script
text/javascript 142.250.65.234
Google LLC

General

Check archive.org

Download Go to

Full URL

https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_US.z0UCiweHGjo.O/am=AAAAAQ/d=1/exm=el_conf/ed=1/rs=AN8SPfoXKONoCKxgkf32Lw1Jl5DO3d0n-Q/m=el_main

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_US.z0UCiweHGjo.O/am=AAA4/d=1/rs=AN8SPfqNjQCo8s4EoyuoNPnC2l6OOPllXA/m=el_conf

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

142.250.65.234 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga25s73-in-f10.1e100.net

Software

sffe /

Resource Hash

18a048cb77aaf051be401dd5e8e94a763d3372636b42ba6035ee7f306c7cabcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
age: 41025
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
x-content-type-options: nosniff
expires: Fri, 16 Apr 2027 17:12:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 16 Apr 2026 17:12:25 GMT
last-modified: Wed, 15 Apr 2026 21:19:28 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="rosetta"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
accept-ranges: bytes
access-control-allow-origin: *
content-length: 120766
x-xss-protection: 0
server: sffe

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 545 KB
177 KB 55ms
52ms Script
application/javascript 142.251.210.40
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&cx=c&gtm=4e64f1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.210.40 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

ef356daa5ef1739f8dc44870d698ce39e253262719e606e7380de4a1e6670303

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Fri, 17 Apr 2026 04:36:10 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 180732
date: Fri, 17 Apr 2026 04:36:10 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 404 0 Show response
www.mediafiredls.com/onclick/ 5 B
504 B 89ms
31ms XHR
text/plain 104.26.3.173
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://www.mediafiredls.com/onclick/0

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.173 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6c094bc0054f9cbe34102ff49f86b3928b5ac09f3d2ac87e170d0500675921f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gP8ibnTSvluaXIu9sOMWQTplQ9uuqU5vlFTA7pb368bAekABopButZzbIOPjzZFCSRWU%2FVe7OUdkOXQ3Dg0q8M3RWfb5osvTf1Ze%2BLLQerRdLSOuQENGTGLZ9d5vczedDSQhIgsT"}]}
referrer-policy: same-origin
cf-ray: 9ed8ba2c5b7339f9-YYZ
expires: Thu, 01 Jan 1970 00:00:01 GMT
access-control-allow-origin: *
content-length: 5
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: text/plain
server: cloudflare
x-frame-options: SAMEORIGIN

POST
H2 200 analytics Show response
g.ezoic.net/ezais/ 16 KB
5 KB 78ms
70ms Fetch
text/plain 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/ezais/analytics?cb=1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/ezoicanalytics.js?cb=1&dcb=195-16&shcb=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: 027724609ee248cb8dac952e11a51cdff1019a63d54f71e40637dce834ebe4f2

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex
access-control-max-age: 1728000
content-encoding: br
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-headers: Content-Type

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 117 KB
34 KB 121ms
22ms Script
text/javascript 172.66.169.55
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: www.ezojs.com
URL: https://www.ezojs.com/identity.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.169.55 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

18120a6bee05cd823d5f4ab0c52006863a059a5d6c535c790a31bdd2ee8c45e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-amz-id-2: PTA7ygZ2brrCU2y2coR5ul4WDFG/ZotMC8wm3hZYMc5/NTsReajLb2VWpsFwJM9WgnZsJFgDdDI=
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=3600
content-encoding: br
cf-cache-status: HIT
etag: W/"78d670c3a2facd95b81a836b6857d830"
age: 3347
x-amz-request-id: WGPAXB0MJAGSQ8RN
cf-ray: 9ed8ba2d18b75d15-YYZ
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: text/javascript;charset=utf-8
last-modified: Wed, 18 Mar 2026 12:22:23 GMT
server: cloudflare
x-amz-server-side-encryption: AES256

POST
H2 200 ezconfig Show response
g.ezoic.net/detroitchicago/ 49 B
109 B 41ms
34ms Fetch
application/json 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/detroitchicago/ezconfig
Requested by: Host: www.ezojs.com
URL: https://www.ezojs.com/identity.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: 50a63bf06dcdc62ce03de6a07d10770dc80cfa47ef2b63db1e9f6a5fbd786a7d

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: application/json
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 1728000
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
content-length: 73
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: application/json
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-headers: Content-Type

POST
H2 200 ezconfig Show response
g.ezoic.net/detroitchicago/ 29 B
60 B 67ms
61ms Fetch
application/json 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/detroitchicago/ezconfig
Requested by: Host: www.ezojs.com
URL: https://www.ezojs.com/identity.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: 893719087a8bc6dcdfabc4e1d54fd6d724953d40da2ad369f8b4fb5f689394d7

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: application/json
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 1728000
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
content-length: 29
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: application/json
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-headers: Content-Type

GET
H2 200 olathe.js Show response
g.ezoic.net/parsonsmaize/ 2 KB
900 B 35ms
30ms Script
application/javascript 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/parsonsmaize/olathe.js?gcb=195-16&cb=30
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: 8af2d4d39123c52a7c0ab7f7e4fbf96c5bfeb969ccce59ceb2bc7c96a7624f2b

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
cache-control: max-age=31536000, public
content-encoding: br
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding

GET
H2 200 et.js Show response
g.ezoic.net/porpoiseant/ 2 KB
655 B 61ms
56ms Script
application/javascript 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/porpoiseant/et.js?gcb=195-16&cb=4
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: 8fb0902cb2d17d83fa68fa9a81a2e2872675c67bac55f2aced4aa2c5540f6655

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
cache-control: max-age=31536000, public
content-encoding: br
content-length: 624
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding

GET
H2 200 reno.js Show response
g.ezoic.net/detroitchicago/ 2 KB
813 B 32ms
28ms Script
application/javascript 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/detroitchicago/reno.js?gcb=195-16&cb=884ac9c377
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: 2c2f674aed7fb892dee235de0b6c230986bb0acc3a19ffee15f67d136e100eea

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
cache-control: max-age=31536000, public
content-encoding: br
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding

GET
H2 200 overlandpark.js Show response
g.ezoic.net/detroitchicago/ 1 KB
522 B 32ms
29ms Script
application/javascript 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/detroitchicago/overlandpark.js?gcb=195-16&cb=301bbdaf04
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: ac5a4a0937632f257b63ebd53a656fd045529bc506cf4abb880bec8421e8eb60

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
cache-control: max-age=31536000, public
content-encoding: br
content-length: 491
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding

GET
H2 200 denver.js Show response
g.ezoic.net/detroitchicago/ 2 KB
1 KB 58ms
55ms Script
application/javascript 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/detroitchicago/denver.js?gcb=195-16&cb=4ff75c6f00
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: dc987a618ea91a37323b1432cfef45dba1292483a0d5e75e8f2cb05b45f64e4f

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
cache-control: max-age=31536000, public
content-encoding: br
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding

GET
H2 200 wichita.js Show response
g.ezoic.net/detroitchicago/ 2 KB
982 B 34ms
31ms Script
application/javascript 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/detroitchicago/wichita.js?gcb=195-16&cb=e49d8d9bca
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: b837449c7254dd5887b620b7903bb4dbafbf2424ae3eb25e7a9f3471ff105365

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
cache-control: max-age=31536000, public
content-encoding: br
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding

GET
H2 200 vitals.js Show response
g.ezoic.net/tardisrocinante/ 11 KB
4 KB 57ms
54ms Script
application/javascript 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/tardisrocinante/vitals.js?gcb=16&cb=5
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: 0a9da3cf7efd1a7499a1c888d44ab103ca6c92a9ab354e17e146384b39cead50

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
cache-control: max-age=31536000, public
content-encoding: br
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding

GET
H2 200 drake.js Show response
g.ezoic.net/beardeddragon/ 4 KB
1 KB 33ms
31ms Script
application/javascript 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/beardeddragon/drake.js?gcb=16&cb=1b0a0a9dcc
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: 5efa9c95fde0d54aba4f6fa1f1c7fd6bbb2c4185677d320a71a0bb882ec2b14a

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
cache-control: max-age=31536000, public
content-encoding: br
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding

GET
H2 200 chanute.js Show response
g.ezoic.net/parsonsmaize/ 21 KB
5 KB 55ms
53ms Script
application/javascript 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/parsonsmaize/chanute.js?a=a&cb=19&dcb=195-16&shcb=34
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: e12bc1fca47f992f263407fdc0b3d6cb30d860ab0ed5e93a662387174e597d7b

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
cache-control: max-age=31536000, public
content-encoding: br
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding

GET
H2 200 jellyfish.js Show response
g.ezoic.net/porpoiseant/ 28 KB
7 KB 56ms
55ms Script
application/javascript 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/porpoiseant/jellyfish.js?a=a&cb=21&dcb=195-16&shcb=34
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: 5f00d505a9fca8ac48eef039d9589c79fa4021637cf317b7d27a5fc6177880d9

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
cache-control: max-age=31536000, public
content-encoding: br
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding

POST
H2 200 sa.go Show response
g.ezoic.net/ 447 KB
97 KB 130ms
125ms XHR
text/javascript 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/sa.go
Requested by: Host: www.ezojs.com
URL: https://www.ezojs.com/ezoic/sa.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: 7e39e84b440072e722cfa15e68cda7f86a1e830fa9ca2c95c38479dbc4da2080

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain
sec-ch-ua-mobile: ?0

Response headers

x-ezidgraph-candidates: [{"id":"328d3003d16566f0d5ecc16d6de17f3a","sim":0.9892845153808594},{"id":"a3fe4cbf8b2b7e948c1104c05705d7df","sim":0.9628181457519531},{"id":"b3dedd70711b272dd208475e2f0a1748","sim":0.9628181457519531},{"id":"063974f37d12ddc520b17f9cd925ba65","sim":0.9576911926269531},{"id":"6799e5787929a18eafae8190b4ff5298","sim":0.9576416015625},{"id":"77a1a2db6b10bc4c625170d9ab801956","sim":0.95361328125},{"id":"b19edaaec4f9c279e2cdfecf52ee5dbb","sim":0.9518947601318359},{"id":"29f6896b2e012e7f0965030824f312eb","sim":0.9518947601318359},{"id":"7629b1ac2685df908f5e1b5e2d56a289","sim":0.9518947601318359},{"id":"9931996192c579b536173f9bf5817f73","sim":0.9493312835693359}]
access-control-max-age: 1728000
x-ezidgraph-status: ok
x-ezidgraph-latency: 8.261997ms
x-ezidgraph-producererrors: 0
content-encoding: br
x-robots-tag: noindex
x-ezidgraph-cluster: 3f960e14b55cea36b2a75a36172785c8
x-ezidgraph-producer: true
access-control-allow-methods: GET, POST, PUT, OPTIONS
expires: Thu, 16 Apr 2026 04:36:10 GMT
x-ezidgraph-signals: 18
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: text/javascript
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-headers: Content-Type
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
access-control-allow-credentials: true
x-ezidgraph-producerstream: identity-graph-observations-us-east-1-prod
x-ezidgraph-confidence: 0.00
access-control-allow-origin: https://www.mediafire.com
x-ezidgraph-diag: dynamo miss: checked 0 signals; ann ok: 10 candidates
x-ezidgraph-match: new

GET
DATA 200
OK truncated Show response
/ Frame 6F33 2 KB
2 KB Document
text/html

General

Check archive.org

Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0dcae222606cf25659d185a62f2fcd41caf42f6dd3d9dda50eda1f281e304065

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Response headers

Content-Type: text/html;charset=UTF-8

GET
H2 200 24px.svg
fonts.gstatic.com/s/i/productlogos/translate/v14/ 6 KB
4 KB 127ms
30ms Image
image/svg+xml 142.251.211.163
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.211.163 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f3.1e100.net

Software

sffe /

Resource Hash

ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
age: 136785
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 15 Apr 2027 14:36:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 15 Apr 2026 14:36:25 GMT
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3340
x-xss-protection: 0
server: sffe

GET
H2 200 googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 910 B
1 KB 33ms
31ms Image
image/png 142.250.68.195
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.68.195 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-ax-in-f3.1e100.net

Software

sffe /

Resource Hash

6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

age: 102609
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options: nosniff
expires: Fri, 16 Apr 2027 00:06:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 16 Apr 2026 00:06:01 GMT
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/png
vary: Origin
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
content-length: 910
x-xss-protection: 0
server: sffe

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 2 KB
2 KB 33ms
31ms Image
image/png 142.250.68.195
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.zZZZhVqDDCw.L.W.O/am=AAA4/d=0/rs=AN8SPfpXOODejAwfpX0HXTmGDSoEuMBUiQ/m=el_main_css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.68.195 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-ax-in-f3.1e100.net

Software

sffe /

Resource Hash

4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.zZZZhVqDDCw.L.W.O/am=AAA4/d=0/rs=AN8SPfpXOODejAwfpX0HXTmGDSoEuMBUiQ/m=el_main_css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

age: 1733
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options: nosniff
expires: Sat, 17 Apr 2027 04:07:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:07:17 GMT
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
content-length: 1842
x-xss-protection: 0
server: sffe

POST
H2 204 collect
analytics.google.com/g/ 0
0 119ms
45ms Fetch
text/plain 216.239.32.181
Google LLC

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je64f1v887485693z86304663za20gzb6304663zd6304663&_p=1776400569253&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tcfd=10000&_eu=AAAAAGA&are=1&cid=2098053478.1776400571&frm=0&pscdl=noapi&rcb=5&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B147.0.0.0%7CGoogle%2520Chrome%3B147.0.0.0%7CNot-A.Brand%3B24.0.0.0&uam=&uamb=0&uap=Linux&uapv=&uaw=0&ul=en-ca&gaf=2&_s=1&tag_exp=0~115938465~115938468~117266400~118131810&sid=1776400570&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&dt=PEAK&en=page_view&_fv=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&tfd=1864
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&cx=c&gtm=4e64f1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:196:0
report-to: {"group":"ascnsrsggc:196:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:196:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.mediafire.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:196:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
550 B 103ms
34ms Ping
text/plain 172.253.63.154
Google LLC

General

Check archive.org

Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K68XP6D85D&cid=2098053478.1776400571&gtm=45je64f1v887485693z86304663za20gzb6304663zd6304663&rcb=5&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0~115938465~115938468~117266400~118131810
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&cx=c&gtm=4e64f1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.253.63.154 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: bi-in-f154.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:164:0
report-to: {"group":"ascnsrsggc:164:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:164:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.mediafire.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:164:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 127ms
55ms Image
image/gif 142.250.65.227
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=2098053478.1776400571&gtm=45je64f1v887485693z86304663za20gzb6304663zd6304663&rcb=5&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0~115938465~115938468~117266400~118131810&z=625980384

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.227 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-bc-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 17 Apr 2026 04:36:10 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 anchorfix.js Show response
go.ezodn.com/detroitchicago/ 1 KB
1 KB 26ms
25ms Script
application/javascript 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/detroitchicago/anchorfix.js?cb=28&gcb=195-16
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c21613957786c9c45564e16f05cfe6da4d6afcd7df461d263c804b9b8fa973a2

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: br
cf-cache-status: HIT
age: 432541
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Q4nRbkdDSJG1v95jZwgNEmL9T0J1yGyeja2NOIh9APIPrYjaeVevudfTeQZaxNj%2B88lrbINnqOcK1yrir47bGjL1d2NYXxyNUOwVZVjSbTgI41sEUrUcV8RUsxKAj6w%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 12 Apr 2026 04:27:09 GMT
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba2fcc87e702-YYZ
accept-ranges: bytes
content-length: 610
server: cloudflare

GET
H3 200 sidebarwall.js Show response
go.ezodn.com/detroitchicago/ 9 KB
3 KB 30ms
29ms Script
application/javascript 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/detroitchicago/sidebarwall.js?gcb=16&cb=25
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb6c1a2d4e9a1239a7887de158b87d86ecbd7047e9ed8214f367406762730003

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: br
cf-cache-status: HIT
age: 243241
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lVPjsDKn2vG%2BynzgS8egtbiWlSE9bpmt8k9aE0sdOhG22PUrT0tEV%2BSkmBQTAkFWONdogoSIMU48Mh1l%2FQ5436UgYzfP5JsBxmGGoCndFXF15K7g%2Fr1MHZJCT0iW2IU%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 14 Apr 2026 09:02:09 GMT
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba2fdc89e702-YYZ
server: cloudflare

GET
H3 200 dall.js Show response
go.ezodn.com/hb/ 771 KB
237 KB 31ms
30ms Script
application/javascript 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153
Requested by: Host:
URL: ez-standalone.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 723b2fb21ce4fdee0c41b745c88083fce8598d8cf5e3566638f50de66f5dae44

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

server: cloudflare
cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-cache-status: HIT
age: 432541
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=TY%2BGlCYCSa8Mo%2Fn%2FEzyw610mkeLvHPFW9%2FhQIjtYwCR5ENK2cboAw8ilr21dVlTYaPr%2FuN1xI0JUo1NwuNehlp79eZ6xb8brv11%2B6m5pflYobuHuBK7cG%2BnpnL161PM%3D"}]}
cf-ray: 9ed8ba2fdc8ae702-YYZ
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:10 GMT
last-modified: Sun, 12 Apr 2026 04:27:09 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=1,i=?0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 110 KB
34 KB 110ms
51ms Script
text/javascript 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host:
URL: ez-standalone.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

8f60f7c0934d06990ee21f70fcc76027271f830211f75aa3543f7a2a958a083a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 646 / 20560 / m202604130101 / config-hash: 11342835107286533231
x-content-type-options: nosniff
expires: Fri, 17 Apr 2026 04:36:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 35163
x-xss-protection: 0
server: cafe

GET
H3 200 tuscon.js Show response
go.ezodn.com/detroitchicago/ 7 KB
2 KB 27ms
27ms Script
application/javascript 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/detroitchicago/tuscon.js?gcb=16&cb=14
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 058be5abe1f1de434034ee2f88ed2482a5ee9490b1703055ae7097874dc3e5f3

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: br
cf-cache-status: HIT
age: 432541
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=nACKtZXpGontGYGpBebTnfsrMZlcCb%2BMMjx2NytVdNlfbN6gSWhRrFumQHIW8uBCgvyv2SAa0xUTDCUciwVS0myk%2F6lVl0uDn%2BOJogUCzA55XeE9TS6X5hjEhuFH9AI%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 12 Apr 2026 04:27:09 GMT
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba2fec8be702-YYZ
server: cloudflare

GET
H3 200 kenai.js Show response
go.ezodn.com/detroitchicago/ 18 KB
6 KB 26ms
25ms Script
application/javascript 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/detroitchicago/kenai.js?gcb=16&cb=b0b2e17d03
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ada3012dc0d9c9cac355425a9c4e4956181cb00953a192730cbcc775e87a0cfa

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: br
cf-cache-status: HIT
age: 432541
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=3e0Uns%2BqnFjFV1XZd2YN%2BW6rS3D1MXgcPSHk2Pgm7BDJNdRlPr781%2FwSl1Z2x6QB0bsu0MurE5uS2zyYpxYnQPsfb1z0TdTjKNKNxxWsIswDl%2BRo6E6JG7k6scYbz9E%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 12 Apr 2026 04:27:08 GMT
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba2fec8ce702-YYZ
server: cloudflare

GET
H3 200 portland.js Show response
go.ezodn.com/detroitchicago/ 319 KB
66 KB 31ms
30ms Script
application/javascript 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/detroitchicago/portland.js?gcb=16&cb=c5db66dae8
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97136378db14f595c40fa69faab3cfe11401a33cee170ce29f3a8a6d6cabf321

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: br
cf-cache-status: HIT
age: 18836
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=yQl765%2BVsvOSfJa790%2F9snyQF%2BxkzNrZpRxn9bFUaI7%2F%2FWD4vOzziycQZlW6DleEVTYbRyDQjdoyL5oyfYY0Eg6FWU45K1qRbeFBaduH2UpWlohdCSiFAvRWmcdLkRM%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 16 Apr 2026 23:22:14 GMT
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba2fec8de702-YYZ
server: cloudflare

GET
H3 200 ezbidsystem.js Show response
go.ezodn.com/porpoiseant/ 78 KB
27 KB 28ms
28ms Script
application/javascript 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/porpoiseant/ezbidsystem.js?cb=1046
Requested by: Host:
URL: ez-standalone.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2aa6b3da3e42ba6fd0d93d12eca57d727f6ebe2c79b7d640fdc71b6b1bb861f2

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: br
cf-cache-status: HIT
age: 18532
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=xtsYI9FavjSgONl0l%2FkEsG0UBEv5K6ehUqCGOlwUyNHfeLgDOlWZ8rBoTNI345dNaFoiqHajdVPACAel36Fv7lArLYZ2F5sC98kGVT%2B%2BrYnKPsZTbu6%2BRlxKpabDj5I%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 16 Apr 2026 23:27:18 GMT
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba2fec8ee702-YYZ
server: cloudflare

GET
H3 200 ezadloadrewarded.js Show response
go.ezodn.com/porpoiseant/ 256 KB
63 KB 33ms
29ms Script
application/javascript 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/porpoiseant/ezadloadrewarded.js?cb=1046&gcb=195-16
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55b284e2bcd88bc7cfb29974016bfb9c497343327ce50b3ac95ac2d23dd710fa

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: br
cf-cache-status: HIT
age: 18520
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=twU3STFZxTkBdYw3JmQqSji4YfSDYZDl%2BLzYeI4%2BccLIceOwjGA0uIzctz1RkkyK7eJ1VDzmjbikzXTXPNjC7Uo1dykX4pr2XGopwPhG69qCVnxs8CLq0H1gNKVctWo%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 16 Apr 2026 23:27:30 GMT
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba300c90e702-YYZ
server: cloudflare

GET
H3 200 reportads.js Show response
go.ezodn.com/detroitchicago/ 6 KB
2 KB 28ms
24ms Script
application/javascript 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/detroitchicago/reportads.js?gcb=195-16&cb=8
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3db1df8e9763f3440dc8595e7b4c99ae4b2dbab0dbf1624f2da5800a5e62026e

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: br
cf-cache-status: HIT
age: 238574
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lejAMONURfltzut5a21zWtNvZKtb0s5vTGxzBTpxcnoyM3wsHTDu%2F2jAc%2FLtNfIdcT4WjDuuynUaicxOZBV8Sq7on9RLapS2tc4PXyyb1UKueHWDFNhzyUHetvCFns0%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:10 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 14 Apr 2026 10:19:56 GMT
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba300c91e702-YYZ
server: cloudflare

GET
H2 200 did-006t.min.js Show response
d-code.liadm.com/ 137 KB
47 KB 87ms
23ms Script
application/javascript 108.139.47.34
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://d-code.liadm.com/did-006t.min.js
Requested by: Host:
URL: ez-standalone.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.34 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-108-139-47-34.jfk50.r.cloudfront.net
Software: /
Resource Hash: 7152b1a8f92e12ba387acd309b9099e2832891fd848b514b284b1bb8eebabd63

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: public,max-age=86400
content-encoding: gzip
etag: W/"3a9a05c3"
age: 57320
via: 1.1 dedf8f82a63be28fe4cc799f6c4bfc08.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: JlnfFXAXei4EVT9ZzxDg-d4bluiKfVQNxjz8_d2jOIkcc9N-q7WEuA==
date: Thu, 16 Apr 2026 12:40:53 GMT
content-type: application/javascript
vary: Accept-Encoding
x-amz-cf-pop: JFK50-P1

GET
H2 200 21150.js Show response
link.rubiconproject.com/magnite/ 1 KB
855 B 96ms
28ms Script
text/javascript 23.208.69.135
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://link.rubiconproject.com/magnite/21150.js
Requested by: Host:
URL: ez-standalone.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.208.69.135 New York, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-208-69-135.deploy.static.akamaitechnologies.com
Software: Apache/2.4.65 (Debian) PHP/8.3.24 OpenSSL/3.5.1 / PHP/8.3.24
Resource Hash: 3a9f306824d6e118cf7248a9331b18520750b67af9096c6cb7b026651b419d3b

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=66274
content-encoding: gzip
expires: Fri, 17 Apr 2026 23:00:44 GMT
content-length: 636
date: Fri, 17 Apr 2026 04:36:10 GMT
last-modified: Wed, 19 Nov 2025 14:07:59 GMT
x-powered-by: PHP/8.3.24
server: Apache/2.4.65 (Debian) PHP/8.3.24 OpenSSL/3.5.1
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding

GET
H3 200 ezoic.png
go.ezodn.com/utilcave_com/ 1 KB
2 KB 34ms
31ms Image
image/png 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://go.ezodn.com/utilcave_com/ezoic.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07a54e49f65745ec3e0c0bfec9c0005b787370f8f65476b8da936e14d9ceaaa1

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cf-cache-status: HIT
age: 540
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=p%2FnpZV0wJ7xxASlyJyRpdYzXlyPGtxmUJJSKcRyLpyyXsCB8FdFv65xEPI%2BafGHUG8eoUFhO%2FDYOQUBrpyqzwNCds48YzEB1oRA6VkONcqS5TSZglgINVE%2BntW8XV0E%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Fri, 17 Apr 2026 04:27:10 GMT
priority: u=3,i
cache-control: public, max-age=86400
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba300c92e702-YYZ
accept-ranges: bytes
content-length: 1426
server: cloudflare

GET
H3 200 ezoicbwa.png
go.ezodn.com/utilcave_com/ 1 KB
2 KB 28ms
27ms Image
image/png 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://go.ezodn.com/utilcave_com/ezoicbwa.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44b848ce1bea5ca25251a1c22058f8df660f1c8161c21ebc13a9ba55ec479d10

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cf-cache-status: HIT
age: 541
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9UQftNgQndlV4yaQjAiEkOwIbdumH%2FE1%2FVAiuiGKdKsXyxU%2FKrI9wkduKQbeJ7V1yE4IOvGKU8eVWgaCshuOi2aJ6uncUTJaBcRKcVh3jml0c8micgpEEoo8ZZZe4w8%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Fri, 17 Apr 2026 04:27:09 GMT
priority: u=3,i
cache-control: public, max-age=86400
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba302c9be702-YYZ
accept-ranges: bytes
content-length: 1331
server: cloudflare

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/ 599 KB
188 KB 29ms
28ms Script
text/javascript 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

10dd80a3759d44c207e398dda5ee8fb727dc73afa7b80f9d586229bce364cc6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 15750796878955322589
age: 69529
x-content-type-options: nosniff
expires: Fri, 16 Apr 2027 09:17:22 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Thu, 16 Apr 2026 09:17:22 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 192011
x-xss-protection: 0
server: cafe

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
135 B 25ms
24ms Fetch
image/gif 104.20.47.80
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=2&e=0.4047573631720284
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.47.80 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 6
x-goog-stored-content-encoding: identity
expires: Fri, 20 Mar 2026 08:25:52 GMT
x-goog-stored-content-length: 43
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: AOCedOE4ceqfKqcxsn6FfQCul5MU3fPppaJoaSAD4zIpDi_AuCRSOF0vpherOnDkBFq5ISKOXI37mOc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9ed8ba3269c8ac9f-YYZ
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H3 200 favicon.ico Show response
ad.doubleclick.net/ 1 KB
129 B 62ms
61ms Fetch
image/x-icon 142.251.211.166
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.6042107305580525

Requested by

Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.211.166 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Sat, 18 Apr 2026 04:36:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Tue, 08 May 2012 13:08:06 GMT
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
110 B 26ms
24ms Fetch
image/gif 104.20.47.80
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.05903481503155206
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.47.80 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 6
x-goog-stored-content-encoding: identity
expires: Fri, 20 Mar 2026 08:25:52 GMT
x-goog-stored-content-length: 43
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: AOCedOE4ceqfKqcxsn6FfQCul5MU3fPppaJoaSAD4zIpDi_AuCRSOF0vpherOnDkBFq5ISKOXI37mOc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9ed8ba3269c9ac9f-YYZ
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H2 200 dns Show response
ab.dns-finder.com/meta/ 2 B
0 0ms
0ms Fetch
text/plain 34.36.200.111
Google LLC

General

Check archive.org

Download Go to

Full URL: https://ab.dns-finder.com/meta/dns
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.36.200.111 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 111.200.36.34.bc.googleusercontent.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: private, max-age=180, stale-if-error=180, stale-while-revalidate=180
access-control-expose-headers: X-Resolver
x-resolver: default
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Fri, 17 Apr 2026 04:36:09 GMT
content-type: text/plain; charset=utf-8
vary: Origin

GET
H2 200 omaha.js Show response
g.ezoic.net/detroitchicago/ 2 KB
649 B 27ms
26ms Script
application/javascript 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/detroitchicago/omaha.js?gcb=195-16&cb=8f3688675f
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: 8952b91af1705fc7fddb2a9bcc53534d55f136755e48e957711d85b038287542

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
cache-control: max-age=31536000, public
content-encoding: br
content-length: 595
date: Fri, 17 Apr 2026 04:36:11 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding

POST
H2 200 imp.gif
g.ezoic.net/detroitchicago/ 43 B
205 B 30ms
25ms Ping
image/gif 54.85.8.229
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g.ezoic.net/detroitchicago/imp.gif
Requested by: Host:
URL: ez-standalone.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.85.8.229 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-85-8-229.compute-1.amazonaws.com
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 1728000, 1728000
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, OPTIONS, HEAD, PUT, POST, GET, OPTIONS
expires: Thu, 16 Apr 2026 04:36:11 GMT
access-control-allow-origin: https://www.mediafire.com, https://www.mediafire.com
content-length: 43
date: Fri, 17 Apr 2026 04:36:11 GMT
x-middleton-display: imp_sol
content-type: image/gif
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-headers: Content-Type, Content-Type

GET
H3 200 bsads.js Show response
ads.bidsystem.ai/ 122 KB
38 KB 114ms
57ms Script
text/javascript 104.21.3.76
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ads.bidsystem.ai/bsads.js
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/porpoiseant/ezbidsystem.js?cb=1046
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.3.76 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7b8204c7a894c083d6469a3e24b8b5213c2074a13fa8a7c2d7a2768a6b042b4

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: public, max-age=900, stale-while-revalidate=3600
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
age: 41
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=TO98AnKphthJ5JQiI6iM5gxKPdSwCJt90edhNjyafMyYc0fiUu%2BDYdkuoBRzP55kojL6Xh4NCc%2B51FpZw%2B5tIRCHpV37wbuvaFYygC5kgjn5dhciBGo1nx%2FYrk6CP7vm3pJZ"}]}
cf-ray: 9ed8ba331e43aaa4-YYZ
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 07 Apr 2026 20:59:57 GMT
server: cloudflare
priority: u=3,i=?0
vary: Origin

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 266ms
27ms Preflight
application/json 74.119.117.62
Criteo Corp.

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.mediafire.com%2F&domain=www.mediafire.com&cw=1&lsw=1&gdpr=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.62 , United States, ASN19750 (AS-CRITEO - Criteo Corp., US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.mediafire.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 17 Apr 2026 04:36:10 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 193303
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 indy.js Show response
go.ezodn.com/detroitchicago/ 359 KB
96 KB 75ms
59ms Script
application/javascript 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/detroitchicago/indy.js?cb=117&gcb=0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b44cf0d9d68af7eef9acf68208ff991b1e06fc5411e36b1ae80af94f06aa388

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: br
cf-cache-status: HIT
age: 30850
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Oa1oTldhkKtnxAEd4JLiulQZ39y%2FPg75q4WnMqiq4jyWFBTdpkEthUyf7kcBGj3I36L%2BtftNbjz8RTQCWUjC2%2BdXlz%2BjNUVdJsrrF3O7r2oBlcR1unnRl9zq5PbAjpA%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:11 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 16 Apr 2026 20:02:00 GMT
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba331cbce702-YYZ
server: cloudflare

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
2 KB 94ms
15ms Fetch
application/json 104.16.174.226
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.174.226 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e150da645ec0405d3a9015e8c93e7a53777e373fde88b0af762f4e3f1d72fb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

access-control-expose-headers: *
content-encoding: br
cf-cache-status: HIT
etag: W/"618-3inVV8Qh6E1Zb/XwqomrM3w3GA8"
age: 5717
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=1tRGm1h26446ZuQuNkWpInPbWDt9%2FzpnZEdRk%2F3YS3R9ZZ0OjBCMY7IOaau8%2Fd%2BIANZacnTsn47FTXMiB2y0%2FO%2FILtlQhuJ%2B7NRGDj56fLLI%2Bw%2FifczR16iMSNFUdWtQL9U%3D"}]}
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443"; ma=86400
x-cache: HIT, HIT
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-fra-etou8220102-FRA, cache-iad-kiad7000028-IAD
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
nel: {"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 9ed8ba338f35a28c-YUL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 811
server: cloudflare
x-jsd-version: 1.0.2764

GET
H2 200 envelope Show response
lexicon.33across.com/v1/ 1 KB
2 KB 233ms
34ms Fetch
application/json 37.19.206.161
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://lexicon.33across.com/v1/envelope?pid=0010b00002MpnPqAAJ&gdpr=0&src=pbjs&ver=10.23.0&coppa=0
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 37.19.206.161 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: unn-37-19-206-161.datapacket.com
Software: /
Resource Hash: 4b3a940833146615ba44ad24b2c0b4c2218b71f2a7e83695ae0e315de81f16c9

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

access-control-allow-origin: https://www.mediafire.com
content-length: 1528
content-type: application/json
vary: origin
access-control-allow-credentials: true

GET
H2 200 / Show response
id.a-mx.com/sync/ 66 B
468 B 292ms
51ms Fetch
application/json 169.150.236.100
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://id.a-mx.com/sync/?tagId=&ref=null&u=https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file&tl=https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file&nf=0&rt=true&v=10.23.0&av=2.0&vg=epbjs&us_privacy=null&am=null&gdpr=0&gdpr_consent=
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.236.100 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-236-100.bunnyinfra.net
Software: BunnyCDN-IL1-1070 /
Resource Hash: f5e7696103a8df60f8d32a6dffe6f9bd10e5620fd84288babdb4908b48f8a288

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

cdn-status: 200
date: Fri, 17 Apr 2026 04:36:11 GMT
cdn-cache: BYPASS
content-type: application/json
cdn-cachedat: 04/17/2026 04:36:11
cdn-requestpullcode: 200
cache-control: public, max-age=0
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-requestid: fbb554e3a1bdcbb8a795b05cf4018578
access-control-allow-credentials: true
cdn-pullzone: 5497800
cdn-proxyver: 1.50
access-control-allow-origin: https://www.mediafire.com
content-length: 66
cdn-edgestorageid: 871
server: BunnyCDN-IL1-1070
cdn-requestcountrycode: CA

GET
H2 200 fed Show response
ups.analytics.yahoo.com/ups/58713/ 2 B
263 B 358ms
105ms Fetch
application/json 69.147.82.61
Yahoo Holdings Inc.

General

Check archive.org

Download Go to

Full URL

https://ups.analytics.yahoo.com/ups/58713/fed?v=1&1p=0&gdpr=0&gdpr_consent=&us_privacy=&url=https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file&pixelId=58713

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

69.147.82.61 New York, United States, ASN14779 (YAHOO - Yahoo Holdings Inc., US),

Reverse DNS

e2.ycpi.vip.nya.yahoo.com

Software

ATS /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000
age: 0
access-control-allow-credentials: true
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
access-control-allow-origin: https://www.mediafire.com
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: application/json
vary: Origin
server: ATS

GET
H2 200 json Show response
gum.criteo.com/sid/ 359 B
1 KB 152ms
56ms Fetch
application/json 74.119.117.62
Criteo Corp.

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.mediafire.com%2F&domain=www.mediafire.com&cw=1&lsw=1&gdpr=0

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.62 , United States, ASN19750 (AS-CRITEO - Criteo Corp., US),

Reverse DNS

Software

Kestrel /

Resource Hash

55a3de3af0eafecb386aa443866879e6c3308cdce79eb8a93f9c5c7cfbab20b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: application/json
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 492185
expires: 0
access-control-allow-origin: https://www.mediafire.com
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H2 200 d9core Show response
d9.flashtalking.com/ 11 KB
11 KB 245ms
30ms Script
application/javascript 35.169.25.20
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://d9.flashtalking.com/d9core
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.169.25.20 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-169-25-20.compute-1.amazonaws.com
Software: Apache/2.4.66 (Amazon Linux) OpenSSL/3.2.2 /
Resource Hash: 0c73896bac441c0a9de3806fa771873b5623cf1176f145c0bf0c96e0b1f19810

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: private, must-revalidate, proxy-revalidate, max-age=172800
etag: 5bc31bf7d4a298e1bef9d35fce222bfc
access-control-allow-credentials: true
access-control-allow-methods: GET,POST,SERVER
access-control-allow-origin: d9.flashtalking.com
p3p: policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: application/javascript;charset=utf-8
server: Apache/2.4.66 (Amazon Linux) OpenSSL/3.2.2

GET
H2 200 pbhid Show response
id.hadron.ad.gt/api/v1/ 2 B
271 B 146ms
56ms Fetch
application/json 104.20.35.150
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://id.hadron.ad.gt/api/v1/pbhid?partner_id=524&_it=prebid&t=1&src=id&domain=www.mediafire.com&gdpr=0
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.35.150 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=604800
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
cf-ray: 9ed8ba33ecef39c6-YYZ
access-control-allow-origin: *
content-length: 2
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: application/json; charset=utf8
server: cloudflare
access-control-allow-headers: authorization,content-type

POST
H2 200 prebid Show response
id5-sync.com/api/config/ 194 B
654 B 371ms
112ms Fetch
application/json 57.129.88.52
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

57.129.88.52 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns31872154.ip-57-129-88.eu

Software

Resource Hash

446a24acf9272b37cf14bf847684201154b6648113a148f1381b7489db6294f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
p3p: CP="CAO PSA OUR"
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding

GET
H2 200 id5PrebidModule.js Show response
cdn.id5-sync.com/api/1.0/ 100 KB
29 KB 54ms
24ms Script
text/javascript 172.66.169.55
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5PrebidModule.js

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.169.55 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5adfa8fdf36805dec0395a90e3347559da75fe8fc8830c48e22c94b18f8d9753

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-amz-id-2: DjvdO2kIcf9EW17+6FVnhyU+k748nwxE4u0f4Z/G1TQSSxfnJa0D6jY2haPsvibvhEV3xIA3pdek6FjrqX+Z7NRzsHqy+MhEIY/WHF7nAR4=
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=3600
content-encoding: br
cf-cache-status: HIT
etag: W/"dc5fa4f92eff1fb575f1de07a68916ea"
age: 637
x-amz-request-id: ZNQ0ZYPT21GFV19Y
cf-ray: 9ed8ba3389f65d15-YYZ
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: text/javascript;charset=utf-8
last-modified: Wed, 18 Mar 2026 12:22:23 GMT
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 204 envelope Show response
api.rlcdn.com/api/identity/ 0
280 B 141ms
54ms Fetch 34.107.165.188
Google LLC

General

Check archive.org

Download Go to

Full URL: https://api.rlcdn.com/api/identity/envelope?pid=14067
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.165.188 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 188.165.107.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, no-store
timing-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, OPTIONS
via: 1.1 google
access-control-allow-origin: https://www.mediafire.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:11 GMT
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With

GET
H2 200 id Show response
id.crwdcntrl.net/ 75 B
829 B 295ms
62ms Fetch
application/json 3.227.87.136
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://id.crwdcntrl.net/id?gdpr_applies=false

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.227.87.136 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-3-227-87-136.compute-1.amazonaws.com

Software

Resource Hash

0c568b62c2853b008f121c7d878e555ad9ad6d23b5388dbd4651abbc2e6d40bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
cache-control: no-cache
pragma: no-cache
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.mediafire.com
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 75
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: application/json;charset=utf-8

GET
H2 204 UCookieSetPug Show response
image6.pubmatic.com/AdServer/ 0
265 B 271ms
39ms Fetch
text/html 207.65.37.181
PubMatic

General

Check archive.org

Download Go to

Full URL

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=5&p=156983&publisherId=156983&gdpr=0&gdpr_consent=&src=pbjs_uid&ver=1&coppa=0&us_privacy=&gpp=&gpp_sid=

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

207.65.37.181 , United States, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=16070400; includeSubDomains
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: https://www.mediafire.com
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: text/html; charset=UTF-8
access-control-allow-credentials: true

GET
H2 200 fpc Show response
at.teads.tv/ 56 B
489 B 201ms
32ms Fetch
text/plain 151.101.130.132
Fastly

General

Check archive.org

Download Go to

Full URL

https://at.teads.tv/fpc?analytics_tag_id=PUB_13877&tfpvi=&gdpr_consent=&gdpr_status=0&gdpr_reason=0&ccpa_consent=&sv=prebid-v1

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.132 , United States, ASN54113 (FASTLY - Fastly, Inc., US),

Reverse DNS

Software

Resource Hash

748e6bfe328ce20adfdc3bab92bb2e2684fb75e6e847355495a8149d0301717c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

x-check-cacheable: NO
x-cache: MISS
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: text/plain; charset=UTF-8
x-served-by: cache-yul1970038-YUL
x-cache-hits: 0
x-u: /fpc?analytics_tag_id=PUB_13877&tfpvi=&gdpr_consent=&gdpr_status=0&gdpr_reason=0&ccpa_consent=&sv=prebid-v1
x-b: ylOjgn7Xd9Ovs8YIkDlH51--F_at_use1_teads_tv
strict-transport-security: max-age=300
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store
x-timer: S1776400572.606222,VS0,VE17
access-control-allow-credentials: true
via: 1.1 varnish
x-ff: 86.106.90.214
accept-ranges: bytes
access-control-allow-origin: https://www.mediafire.com
content-length: 56
traffic-path: NVADC2

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
574 B 243ms
30ms Fetch
application/json 52.223.40.198
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=muno13d&fmt=json
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: adcfddfe0d2d3902a62912bf92360b3829e3c6da6677370f9e7acbbd081b88fd

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

cache-control: private
content-encoding: gzip
access-control-allow-credentials: true
expires: Sun, 17 May 2026 04:36:11 GMT
access-control-allow-origin: https://www.mediafire.com
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: application/json
vary: Origin,Accept-Encoding
server: Kestrel
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept, x-integration-type

GET bounce
id5-sync.com/ 0
0

GET
H2 200 v1 Show response
lbs.eu-1-id5-sync.com/lbs/ 54 B
162 B 349ms
112ms Fetch
application/json 57.129.32.46
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://lbs.eu-1-id5-sync.com/lbs/v1
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 57.129.32.46 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
Software: /
Resource Hash: b658b9df8f35d3c43cffd3afa4fd211124c44c76066576b1b635ee2eb885a01c

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-allow-origin: https://www.mediafire.com
content-length: 54
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: application/json
vary: Origin

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 45 B
327 B 331ms
107ms Fetch
application/json 135.125.170.28
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

135.125.170.28 , France, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns31872155.ip-135-125-170.eu

Software

Resource Hash

6a9b554d2c7d0f11b3397e47d2602a9aec5349f233fe9dc50bdbadbb14d7b572

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.mediafire.com
content-encoding: gzip
date: Fri, 17 Apr 2026 04:36:10 GMT
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
110 B 31ms
30ms Fetch
image/gif 104.20.47.80
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.8101388473352056
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.47.80 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 6
x-goog-stored-content-encoding: identity
expires: Fri, 20 Mar 2026 08:25:52 GMT
x-goog-stored-content-length: 43
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: AOCedOE4ceqfKqcxsn6FfQCul5MU3fPppaJoaSAD4zIpDi_AuCRSOF0vpherOnDkBFq5ISKOXI37mOc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9ed8ba340aabac9f-YYZ
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H2 200 script Show response
carbon-cdn.ccgateway.net/ 33 KB
8 KB 292ms
40ms Script
text/javascript 3.237.175.195
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://carbon-cdn.ccgateway.net/script?id=www.mediafire.com&parentId=0dae949f4b
Requested by: Host: link.rubiconproject.com
URL: https://link.rubiconproject.com/magnite/21150.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.237.175.195 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-237-175-195.compute-1.amazonaws.com
Software: /
Resource Hash: bac89398e03af076eb4721cdb190eb31d29f2ac96839b1961876fa1e76166fb2

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: private,max-age=900
content-encoding: gzip
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding

GET
H2 200 partnerpixels Show response
cm.g.doubleclick.net/ Frame 0B67 41 B
232 B 266ms
62ms Document
text/html 142.251.40.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://cm.g.doubleclick.net/partnerpixels?gdpr=0&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

a09179dd962df38a01440ce2e4748c37bd832fe1ac2f65ad974490a89d63d129

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 48
content-type: text/html; charset=UTF-8
date: Fri, 17 Apr 2026 04:36:12 GMT
referrer-policy: origin
server: HTTP server (unknown)
x-xss-protection: 0

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 237ms
27ms Script
application/javascript 34.102.146.192
Google LLC

General

Check archive.org

Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
etag: "df5542b88bc0e368c6999754a5b9e2ba"
age: 662738
x-goog-stored-content-encoding: gzip
expires: Fri, 09 Apr 2027 12:30:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 7927
date: Thu, 09 Apr 2026 12:30:34 GMT
last-modified: Thu, 27 May 2021 18:30:51 GMT
content-type: application/javascript
x-guploader-uploadid: AMNfjG3g4dv_OnUsQU1TVKPYO9QimKBtBxVj4mVjDUTAo49ErqjLi_2ctNqOgPuJeYW6TCRJEZNItVk
cache-control: no-transform
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
x-goog-generation: 1622140251693895
content-length: 7927
server: UploadServer

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 44 KB
13 KB 238ms
29ms Script
text/javascript 108.138.128.28
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.28 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-108-138-128-28.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 76e57bab4a503278f256efb32c9460e1c74d44686284af8da68e09e58bbd1676

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

vary: Accept-Encoding
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"068ab67b69f881a4fd34051254e2b2e6"
age: 63257
via: 1.1 c3e66686bc7ab6e675ee9210e15097b6.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: ImtMGFGKb3lBiW74HNldlImdZ0aeanGfgCd5k0CRq1Fqz_zr0uXkEQ==
date: Thu, 16 Apr 2026 11:01:55 GMT
content-type: text/javascript
last-modified: Tue, 10 Feb 2026 20:18:53 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P4
x-amz-server-side-encryption: AES256

GET
H3 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 382 B
965 B 212ms
32ms Script
application/javascript 104.16.174.226
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.174.226 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b9ae1fa0d1fc51ee0ad3feb565083bee200289c71bb346020f9b3d80cf73636

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-expose-headers: *
content-encoding: br
cf-cache-status: HIT
etag: W/"17e-goBKDsAq4SrgyL37A4bNh/aMb7I"
age: 27848
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Q4HD4DKHj20C1E7BK9OVV246GI29pLTWT9EXwRtY5SeofipdHM4zS51UVSRge8iLjgTrayggaf5qXsWl4aaNdCxi7V63EQZ0MrTjxmtkfpFhbq9jfgLvA1pFGLH77SK%2F0Io%3D"}]}
x-content-type-options: nosniff
x-jsd-version-type: branch
alt-svc: h3=":443"; ma=86400
x-cache: HIT, HIT
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230081-FRA, cache-chi-klot8100132-CHI
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
nel: {"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 9ed8ba371c8ea257-YUL
accept-ranges: bytes
access-control-allow-origin: *
content-length: 237
server: cloudflare
x-jsd-version: master

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
15 KB 243ms
37ms Script
text/javascript 74.119.117.47
Criteo Corp.

General

Check archive.org

Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.47 , United States, ASN19750 (AS-CRITEO - Criteo Corp., US),

Reverse DNS

Software

Kestrel /

Resource Hash

f278fb9b67f3b8713869dce4b3bb6783cf7a75219167e5c3196a5f026ad8989c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: public, max-age=86400
timing-allow-origin: *
content-encoding: br
x-criteo-endpoint-version: none
cross-origin-resource-policy: cross-origin
expires: Sat, 18 Apr 2026 04:36:12 GMT
x-criteo-endpoint-controller: DynamicPublisherTag
access-control-allow-origin: *
x-criteo-endpoint-action: GetPublisherTag
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: text/javascript
vary: x-geo-country, Accept-Encoding
server: Kestrel

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 3 KB
3 KB 338ms
133ms Script
text/javascript 34.96.70.87
Google LLC

General

Check archive.org

Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

etag: 861bdaf24bda5c0db45c6ebe1c94a9eb
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2729
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 05 Feb 2025 14:45:21 GMT
server: Google Frontend
x-cloud-trace-context: aacb65458a98445c63500cd0dfe5825a

GET
H2 200 connectId-gpt.js Show response
connectid.analytics.yahoo.com/ 9 KB
9 KB 236ms
29ms Script
application/javascript 108.138.128.120
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://connectid.analytics.yahoo.com/connectId-gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.128.120 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-108-138-128-120.jfk50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

56351c084d8d56437d41f1e58b7eb184b563871e88bab60f6b15486c39f13996

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

etag: "faa388a163b1b6d0377ee77a861591e5"
age: 1298
x-cache: Hit from cloudfront
x-amz-cf-id: nq2v2_4s6QECYDYUlyqjuW8X5uMDiKlyboeWFYvtTOgDkXb7puDJ3Q==
date: Fri, 17 Apr 2026 04:14:35 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 18:18:45 GMT
x-amz-expiration: expiry-date="Mon, 23 Apr 2029 00:00:00 GMT", rule-id="webapp-standard-lifecycle"
content-security-policy: default-src 'self'
cache-control: max-age=3600
via: 1.1 aca1d51e5686fc1a0d5fa390744b2014.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 8729
x-amz-cf-pop: JFK50-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 983 B
526 B 407ms
406ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=4000310093268211&eid=31097658&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=1&didk=46178465&dids=div-gpt-ad-mediafire_com-medre&adfs=449556708&sfv=1-0-45&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1776400571850&lmt=1776400571&adxs=52&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&psz=748x-1&msz=748x-1&fws=1536&ohw=0&a3p=EjQKCnB1YmNpZC5vcmcSJDdlYzE2Yzk3LTMwMTQtNGRjMS05NjBjLTRmMzg0YjYzOTQ2MlgBEhwKDWNyd2RjbnRybC5uZXQYsbvmzdkzSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLG75s3ZM0gAUgIIZBIUCgVvcGVueBixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGLG75s3ZM0gAUgIIZBIXCghydGJob3VzZRixu-bN2TNIAFICCGQ.&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D4292502663960386%26eid%3D4292502663960386%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-medrectangle-2%26tap%3Dmediafire_com-medrectangle-2-4292502663960386%26eb_br%3D527e52c10635ac8136a4c84094ee49a8%26eba%3D0%26bv%3D12%26bvm%3D0%26bvr%3D2%26avc%3D35%26evc%3D38%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D70%26br2%3D36%26ezoic%3D1%26nmau%3D2%26mau%3D0%26stl%3D157%2C14%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A5%26reqt%3D1776400571764&adks=1630800042&frm=20&eoidce=1&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

5ca82ef7d68488178f9bdc684b81c698829d38096194afea7dde018f322658fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 495
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 861 B
418 B 406ms
405ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=4207311957326049&eid=31097658&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=2&didk=219167732&dids=div-gpt-ad-mediafire_com-medre&adfs=3572068966&sfv=1-0-45&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1776400571869&lmt=1776400571&adxs=820&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&psz=748x-1&msz=748x-1&fws=1536&ohw=0&a3p=EjQKCnB1YmNpZC5vcmcSJDdlYzE2Yzk3LTMwMTQtNGRjMS05NjBjLTRmMzg0YjYzOTQ2MlgBEhwKDWNyd2RjbnRybC5uZXQYsbvmzdkzSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLG75s3ZM0gAUgIIZBIUCgVvcGVueBixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGLG75s3ZM0gAUgIIZBIXCghydGJob3VzZRixu-bN2TNIAFICCGQ.&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D4292502663960386%26eid%3D4292502663960386%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-medrectangle-2%26tap%3Dmediafire_com-medrectangle-2-4292502663960386%26eb_br%3D527e52c10635ac8136a4c84094ee49a8%26eba%3D0%26bv%3D12%26bvm%3D0%26bvr%3D2%26avc%3D35%26evc%3D38%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D70%26br2%3D36%26ezoic%3D1%26nmau%3D2%26mau%3D1%26stl%3D157%2C14%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Dadap%253A1%2Crc%253A6%26reqt%3D1776400571773&adks=1277576459&frm=20&eoidce=1&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

60972426541d4f54beb5b68cd40437dbe423321b6468d71a560e6d3ace4db7af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 387
x-xss-protection: 0
server: cafe

GET
H3 200 container.html Show response
17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame 6513 7 KB
3 KB 259ms
60ms Document
text/html 142.251.40.225
Google LLC

General

Check archive.org

Download Go to

Full URL

https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.225 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f1.1e100.net

Software

sffe /

Resource Hash

f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 3121
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Apr 2026 04:36:12 GMT
expires: Fri, 17 Apr 2026 04:36:12 GMT
last-modified: Thu, 08 May 2025 23:15:48 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
112 B 32ms
32ms Fetch
image/gif 104.20.47.80
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=2&e=0.9908470366006062
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.47.80 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 7
x-goog-stored-content-encoding: identity
expires: Fri, 20 Mar 2026 08:25:52 GMT
x-goog-stored-content-length: 43
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: AOCedOE4ceqfKqcxsn6FfQCul5MU3fPppaJoaSAD4zIpDi_AuCRSOF0vpherOnDkBFq5ISKOXI37mOc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9ed8ba36bc0cac9f-YYZ
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

POST
H3 204 serve Show response
ads.bidsystem.ai/v1/ 0
522 B 72ms
71ms XHR
text/plain 104.21.3.76
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ads.bidsystem.ai/v1/serve
Requested by: Host: ads.bidsystem.ai
URL: https://ads.bidsystem.ai/bsads.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.3.76 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain
sec-ch-ua-mobile: ?0

Response headers

nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=G4nDl%2B7XL%2FZ35WKzhEywD90CPxiK6rfmDxNVGjYHsutHERJ4TwJu2Ne%2FeycdqYGicYWw4kzwLthxH5IfC46Hl6oiZtJxEHH1zHjIILRYlsgrEP0UwBG5HKDslLyaoj8EOgwJ"}]}
cf-ray: 9ed8ba36de65aaa4-YYZ
access-control-allow-origin: https://www.mediafire.com
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:12 GMT
vary: Origin, Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 852 B
409 B 341ms
340ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=722531560415827&eid=31097658&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=3&didk=1697938527&dids=div-gpt-ad-mediafire_com-box-2&adfs=2211965457&sfv=1-0-45&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1776400571976&lmt=1776400571&adxs=1752&adys=10&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&a3p=EjQKCnB1YmNpZC5vcmcSJDdlYzE2Yzk3LTMwMTQtNGRjMS05NjBjLTRmMzg0YjYzOTQ2MlgBEhwKDWNyd2RjbnRybC5uZXQYsbvmzdkzSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLG75s3ZM0gAUgIIZBIUCgVvcGVueBixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGLG75s3ZM0gAUgIIZBIXCghydGJob3VzZRixu-bN2TNIAFICCGQ.&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D4419728283946443%26eid%3D4419728283946443%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1103%26sap%3D1103%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-box-2%26tap%3Dmediafire_com-box-2-4419728283946443%26eb_br%3Db355e9227b551c119a30a68852723b62%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D119%26evc%3D46%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D90%26br2%3D46%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D157%2C168%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A2%26reqt%3D1776400571965&adks=3106951849&frm=20&eoidce=1&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

0f9111dbdf3922713a51efe5a1c850a1fc992e94e2bbfa0167423d3c7bfc7d3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 378
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 854 B
414 B 315ms
314ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=1204830869641073&eid=31097658&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-edge-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600&fluid=height&ifi=4&didk=2994273263&dids=div-gpt-ad-mediafire_com-edge-&adfs=3529162101&sfv=1-0-45&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1776400571996&lmt=1776400571&adxs=0&adys=300&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&a3p=EjQKCnB1YmNpZC5vcmcSJDdlYzE2Yzk3LTMwMTQtNGRjMS05NjBjLTRmMzg0YjYzOTQ2MlgBEhwKDWNyd2RjbnRybC5uZXQYsbvmzdkzSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLG75s3ZM0gAUgIIZBIUCgVvcGVueBixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGLG75s3ZM0gAUgIIZBIXCghydGJob3VzZRixu-bN2TNIAFICCGQ.&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D7339931535986757%26eid%3D7339931535986757%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D38%26al%3D1038%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-edge-1%26tap%3Dmediafire_com-edge-1-7339931535986757%26eb_br%3D3ba982fc4238dd4197b1d51b345478dc%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D69%26evc%3D25%26shp%3D2%26ftsn%3D12%26ftsng%3D12%26br1%3D50%26br2%3D24%26ezoic%3D1%26nmau%3D0%26mau%3D0%26sticky%3D1%26stl%3D78%2C168%2C0%2C0%2C0%2C131%2C132%2C0%2C0%2C0%2C187%2C0%2C901%2C182%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A3%26reqt%3D1776400571987&adks=3527628052&frm=20&eoidce=1&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

ecf8b89b41bdd93302bdf280bd426fbf3776b75a37ff49ed135108616eebbc8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 383
x-xss-protection: 0
server: cafe

POST
H3 204 serve Show response
ads.bidsystem.ai/v1/ 0
522 B 59ms
56ms XHR
text/plain 104.21.3.76
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ads.bidsystem.ai/v1/serve
Requested by: Host: ads.bidsystem.ai
URL: https://ads.bidsystem.ai/bsads.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.3.76 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain
sec-ch-ua-mobile: ?0

Response headers

nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rg4Zt5X9F%2Fy7i2xu3xhSBJFegDavA%2B03GkGU6VlwlImY%2FUgJfn7bqqh89dkq6IVnzcPITXanfBf7myIf7Y95GTb7LqRR7z2sXGj0Dj2AJAKBqhibAmfIDz%2B1U2qb2DLA3f9p"}]}
cf-ray: 9ed8ba371e68aaa4-YYZ
access-control-allow-origin: https://www.mediafire.com
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:12 GMT
vary: Origin, Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 862 B
422 B 303ms
295ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=4412468835866092&eid=31097658&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ifi=5&didk=46179496&dids=div-gpt-ad-mediafire_com-medre&adfs=1911771697&sfv=1-0-45&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1776400572017&lmt=1776400572&adxs=1520&adys=120&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&a3p=EjQKCnB1YmNpZC5vcmcSJDdlYzE2Yzk3LTMwMTQtNGRjMS05NjBjLTRmMzg0YjYzOTQ2MlgBEhwKDWNyd2RjbnRybC5uZXQYsbvmzdkzSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLG75s3ZM0gAUgIIZBIUCgVvcGVueBixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGLG75s3ZM0gAUgIIZBIXCghydGJob3VzZRixu-bN2TNIAFICCGQ.&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D3465146341930430%26eid%3D3465146341930430%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1104%26sap%3D1104%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-medrectangle-3%26tap%3Dmediafire_com-medrectangle-3-3465146341930430%26eb_br%3D527e52c10635ac8136a4c84094ee49a8%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D81%26evc%3D59%26shp%3D3%26ftsn%3D12%26ftsng%3D12%26br1%3D70%26br2%3D34%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D157%2C131%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A7%26reqt%3D1776400572009&adks=4079446691&frm=20&eoidce=1&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

50168f949215d63b97c03cc17642ad4f09faadf84d596d313c7c50d16e7f524e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 391
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 862 B
420 B 310ms
307ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=3237572620706476&eid=31097658&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-medrectangle-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280%7C300x250&ifi=6&didk=46192883&dids=div-gpt-ad-mediafire_com-medre&adfs=1749122204&sfv=1-0-45&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1776400572029&lmt=1776400572&adxs=1520&adys=420&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&a3p=EjQKCnB1YmNpZC5vcmcSJDdlYzE2Yzk3LTMwMTQtNGRjMS05NjBjLTRmMzg0YjYzOTQ2MlgBEhwKDWNyd2RjbnRybC5uZXQYsbvmzdkzSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLG75s3ZM0gAUgIIZBIUCgVvcGVueBixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGLG75s3ZM0gAUgIIZBIXCghydGJob3VzZRixu-bN2TNIAFICCGQ.&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D537711155940580%26eid%3D537711155940580%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1105%26sap%3D1105%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D22%26al%3D1022%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-medrectangle-4%26tap%3Dmediafire_com-medrectangle-4-537711155940580%26eb_br%3Da7a863b24978e69c4cdbb5a49be70d5e%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D77%26evc%3D33%26shp%3D3%26ftsn%3D12%26ftsng%3D12%26br1%3D34%26br2%3D16%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D79%2C131%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A8%26reqt%3D1776400572023&adks=1277606936&frm=20&eoidce=1&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

b4d2883e87f3b4566974ade5298a8103592b3d062e0383080ff4e28fd3e34a83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 389
x-xss-protection: 0
server: cafe

GET
H3 200 favicon.ico Show response
ad.doubleclick.net/ 1 KB
129 B 67ms
64ms Fetch
image/x-icon 142.251.211.166
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.5119161393312676

Requested by

Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.211.166 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Sat, 18 Apr 2026 04:36:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Tue, 08 May 2012 13:08:06 GMT
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 855 B
410 B 325ms
324ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=1766091437043557&eid=31097658&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-banner-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=7&didk=417644066&dids=div-gpt-ad-mediafire_com-banne&adfs=4128408292&sfv=1-0-45&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1776400572043&lmt=1776400572&adxs=1636&adys=1500&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&a3p=EjQKCnB1YmNpZC5vcmcSJDdlYzE2Yzk3LTMwMTQtNGRjMS05NjBjLTRmMzg0YjYzOTQ2MlgBEhwKDWNyd2RjbnRybC5uZXQYsbvmzdkzSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGLG75s3ZM0gAUgIIZBIUCgVvcGVueBixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGLG75s3ZM0gAUgIIZBIXCghydGJob3VzZRixu-bN2TNIAFICCGQ.&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D7447672567989851%26eid%3D7447672567989851%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1107%26sap%3D1107%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D30%26al%3D1030%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-banner-1%26tap%3Dmediafire_com-banner-1-7447672567989851%26eb_br%3D54d0fa6d5f6aabe7623cb24faa42a441%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D43%26evc%3D29%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D30%26br2%3D14%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D157%2C168%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A1%26reqt%3D1776400572037&adks=3665333008&frm=20&eoidce=1&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

3f60cc3cd83ee800209fd4d2a31b8bb8d0425d5e3e20b64fc47b14e1e7f4b7ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 379
x-xss-protection: 0
server: cafe

POST v3
id5-sync.com/gm/ 0
0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 854 B
414 B 291ms
290ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=1845091800282284&eid=31097658&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-edge-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600&fluid=height&ifi=8&didk=2994425013&dids=div-gpt-ad-mediafire_com-edge-&adfs=3808772870&sfv=1-0-45&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1776400572101&lmt=1776400572&adxs=1440&adys=300&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&a3p=EpUBCgpjcml0ZW8uY29tEoQBTUg4YmtsOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNiaVV5Um14NVdHSTRlbFJZUVVkTFRsQTVkREZrV1ZSbkpUTkVKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSFAoFb3BlbngYsbvmzdkzSABSAghkEhgKCXlhaG9vLmNvbRixu-bN2TNIAFICCGQSFwoIcnRiaG91c2UYsbvmzdkzSABSAghk&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D2644705865990081%26eid%3D2644705865990081%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1102%26sap%3D1102%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D39%26al%3D1039%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-edge-2%26tap%3Dmediafire_com-edge-2-2644705865990081%26eb_br%3De66c30deca31b19eda212eeca1258584%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D30%26evc%3D25%26shp%3D2%26ftsn%3D12%26ftsng%3D12%26br1%3D24%26br2%3D12%26ezoic%3D1%26nmau%3D0%26mau%3D0%26sticky%3D1%26stl%3D78%2C168%2C0%2C0%2C0%2C131%2C132%2C0%2C0%2C0%2C187%2C0%2C901%2C182%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A4%26reqt%3D1776400572088&adks=3081006461&frm=20&eoidce=1&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

e9e3067263cb10bbec7713f5f1e83312ffe77e36764ca0594fdcb991f20af4db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 383
x-xss-protection: 0
server: cafe

POST
H2 200 lgc Show response
d9.flashtalking.com/ 103 B
538 B 59ms
58ms XHR
application/json 35.169.25.20
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://d9.flashtalking.com/lgc
Requested by: Host: d9.flashtalking.com
URL: https://d9.flashtalking.com/d9core
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.169.25.20 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-169-25-20.compute-1.amazonaws.com
Software: Apache/2.4.66 (Amazon Linux) OpenSSL/3.2.2 /
Resource Hash: 8403a18d5ce8a0eefec8599eba23167ae9cee02ab44b21ded52b146b9663e2cb

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: application/x-www-form-urlencoded
sec-ch-ua-mobile: ?0

Response headers

access-control-allow-credentials: true
access-control-allow-methods: GET,POST,SERVER
access-control-allow-origin: https://www.mediafire.com
content-length: 103
p3p: policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: application/json;charset=UTF-8
server: Apache/2.4.66 (Amazon Linux) OpenSSL/3.2.2

GET
H2 200 location Show response
privacy-location-edge.ccgateway.net/privacy/ 2 B
188 B 306ms
28ms XHR
text/plain 52.91.215.149
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://privacy-location-edge.ccgateway.net/privacy/location
Requested by: Host: carbon-cdn.ccgateway.net
URL: https://carbon-cdn.ccgateway.net/script?id=www.mediafire.com&parentId=0dae949f4b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.91.215.149 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-91-215-149.compute-1.amazonaws.com
Software: /
Resource Hash: 9170a8b2fb3234baa721bf8b3de5935d8d160f6f987215b83b07a49a403e5e74

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

access-control-allow-origin: *
content-encoding: gzip
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
access-control-allow-credentials: true

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&rid=esp&cc=1

85 B
193 B

45ms
43ms

Fetch
application/json

34.120.107.143
Google LLC

General

Check archive.org

Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&rid=esp&cc=1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 23c976fe6fc4d5f7859006ed56ac9856eee4d87905492b860e7fb502beea666f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

etag: W/"55-NgEjrlDUXt2itErkTOp/9QpspgA"
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.mediafire.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
vary: Origin

Redirect headers

location: /esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&rid=esp&cc=1
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.mediafire.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 17 Apr 2026 04:36:12 GMT
x-powered-by: Express
vary: Origin

GET
H2 200 fed Show response
ups.analytics.yahoo.com/ups/58813/ 2 B
55 B 118ms
109ms XHR
application/json 69.147.82.61
Yahoo Holdings Inc.

General

Check archive.org

Download Go to

Full URL

https://ups.analytics.yahoo.com/ups/58813/fed?gpp_sid=-1&gdpr=false&gdpr_consent=&v=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile

Requested by

Host: connectid.analytics.yahoo.com
URL: https://connectid.analytics.yahoo.com/connectId-gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

69.147.82.61 New York, United States, ASN14779 (YAHOO - Yahoo Holdings Inc., US),

Reverse DNS

e2.ycpi.vip.nya.yahoo.com

Software

ATS /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000
age: 0
access-control-allow-credentials: true
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
access-control-allow-origin: https://www.mediafire.com
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: application/json
vary: Origin
server: ATS

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 239C 12 KB
5 KB 80ms
28ms Document
text/html 74.119.117.62
Criteo Corp.

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.62 , United States, ASN19750 (AS-CRITEO - Criteo Corp., US),

Reverse DNS

Software

Kestrel /

Resource Hash

36ce068a4107077cee7072231c246281cd2a208444ed215337b5c3f4ec1b9a3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 17 Apr 2026 04:36:12 GMT
server: Kestrel
server-processing-duration-in-ticks: 1628191
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

POST v3
id5-sync.com/gm/ 0
0

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 45 B
335 B 105ms
104ms Fetch
application/json 135.125.170.28
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

135.125.170.28 , France, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns31872155.ip-135-125-170.eu

Software

Resource Hash

a03920723c972872632e31dd6052cd351e0aa0e93d06a0f7330ec74cec95d771

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.mediafire.com
content-encoding: gzip
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding

GET
H3 200 gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202604160101/ 64 KB
23 KB 74ms
72ms Other
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/dict/m202604160101/gpt

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

00cd519defdbc1ddeba378c2b76b4b626bce37f66fbf6ffce2f088a08efa21c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 6066547729234053981
age: 47033
x-content-type-options: nosniff
expires: Thu, 23 Apr 2026 15:32:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Thu, 16 Apr 2026 15:32:19 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 23344
x-xss-protection: 0
server: cafe
use-as-dictionary: match="/gampad/ads", id="m202604160101"

POST
H2 200 encrypt Show response
esp.rtbhouse.com/ 265 B
531 B 292ms
121ms Fetch
application/json 35.190.39.111
Google LLC

General

Check archive.org

Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Requested by: Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: d804c6bd7b16ae6d3ad23166e4237a9af5267c3489c26a24e6a122afe7fb9c0e

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain
sec-ch-ua-mobile: ?0

Response headers

access-control-allow-credentials: true
access-control-allow-methods: POST
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 265
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: application/json
x-cloud-trace-context: 666e73b78583f6fcd08ff7bbd27204a5
server: Google Frontend
access-control-allow-headers: X-Requested-With

POST 457.json
id5-sync.com/g/v2/ 0
0

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
133 B 31ms
29ms Fetch
image/gif 104.20.47.80
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=2&e=0.32444851674266384
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.47.80 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 7
x-goog-stored-content-encoding: identity
expires: Fri, 20 Mar 2026 08:25:52 GMT
x-goog-stored-content-length: 43
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: AOCedOE4ceqfKqcxsn6FfQCul5MU3fPppaJoaSAD4zIpDi_AuCRSOF0vpherOnDkBFq5ISKOXI37mOc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9ed8ba39fe2fac9f-YYZ
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame 239C 455 B
932 B 33ms
32ms Fetch
application/json 74.119.117.62
Criteo Corp.

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=publishertagids&domain=www.mediafire.com&sn=ChromeSyncframe&so=0&topUrl=www.mediafire.com

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.62 , United States, ASN19750 (AS-CRITEO - Criteo Corp., US),

Reverse DNS

Software

Kestrel /

Resource Hash

eae2a1b81d8d2a9516288dee4f71d3c839b2f3ae9d1c9954947a48efd9d598f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
server-processing-duration-in-ticks: 915812
expires: 0
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H3 200 sodar Show response
ep1.adtrafficquality.google/getconfig/ 17 KB
13 KB 121ms
61ms XHR
application/json 142.250.65.66
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202604130101&st=env&sjk=5484678592955730

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.66 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ax-in-f2.1e100.net

Software

cafe /

Resource Hash

e1e22e9625bfac0401d24820062fe36b5d52a35b932820a63e0c1de324b40df7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 13490
date: Fri, 17 Apr 2026 04:36:12 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

POST
H3 204 rum Show response
www.mediafire.com/cdn-cgi/ 0
197 B 21ms
20ms XHR
text/plain 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://www.mediafire.com/cdn-cgi/rum?
Requested by: Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: application/json
sec-ch-ua-mobile: ?0

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
cf-ray: 9ed8ba3a28e4a2b4-YUL
access-control-allow-origin: https://www.mediafire.com
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: text/plain
vary: Origin, accept-encoding
server: cloudflare
priority: u=1,i

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame F0F8 480 B
755 B 112ms
30ms Document
text/html 35.244.159.8
Google LLC

General

Check archive.org

Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: /
Resource Hash: 05930a798346ebdc2931fd2e7afa6998ba369946985e1660457ec6b02994d351

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0, no-cache
content-encoding: br
content-length: 365
content-type: text/html
date: Fri, 17 Apr 2026 04:36:12 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
pragma: no-cache
vary: Accept, Accept-Encoding
via: 1.1 google
x-forwarded-for: 86.106.90.214

GET
H3 200 favicon.ico Show response
ad.doubleclick.net/ 1 KB
129 B 61ms
60ms Fetch
image/x-icon 142.251.211.166
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.2817992621742933

Requested by

Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.211.166 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Sat, 18 Apr 2026 04:36:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Tue, 08 May 2012 13:08:06 GMT
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

GET
H3 200 favicon.ico
www.mediafire.com/ 11 KB
2 KB 53ms
50ms Other
image/x-icon 104.17.148.83
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://www.mediafire.com/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"62deda56-2a46"
age: 486190
access-control-allow-methods: OPTIONS, POST, GET
expires: Mon, 11 May 2026 13:33:01 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
x-mf-env: liveApi
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: image/x-icon
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
priority: u=1,i
cache-control: max-age=2592000
cf-ray: 9ed8ba3a6972a2b4-YUL
x-mf-fe: mf2
access-control-allow-origin: *
server: cloudflare

GET
H2 200 sodar2.js Show response
ep2.adtrafficquality.google/sodar/ 21 KB
8 KB 445ms
42ms Script
text/javascript 142.250.65.65
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.65 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ax-in-f1.1e100.net

Software

sffe /

Resource Hash

cb8d603426932f2666666f4bd32b3dde726161c7f7413e385d2e124e6e03039c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
etag: "1775059593017171"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Fri, 17 Apr 2026 04:36:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 7628
x-xss-protection: 0
server: sffe

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame F0F8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDtvCgQFXZLdPu8er6SrYeY&google_cver=1

43 B
136 B

40ms
33ms

Image
image/gif

35.244.159.8
Google LLC

General

Check archive.org

Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDtvCgQFXZLdPu8er6SrYeY&google_cver=1
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://google-bidout-d.openx.net/

Response headers

cache-control: private, max-age=0, no-cache
pragma: no-cache
x-forwarded-for: 86.106.90.214
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
p3p: CP="CUR ADM OUR NOR STA NID"
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: image/gif
vary: Accept

Redirect headers

cache-control: no-cache, must-revalidate
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDtvCgQFXZLdPu8er6SrYeY&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 295
date: Fri, 17 Apr 2026 04:36:12 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame F0F8 170 B
243 B 80ms
71ms Image
image/png 142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YjgxNmI5MWEtNDg2My0yOWJjLWM0OGUtYmEwZGI2MTc1ZDk1

Requested by

Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 17 Apr 2026 04:36:12 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame F0F8
Redirect Chain

https://match.adsrvr.org/track/cmf/openx?oxid=94796ad0-8114-7718-d16e-e0b47cf593f5&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072971&val=326187df-6ff0-40d7-9fac-35fab8801dae&ttd_puid=94796ad0-8114-7718-d16e-e0b47cf593f5&gdpr=0&gdpr_consent=

43 B
97 B

33ms
32ms

Image
image/gif

35.244.159.8
Google LLC

General

Check archive.org

Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072971&val=326187df-6ff0-40d7-9fac-35fab8801dae&ttd_puid=94796ad0-8114-7718-d16e-e0b47cf593f5&gdpr=0&gdpr_consent=
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://google-bidout-d.openx.net/

Response headers

cache-control: private, max-age=0, no-cache
pragma: no-cache
x-forwarded-for: 86.106.90.214
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
p3p: CP="CUR ADM OUR NOR STA NID"
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: image/gif
vary: Accept

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537072971&val=326187df-6ff0-40d7-9fac-35fab8801dae&ttd_puid=94796ad0-8114-7718-d16e-e0b47cf593f5&gdpr=0&gdpr_consent=
content-length: 335
date: Fri, 17 Apr 2026 04:36:12 GMT
server: Kestrel

GET cms
ups.analytics.yahoo.com/ups/58934/ Frame F0F8 0
0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame F0F8
Redirect Chain

https://ad.turn.com/r/cs?pid=9&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537073061&val=7830989017535051250&gdpr=0&gdpr_consent=&us_privacy=

43 B
97 B

35ms
32ms

Image
image/gif

35.244.159.8
Google LLC

General

Check archive.org

Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537073061&val=7830989017535051250&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://google-bidout-d.openx.net/

Response headers

cache-control: private, max-age=0, no-cache
pragma: no-cache
x-forwarded-for: 86.106.90.214
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
p3p: CP="CUR ADM OUR NOR STA NID"
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: image/gif
vary: Accept

Redirect headers

cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
location: https://us-u.openx.net/w/1.0/sd?id=537073061&val=7830989017535051250&gdpr=0&gdpr_consent=&us_privacy=
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
content-length: 0
pragma: no-cache
date: Fri, 17 Apr 2026 04:36:27 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 511 B
182 B 360ms
359ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=2549128638504726&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=9&didk=46178465&dids=div-gpt-ad-mediafire_com-medre&adfs=449556708&sfv=1-0-45&rcs=1&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400572785&lmt=1776400572&adxs=52&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=EpUBCgpjcml0ZW8uY29tEoQBTUg4YmtsOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNiaVV5Um14NVdHSTRlbFJZUVVkTFRsQTVkREZrV1ZSbkpUTkVKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D4292502663960386%26eid%3D4292502663960386%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-medrectangle-2%26tap%3Dmediafire_com-medrectangle-2-4292502663960386%26eb_br%3D8c5ffefb122f59a66a8b7672d4452af2%26eba%3D0%26bv%3D12%26bvm%3D0%26bvr%3D2%26avc%3D35%26evc%3D38%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D36%26br2%3D36%26ezoic%3D1%26nmau%3D2%26mau%3D0%26stl%3D157%2C14%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A5%26reqt%3D1776400572369&adks=1630800042&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

f93261a25cb2a049a6a73ab7e03b0c693fabb2a549e69b9c62943631d289b1f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 152
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 511 B
182 B 412ms
411ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=2634653525998288&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=10&didk=219167732&dids=div-gpt-ad-mediafire_com-medre&adfs=3572068966&sfv=1-0-45&rcs=1&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400572792&lmt=1776400572&adxs=820&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=EpUBCgpjcml0ZW8uY29tEoQBTUg4YmtsOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNiaVV5Um14NVdHSTRlbFJZUVVkTFRsQTVkREZrV1ZSbkpUTkVKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D4292502663960386%26eid%3D4292502663960386%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-medrectangle-2%26tap%3Dmediafire_com-medrectangle-2-4292502663960386%26eb_br%3D8c5ffefb122f59a66a8b7672d4452af2%26eba%3D0%26bv%3D12%26bvm%3D0%26bvr%3D2%26avc%3D35%26evc%3D38%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D36%26br2%3D36%26ezoic%3D1%26nmau%3D2%26mau%3D1%26stl%3D157%2C14%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Dadap%253A1%2Crc%253A6%26reqt%3D1776400572358&adks=1277576459&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

fdeb815bc5477d043a86ca053382a9c68bb8bd79e77b40d1230b954788ec6d69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 152
x-xss-protection: 0
server: cafe

POST
H2 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 264ms
62ms Fetch
image/gif 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/ping?e=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:13 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
112 B 32ms
31ms Fetch
image/gif 104.20.47.80
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=2&e=0.7247517956598005
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.47.80 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 8
x-goog-stored-content-encoding: identity
expires: Fri, 20 Mar 2026 08:25:52 GMT
x-goog-stored-content-length: 43
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: AOCedOE4ceqfKqcxsn6FfQCul5MU3fPppaJoaSAD4zIpDi_AuCRSOF0vpherOnDkBFq5ISKOXI37mOc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9ed8ba3cc85dac9f-YYZ
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 502 B
177 B 304ms
303ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=2225081352205238&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=11&didk=1697938527&dids=div-gpt-ad-mediafire_com-box-2&adfs=2211965457&sfv=1-0-45&rcs=1&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400572971&lmt=1776400572&adxs=1752&adys=10&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=EpUBCgpjcml0ZW8uY29tEoQBTUg4YmtsOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNiaVV5Um14NVdHSTRlbFJZUVVkTFRsQTVkREZrV1ZSbkpUTkVKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D4419728283946443%26eid%3D4419728283946443%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1103%26sap%3D1103%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-box-2%26tap%3Dmediafire_com-box-2-4419728283946443%26eb_br%3Dfe5b0c99ab7ba15f050582be1301303f%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D119%26evc%3D46%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D46%26br2%3D46%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D157%2C168%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A2%26reqt%3D1776400572411&adks=3106951849&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

ff14c298e24e94a8d5f0c74d2655da24799ed85c6771e368c88fa8ba6e751805

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 147
x-xss-protection: 0
server: cafe

GET
H3 200 favicon.ico Show response
ad.doubleclick.net/ 1 KB
129 B 63ms
62ms Fetch
image/x-icon 142.251.211.166
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.6396380325421782

Requested by

Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.211.166 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Sat, 18 Apr 2026 04:36:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Tue, 08 May 2012 13:08:06 GMT
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 504 B
175 B 312ms
310ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=354128184228031&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-edge-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600&fluid=height&ifi=12&didk=2994273263&dids=div-gpt-ad-mediafire_com-edge-&adfs=3529162101&sfv=1-0-45&rcs=1&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400572993&lmt=1776400572&adxs=0&adys=300&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=EpUBCgpjcml0ZW8uY29tEoQBTUg4YmtsOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNiaVV5Um14NVdHSTRlbFJZUVVkTFRsQTVkREZrV1ZSbkpUTkVKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D7339931535986757%26eid%3D7339931535986757%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D38%26al%3D1038%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-edge-1%26tap%3Dmediafire_com-edge-1-7339931535986757%26eb_br%3Dbf9a045b836005b6c23b7b0749249612%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D69%26evc%3D25%26shp%3D2%26ftsn%3D12%26ftsng%3D12%26br1%3D26%26br2%3D24%26ezoic%3D1%26nmau%3D0%26mau%3D0%26sticky%3D1%26stl%3D78%2C168%2C0%2C0%2C0%2C131%2C132%2C0%2C0%2C0%2C187%2C0%2C901%2C182%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A3%26reqt%3D1776400572401&adks=3527628052&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

e7c23a55386a8f1b364e626bd873058f55b51ef82a3a475693a49cfea4caf342

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 145
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 512 B
182 B 284ms
283ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=4446067165935302&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ifi=13&didk=46179496&dids=div-gpt-ad-mediafire_com-medre&adfs=1911771697&sfv=1-0-45&rcs=1&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400573017&lmt=1776400573&adxs=1520&adys=120&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=EpUBCgpjcml0ZW8uY29tEoQBTUg4YmtsOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNiaVV5Um14NVdHSTRlbFJZUVVkTFRsQTVkREZrV1ZSbkpUTkVKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D3465146341930430%26eid%3D3465146341930430%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1104%26sap%3D1104%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-medrectangle-3%26tap%3Dmediafire_com-medrectangle-3-3465146341930430%26eb_br%3D8c5ffefb122f59a66a8b7672d4452af2%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D81%26evc%3D59%26shp%3D3%26ftsn%3D12%26ftsng%3D12%26br1%3D36%26br2%3D34%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D157%2C131%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A7%26reqt%3D1776400572415&adks=4079446691&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

d08d4ba1a74e1ae1b522e4b6ca015f9b8e7ac5df4b4e480a63418eb08e4b6382

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 152
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 512 B
182 B 340ms
339ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=766081138793919&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-medrectangle-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280%7C300x250&ifi=14&didk=46192883&dids=div-gpt-ad-mediafire_com-medre&adfs=1749122204&sfv=1-0-45&rcs=1&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400573031&lmt=1776400573&adxs=1520&adys=420&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=EpUBCgpjcml0ZW8uY29tEoQBTUg4YmtsOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNiaVV5Um14NVdHSTRlbFJZUVVkTFRsQTVkREZrV1ZSbkpUTkVKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D537711155940580%26eid%3D537711155940580%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1105%26sap%3D1105%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D22%26al%3D1022%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-medrectangle-4%26tap%3Dmediafire_com-medrectangle-4-537711155940580%26eb_br%3D8de355ef1cf56b7da61277050d9957b1%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D77%26evc%3D33%26shp%3D3%26ftsn%3D12%26ftsng%3D12%26br1%3D18%26br2%3D16%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D79%2C131%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A8%26reqt%3D1776400572423&adks=1277606936&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

fa51a1d9896a02fa4ffcffc70acba197e10f08059e10f9830c28fdfdfeaff38c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 152
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 505 B
176 B 357ms
356ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=3489627021875242&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-banner-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=15&didk=417644066&dids=div-gpt-ad-mediafire_com-banne&adfs=4128408292&sfv=1-0-45&rcs=1&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400573046&lmt=1776400573&adxs=1636&adys=1410&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=7&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=EpUBCgpjcml0ZW8uY29tEoQBTUg4YmtsOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNiaVV5Um14NVdHSTRlbFJZUVVkTFRsQTVkREZrV1ZSbkpUTkVKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D7447672567989851%26eid%3D7447672567989851%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1107%26sap%3D1107%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D30%26al%3D1030%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-banner-1%26tap%3Dmediafire_com-banner-1-7447672567989851%26eb_br%3De29f69dd468d31a5514dc9b5587ce757%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D43%26evc%3D29%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D16%26br2%3D14%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D157%2C168%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A1%26reqt%3D1776400572431&adks=3665333008&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

0b6e77dfd0df0191698aa60ddcb2395de47b55a812e8fdd909c0e56086e98272

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 146
x-xss-protection: 0
server: cafe

GET
H2 200 runner.html Show response
ep2.adtrafficquality.google/sodar/sodar2/254/ Frame 3E08 14 KB
6 KB 359ms
33ms Document
text/html 142.250.65.65
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ep2.adtrafficquality.google/sodar/sodar2/254/runner.html

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.65 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ax-in-f1.1e100.net

Software

sffe /

Resource Hash

fe2eddeaa8adad53d570fdeeb04412a07ec65ad99b25fe5beb092dfe4fb78cc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

accept-ranges: bytes
age: 2336
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 5457
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Apr 2026 03:57:17 GMT
expires: Fri, 17 Apr 2026 04:47:17 GMT
last-modified: Wed, 01 Apr 2026 16:06:33 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 82E6 829 B
569 B 87ms
47ms Document
text/html 142.251.154.119
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.154.119 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

631f3d02d142b9c0f2b6bc580d3548e4002355f269b75e2e4b3dd6e194946aca

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0aO49J8HrWDhY57csNXSMA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-0aO49J8HrWDhY57csNXSMA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Apr 2026 04:36:13 GMT
expires: Fri, 17 Apr 2026 04:36:13 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 504 B
175 B 396ms
395ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=2202665049816158&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-edge-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600&fluid=height&ifi=16&didk=2994425013&dids=div-gpt-ad-mediafire_com-edge-&adfs=3808772870&sfv=1-0-45&rcs=1&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400573099&lmt=1776400573&adxs=1440&adys=300&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=8&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=EpUBCgpjcml0ZW8uY29tEoQBTUg4YmtsOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNiaVV5Um14NVdHSTRlbFJZUVVkTFRsQTVkREZrV1ZSbkpUTkVKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D2644705865990081%26eid%3D2644705865990081%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1102%26sap%3D1102%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D39%26al%3D1039%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-edge-2%26tap%3Dmediafire_com-edge-2-2644705865990081%26eb_br%3D14e8a85d4c42ff1db8790cbef9e33493%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D30%26evc%3D25%26shp%3D2%26ftsn%3D12%26ftsng%3D12%26br1%3D12%26br2%3D12%26ezoic%3D1%26nmau%3D0%26mau%3D0%26sticky%3D1%26stl%3D78%2C168%2C0%2C0%2C0%2C131%2C132%2C0%2C0%2C0%2C187%2C0%2C901%2C182%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A4%26reqt%3D1776400572457&adks=3081006461&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

4afb9cdae11f7fea34264145c41e663a90f689d2e393c2cd1bf84b71cf45d7d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 145
x-xss-protection: 0
server: cafe

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 82E6 0
17 B 122ms
55ms Image
image/ 142.251.210.34
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=254&li=gpt_m202604130101&jk=5484678592955730&rc=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:13 GMT
x-xss-protection: 0
content-type: image/
server: cafe

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
133 B 29ms
28ms Fetch
image/gif 104.20.47.80
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=2&e=0.8516539307754936
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.47.80 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 8
x-goog-stored-content-encoding: identity
expires: Fri, 20 Mar 2026 08:25:52 GMT
x-goog-stored-content-length: 43
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: AOCedOE4ceqfKqcxsn6FfQCul5MU3fPppaJoaSAD4zIpDi_AuCRSOF0vpherOnDkBFq5ISKOXI37mOc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9ed8ba3f79bbac9f-YYZ
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H3 200 favicon.ico Show response
ad.doubleclick.net/ 1 KB
129 B 68ms
67ms Fetch
image/x-icon 142.251.211.166
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.09648924981950402

Requested by

Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.211.166 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Sat, 18 Apr 2026 04:36:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Tue, 08 May 2012 13:08:06 GMT
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

GET
H3 200 f5QAlvtNIG4WVQkBqopU_UJKye32LJV4C0JimSvBZxA.js Show response
pagead2.googlesyndication.com/bg/ Frame 3E08 57 KB
22 KB 36ms
35ms Script
text/javascript 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/f5QAlvtNIG4WVQkBqopU_UJKye32LJV4C0JimSvBZxA.js

Requested by

Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2/254/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

sffe /

Resource Hash

7f940096fb4d206e16550901aa8a54fd424ac9edf62c95780b4262992bc16710

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://ep2.adtrafficquality.google/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
age: 194443
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
x-content-type-options: nosniff
expires: Wed, 14 Apr 2027 22:35:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 14 Apr 2026 22:35:30 GMT
last-modified: Tue, 14 Apr 2026 10:28:00 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
accept-ranges: bytes
content-length: 22294
x-xss-protection: 0
server: sffe

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 32ms
31ms Preflight
application/json 74.119.117.62
Criteo Corp.

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.mediafire.com%2F&domain=www.mediafire.com&bundle=rhZgLl9Yb2FYdmolMkZPVUpvV2ZlMkNJODZMdlg4ZjhDdXd3alB3M242RWN6MTdmWkxwSGJvc1ZiNHRKV3YzMUo0b1NGMGxsTTRucFRWeXZ3OWhKanUlMkJqcGlKM29UNmNvcUhmYk9ENiUyRiUyQjhJcXN5eEM4T0Rpc1NqN3M2alhsWlJKJTJGSDJPSFE&cw=1&pbt=1&lsw=1&gdpr=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.62 , United States, ASN19750 (AS-CRITEO - Criteo Corp., US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.mediafire.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 17 Apr 2026 04:36:12 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 199232
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 envelope Show response
lexicon.33across.com/v1/ 1 KB
2 KB 35ms
33ms Fetch
application/json 37.19.206.161
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://lexicon.33across.com/v1/envelope?pid=0010b00002MpnPqAAJ&gdpr=0&src=pbjs&ver=10.23.0&coppa=0&tp=Hq40PTf9DRk%2Bi4BgpdUYwCY2HyYi%2Bq3yN6FZQoKkYIQ%3D
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 37.19.206.161 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: unn-37-19-206-161.datapacket.com
Software: /
Resource Hash: c498ccdf7cfddcd9f57628337ae1fbe09652357633f36cec5188ed8537fab049

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

access-control-allow-origin: https://www.mediafire.com
content-length: 1528
content-type: application/json
vary: origin
access-control-allow-credentials: true

GET
H2 200 / Show response
id.a-mx.com/sync/ 66 B
467 B 56ms
54ms Fetch
application/json 169.150.236.100
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://id.a-mx.com/sync/?tagId=&ref=null&u=https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file&tl=https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file&nf=0&rt=true&v=10.23.0&av=2.0&vg=epbjs&us_privacy=null&am=null&gdpr=0&gdpr_consent=
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.236.100 Chicago, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-236-100.bunnyinfra.net
Software: BunnyCDN-IL1-1070 /
Resource Hash: 66f5f2414cabc538d6a21c407e4b118950e79d54670c860ed09b577e4114d3aa

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

cdn-status: 200
date: Fri, 17 Apr 2026 04:36:13 GMT
cdn-cache: BYPASS
content-type: application/json
cdn-cachedat: 04/17/2026 04:36:13
cdn-requestpullcode: 200
cache-control: public, max-age=0
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-requestid: f550b26f5b3b2adaace51c79a95ab8fd
access-control-allow-credentials: true
cdn-pullzone: 5497800
cdn-proxyver: 1.50
access-control-allow-origin: https://www.mediafire.com
content-length: 66
cdn-edgestorageid: 871
server: BunnyCDN-IL1-1070
cdn-requestcountrycode: CA

GET
H2 200 json Show response
gum.criteo.com/sid/ 415 B
1 KB 50ms
48ms Fetch
application/json 74.119.117.62
Criteo Corp.

General

Check archive.org

Download Go to

Full URL

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.117.62 , United States, ASN19750 (AS-CRITEO - Criteo Corp., US),

Reverse DNS

Software

Kestrel /

Resource Hash

5dbac6375a475c2313bd9250c5ee7b12186ee44917761e50eacebc7f626c0954

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: application/json
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 747880
expires: 0
access-control-allow-origin: https://www.mediafire.com
date: Fri, 17 Apr 2026 04:36:12 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H2 200 pbhid Show response
id.hadron.ad.gt/api/v1/ 2 B
0 0ms
0ms Fetch
application/json 104.20.35.150
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://id.hadron.ad.gt/api/v1/pbhid?partner_id=524&_it=prebid&t=1&src=id&domain=www.mediafire.com&gdpr=0
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.35.150 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

cache-control: max-age=604800
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
cf-ray: 9ed8ba33ecef39c6-YYZ
access-control-allow-origin: *
content-length: 2
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: application/json; charset=utf8
server: cloudflare
access-control-allow-headers: authorization,content-type

POST
H2 200 prebid Show response
id5-sync.com/api/config/ 195 B
466 B 109ms
107ms Fetch
application/json 57.129.88.52
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

57.129.88.52 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns31872154.ip-57-129-88.eu

Software

Resource Hash

aa8a5c4a92b78ce2c775274d190dafb720a44b4facce02c94e63f63c90c60a57

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.mediafire.com
content-encoding: gzip
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
access-control-allow-credentials: true

GET
H2 204 UCookieSetPug Show response
image6.pubmatic.com/AdServer/ 0
61 B 46ms
45ms Fetch
text/html 207.65.37.181
PubMatic

General

Check archive.org

Download Go to

Full URL

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=5&p=156983&publisherId=156983&gdpr=0&gdpr_consent=&src=pbjs_uid&ver=1&coppa=0&us_privacy=&gpp=&gpp_sid=

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

207.65.37.181 , United States, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=16070400; includeSubDomains
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: https://www.mediafire.com
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: text/html; charset=UTF-8
access-control-allow-credentials: true

GET
H2 200 fpc Show response
at.teads.tv/ 56 B
274 B 40ms
37ms Fetch
text/plain 151.101.130.132
Fastly

General

Check archive.org

Download Go to

Full URL

https://at.teads.tv/fpc?analytics_tag_id=PUB_13877&tfpvi=OWEzZWIxMDctZWVkYS00Mjg4LTljYmYtYzdkZTFjZTc4YTgyIy04LTY%3D&gdpr_consent=&gdpr_status=0&gdpr_reason=0&ccpa_consent=&sv=prebid-v1

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.132 , United States, ASN54113 (FASTLY - Fastly, Inc., US),

Reverse DNS

Software

Resource Hash

bf7b996825c5afa5b7b06ca9341ea47a76dfa5369e7dd6d776d0df90a71810ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

x-check-cacheable: NO
x-cache: MISS
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: text/plain; charset=UTF-8
x-served-by: cache-yul1970038-YUL
x-cache-hits: 0
x-u: /fpc?analytics_tag_id=PUB_13877&tfpvi=OWEzZWIxMDctZWVkYS00Mjg4LTljYmYtYzdkZTFjZTc4YTgyIy04LTY%3D&gdpr_consent=&gdpr_status=0&gdpr_reason=0&ccpa_consent=&sv=prebid-v1
x-b: ylOjgn7Xd9Ovs8YIkDlH51--F_at_use1_teads_tv
strict-transport-security: max-age=300
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store
x-timer: S1776400573.486935,VS0,VE19
access-control-allow-credentials: true
via: 1.1 varnish
x-ff: 86.106.90.214
accept-ranges: bytes
access-control-allow-origin: https://www.mediafire.com
content-length: 56
traffic-path: NVADC2

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
0 1ms
1ms Fetch
application/json 52.223.40.198
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=muno13d&fmt=json
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: adcfddfe0d2d3902a62912bf92360b3829e3c6da6677370f9e7acbbd081b88fd

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
content-type: text/plain
sec-ch-ua-mobile: ?0

Response headers

cache-control: private
content-encoding: gzip
access-control-allow-credentials: true
expires: Sun, 17 May 2026 04:36:11 GMT
access-control-allow-origin: https://www.mediafire.com
date: Fri, 17 Apr 2026 04:36:11 GMT
content-type: application/json
vary: Origin,Accept-Encoding
server: Kestrel
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept, x-integration-type

POST v3
id5-sync.com/gm/ 0
0

GET
H2 204 generate_204
ep2.adtrafficquality.google/ Frame 3E08 0
40 B 30ms
28ms Image
text/plain 142.250.65.65
Google LLC

General

Check archive.org

Download Go to Show image

Full URL: https://ep2.adtrafficquality.google/generate_204?O3IMfA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.65.65 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: lclgaa-ax-in-f1.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://ep2.adtrafficquality.google/sodar/sodar2/254/runner.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 17 Apr 2026 04:36:13 GMT
cross-origin-resource-policy: cross-origin

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 45 B
335 B 112ms
111ms Fetch
application/json 135.125.170.28
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?cb=195-16-153

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

135.125.170.28 , France, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns31872155.ip-135-125-170.eu

Software

Resource Hash

5c6be993959b0c8ac9f80e00d7f01fb5814e8cc5fea68957c2c745822717116e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.mediafire.com
content-encoding: gzip
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 511 B
182 B 182ms
181ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=2309120939331143&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=17&didk=46178465&dids=div-gpt-ad-mediafire_com-medre&adfs=449556708&sfv=1-0-45&rcs=2&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400573785&lmt=1776400573&adxs=52&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=Eq0BCgpjcml0ZW8uY29tEpwBM0tqTjcxOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNaVkY2VTBGSmQyaERlVE50T1RKMVFtaHdjRTQyWkZCTk5EWnNORGQ0TmpGMWN6WkZWQ1V5UmxScmRHNWpKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D4292502663960386%26eid%3D4292502663960386%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-medrectangle-2%26tap%3Dmediafire_com-medrectangle-2-4292502663960386%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D0%26bv%3D12%26bvm%3D0%26bvr%3D2%26avc%3D35%26evc%3D38%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D4%26br2%3D36%26ezoic%3D1%26nmau%3D2%26mau%3D0%26stl%3D157%2C14%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A5%26reqt%3D1776400573215&adks=1630800042&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

e8711232bd1dc0bdeddbe4643628c9abc8f58c2dc68d01d7e8ba745578a93d6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 152
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 511 B
184 B 265ms
264ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=1255618725073679&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=18&didk=219167732&dids=div-gpt-ad-mediafire_com-medre&adfs=3572068966&sfv=1-0-45&rcs=2&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400573793&lmt=1776400573&adxs=820&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=Eq0BCgpjcml0ZW8uY29tEpwBM0tqTjcxOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNaVkY2VTBGSmQyaERlVE50T1RKMVFtaHdjRTQyWkZCTk5EWnNORGQ0TmpGMWN6WkZWQ1V5UmxScmRHNWpKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D4292502663960386%26eid%3D4292502663960386%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-medrectangle-2%26tap%3Dmediafire_com-medrectangle-2-4292502663960386%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D0%26bv%3D12%26bvm%3D0%26bvr%3D2%26avc%3D35%26evc%3D38%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D4%26br2%3D36%26ezoic%3D1%26nmau%3D2%26mau%3D1%26stl%3D157%2C14%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Dadap%253A1%2Crc%253A6%26reqt%3D1776400573264&adks=1277576459&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

751ae194a89253e6061aee50333144186c10deff5c0b2ea28f9498e2d4bb6764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:14 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 154
x-xss-protection: 0
server: cafe

POST 457.json
id5-sync.com/g/v2/ 0
0

GET
H2 200 country Show response
api.btloader.com/ 37 B
153 B 47ms
45ms Fetch
application/json 130.211.23.194
Google LLC

General

Check archive.org

Download Go to

Full URL: https://api.btloader.com/country?o=5678961798414336
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: b8f0ca68362cf245f891fc09ddfa50806d195e78e196cf96ac5d9cf72be2577a

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37
date: Fri, 17 Apr 2026 04:36:13 GMT
content-type: application/json
vary: Origin

POST
H2 204 pv
api.btloader.com/ 0
0 46ms
45ms Fetch 130.211.23.194
Google LLC

General

Check archive.org

Download Go to

Full URL: https://api.btloader.com/pv?nlf=false&tid=BmvXGD7Q-AxCnu7kMr-9d99b9946e&sid=ZKioY3vyun-r2CU7H18A3-9d99b9946e&cv=2.1.186-5-gb7ec539&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

via: 1.1 google
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:13 GMT
vary: Origin

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 502 B
176 B 401ms
400ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=755860473769232&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=19&didk=1697938527&dids=div-gpt-ad-mediafire_com-box-2&adfs=2211965457&sfv=1-0-45&rcs=2&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400573973&lmt=1776400573&adxs=1752&adys=10&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=Eq0BCgpjcml0ZW8uY29tEpwBM0tqTjcxOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNaVkY2VTBGSmQyaERlVE50T1RKMVFtaHdjRTQyWkZCTk5EWnNORGQ0TmpGMWN6WkZWQ1V5UmxScmRHNWpKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D4419728283946443%26eid%3D4419728283946443%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1103%26sap%3D1103%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-box-2%26tap%3Dmediafire_com-box-2-4419728283946443%26eb_br%3Dzero%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D119%26evc%3D46%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D0%26br2%3D46%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D157%2C168%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A2%26reqt%3D1776400573352&adks=3106951849&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

958b75150b5ca49fe592bb56f99fb61bc24e37cd747b778839e7d6c71eb91661

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:14 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 146
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 504 B
175 B 292ms
289ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=12760543177912&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-edge-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600&fluid=height&ifi=20&didk=2994273263&dids=div-gpt-ad-mediafire_com-edge-&adfs=3529162101&sfv=1-0-45&rcs=2&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400573997&lmt=1776400573&adxs=0&adys=300&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=Eq0BCgpjcml0ZW8uY29tEpwBM0tqTjcxOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNaVkY2VTBGSmQyaERlVE50T1RKMVFtaHdjRTQyWkZCTk5EWnNORGQ0TmpGMWN6WkZWQ1V5UmxScmRHNWpKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D7339931535986757%26eid%3D7339931535986757%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D38%26al%3D1038%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-edge-1%26tap%3Dmediafire_com-edge-1-7339931535986757%26eb_br%3Dzero%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D69%26evc%3D25%26shp%3D2%26ftsn%3D12%26ftsng%3D12%26br1%3D0%26br2%3D24%26ezoic%3D1%26nmau%3D0%26mau%3D0%26sticky%3D1%26stl%3D78%2C168%2C0%2C0%2C0%2C131%2C132%2C0%2C0%2C0%2C187%2C0%2C901%2C182%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A3%26reqt%3D1776400573364&adks=3527628052&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

e2ab010254ed312e529c9c1ed7e7bbbd95cf2db1eec7d6f8709d6a5f0819d8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:14 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 145
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 512 B
183 B 452ms
452ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=2306332518133898&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ifi=21&didk=46179496&dids=div-gpt-ad-mediafire_com-medre&adfs=1911771697&sfv=1-0-45&rcs=2&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400574016&lmt=1776400574&adxs=1520&adys=120&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=Eq0BCgpjcml0ZW8uY29tEpwBM0tqTjcxOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNaVkY2VTBGSmQyaERlVE50T1RKMVFtaHdjRTQyWkZCTk5EWnNORGQ0TmpGMWN6WkZWQ1V5UmxScmRHNWpKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D3465146341930430%26eid%3D3465146341930430%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1104%26sap%3D1104%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-medrectangle-3%26tap%3Dmediafire_com-medrectangle-3-3465146341930430%26eb_br%3Dzero%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D81%26evc%3D59%26shp%3D3%26ftsn%3D12%26ftsng%3D12%26br1%3D0%26br2%3D34%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D157%2C131%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A7%26reqt%3D1776400573361&adks=4079446691&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

33afa4777aa10ac0d220f7cd120ab9169a5193004c4401297de5b4d9fa2c9224

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:14 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 153
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 512 B
181 B 474ms
473ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=2729763597525047&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-medrectangle-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280%7C300x250&ifi=22&didk=46192883&dids=div-gpt-ad-mediafire_com-medre&adfs=1749122204&sfv=1-0-45&rcs=2&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400574031&lmt=1776400574&adxs=1520&adys=420&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=Eq0BCgpjcml0ZW8uY29tEpwBM0tqTjcxOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNaVkY2VTBGSmQyaERlVE50T1RKMVFtaHdjRTQyWkZCTk5EWnNORGQ0TmpGMWN6WkZWQ1V5UmxScmRHNWpKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D537711155940580%26eid%3D537711155940580%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1105%26sap%3D1105%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D22%26al%3D1022%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-medrectangle-4%26tap%3Dmediafire_com-medrectangle-4-537711155940580%26eb_br%3Dzero%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D77%26evc%3D33%26shp%3D3%26ftsn%3D12%26ftsng%3D12%26br1%3D0%26br2%3D16%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D79%2C131%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A8%26reqt%3D1776400573433&adks=1277606936&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

54d0db6fb24e2bc92d9caac84d03efe976ae69c169dd661606695bf09909b72c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:14 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 151
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 505 B
175 B 294ms
293ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=3603311295552297&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-banner-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=23&didk=417644066&dids=div-gpt-ad-mediafire_com-banne&adfs=4128408292&sfv=1-0-45&rcs=2&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400574045&lmt=1776400574&adxs=1636&adys=1410&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=7&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=Eq0BCgpjcml0ZW8uY29tEpwBM0tqTjcxOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNaVkY2VTBGSmQyaERlVE50T1RKMVFtaHdjRTQyWkZCTk5EWnNORGQ0TmpGMWN6WkZWQ1V5UmxScmRHNWpKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D7447672567989851%26eid%3D7447672567989851%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1107%26sap%3D1107%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D30%26al%3D1030%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-banner-1%26tap%3Dmediafire_com-banner-1-7447672567989851%26eb_br%3Dzero%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D43%26evc%3D29%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D0%26br2%3D14%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D157%2C168%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A1%26reqt%3D1776400573483&adks=3665333008&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

f9bfb432a83aa5697d5cd4de6fe6a5f0fe0b0251e592cc8ef5f47dd074c71bed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:14 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 145
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 504 B
176 B 233ms
232ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=1389694673999028&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-edge-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600&fluid=height&ifi=24&didk=2994425013&dids=div-gpt-ad-mediafire_com-edge-&adfs=3808772870&sfv=1-0-45&rcs=2&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400574100&lmt=1776400574&adxs=1440&adys=300&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=8&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=Eq0BCgpjcml0ZW8uY29tEpwBM0tqTjcxOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNaVkY2VTBGSmQyaERlVE50T1RKMVFtaHdjRTQyWkZCTk5EWnNORGQ0TmpGMWN6WkZWQ1V5UmxScmRHNWpKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D2644705865990081%26eid%3D2644705865990081%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1102%26sap%3D1102%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D39%26al%3D1039%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-edge-2%26tap%3Dmediafire_com-edge-2-2644705865990081%26eb_br%3Dzero%26eba%3D0%26bv%3D11%26bvm%3D0%26bvr%3D1%26avc%3D30%26evc%3D25%26shp%3D2%26ftsn%3D12%26ftsng%3D12%26br1%3D0%26br2%3D12%26ezoic%3D1%26nmau%3D0%26mau%3D0%26sticky%3D1%26stl%3D78%2C168%2C0%2C0%2C0%2C131%2C132%2C0%2C0%2C0%2C187%2C0%2C901%2C182%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A4%26reqt%3D1776400573565&adks=3081006461&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

23553ef4163ba46def93b72c41faff5ec11ebc433ea5097693d1610c95746053

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -2
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:14 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 146
x-xss-protection: 0
server: cafe

GET
H3 204 sodar
ep1.adtrafficquality.google/pagead/ 0
17 B 65ms
63ms Image
image/ 142.250.65.66
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=254&t=2&li=gpt_m202604130101&jk=5484678592955730&bg=!QEOlQyHNAAY2C5OeFgs7AEcBe5WfOA2om8VVKXqfztMLBuHkq8nCGdxQGISIH7ydDCfRgbsoFd0PYYX9KqXFlp9Gdl016u2xkeINThAjRnpOkgGgD6yeKgIAAACxUgAAAAZoAQd-ADdJ75jonTDngLzYh9Y_tad_6FX9ruKqCewkZ4yUOXUDe9H0roYArPSmpkJOvj7dUPTqqvmNLriHCgBMQi7IUQxE-LeNWcX65XCb2NShPaL3mnT3Mrsaf0shmUUb06WOijzTDIR81ZUM5Nr1gCR77EA661Swk6zJmyY9kK7wF0M5YL6bxj0HnZkCZ6B-74G18oxnQq1-3FrNPBz8k66H3Rq3fGsMeN7UrnnXQDVJN800kxqQ_-rp-ZI8dPk5klr4RqR87ZB9holWxrmrKebgEEh_7500A2r351PfH-wBQhe0n4w28kS8RuDnj__FiUTcwYj1cQQ8a_TEhFgsmMSoxgA7SjmDksHYfcy1g2sfa_OCfAGjP1pSgVTNBxuFIN30r6afm7W2k4NxzmvTpR4MphHkmCWPVXUj1BI_98cQWjPVNC5un_0-UN0_RgtcH4ipSZoPXVB7DUCwU0OzwdXHBQvYJBASHXKTNLF3sgIsbPlanAhi6FG2yU1ljQr51na5PTCuNqXEyt-5gwmDWFYeNcwEU4ap4uE8_LX_SXI9sH257piAOE83fI8QpTsgXcx_hu5pe4azXniOg2G8tMSPHjAIOZAnuI89aeatTSpPXq_8L5FDppmENcnMHXRt6tQwSGf4kg8j6ek2RvRCgYs1bHYXKiqS9MnNRyhzLem4bKZLvK7ElezNC43unB3c0AWsMcMbTVNDbkVl6Snox5VAL9Uoiw7Obe0nKMFlM7YzZumC73l6g8wnsCP5ixe830dvfEabZjck3yuF_mLRGhCSYf0WpMnpwDakUbfsqBMDBowhohCsXTopKV-txBGMwzpbk3BLosLiOv4E5OC7ETBOa3yoFbvZlwKSLNXt0mGyYw6EuAUzGlIULW0zyI9l25DsTpJKthbSWblWG2xNHDTtOtdYAPbQMZVmhNcyJM9Jw8JK2u4GQxvadlsvN0Yrpmtt39Amf29g0K7bZh0IptZWKffsosIUOy57XU-DOafNYJix_w

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.66 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ax-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:14 GMT
x-xss-protection: 0
content-type: image/
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 62 KB
8 KB 266ms
266ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=1073584426571082&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=25&didk=46178465&dids=div-gpt-ad-mediafire_com-medre&adfs=449556708&sfv=1-0-45&rcs=3&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400574785&lmt=1776400574&adxs=52&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=Eq0BCgpjcml0ZW8uY29tEpwBM0tqTjcxOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNaVkY2VTBGSmQyaERlVE50T1RKMVFtaHdjRTQyWkZCTk5EWnNORGQ0TmpGMWN6WkZWQ1V5UmxScmRHNWpKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D4292502663960386%26eid%3D4292502663960386%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-medrectangle-2%26tap%3Dmediafire_com-medrectangle-2-4292502663960386%26eb_br%3Dzero%26eba%3D0%26bv%3D12%26bvm%3D0%26bvr%3D2%26avc%3D35%26evc%3D38%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D0%26br2%3D36%26ezoic%3D1%26nmau%3D2%26mau%3D0%26stl%3D157%2C14%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Drc%253A5%26reqt%3D1776400574037&adks=1630800042&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

0a13b620c6de4af3574cc21559502317bdfac82fbecb8e4d6bc69ce355dd853d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -1
observe-browsing-topics: ?1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:15 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -1
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 7766
x-xss-protection: 0
server: cafe

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 63 KB
8 KB 369ms
369ms Fetch
text/plain 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=5484678592955730&correlator=2430399127613921&eid=31097658%2C31096828&output=ldjh&gdfp_req=1&vrg=202604130101&ptt=17&impl=fif&gdpr=0&iu_parts=1254144%3A183096492%2Cmediafire_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=26&didk=219167732&dids=div-gpt-ad-mediafire_com-medre&adfs=3572068966&sfv=1-0-45&rcs=3&eri=1&sc=1&cookie=ID%3Dc25be0f0e2e669f1%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ&gpic=UID%3D00001360ece2b37b%3AT%3D1776400572%3ART%3D1776400572%3AS%3DALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ&abxe=1&dt=1776400574794&lmt=1776400574&adxs=820&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-420&dmc=32&bc=31&nvt=1&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0.&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&vis=1&aee=0&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a%2CAOrYGslXqzWxZnMwa10HhsoG5C0a&a3p=Eq0BCgpjcml0ZW8uY29tEpwBM0tqTjcxOXpVR2hzUlU1WlNsVkdTSHB0TlVjNGQxSnlSMVpNU0U4eFVrcGlORkp1YnpWVGRXMXpVVEpIY1haUE4wOU1jVGhSWWxCWWRrYzFibWhxYlhSeFRXbHNaVkY2VTBGSmQyaERlVE50T1RKMVFtaHdjRTQyWkZCTk5EWnNORGQ0TmpGMWN6WkZWQ1V5UmxScmRHNWpKVE5FWAESNgoMYWRzZXJ2ZXIub3JnEiQzMjYxODdkZi02ZmYwLTQwZDctOWZhYy0zNWZhYjg4MDFkYWVYARI0CgpwdWJjaWQub3JnEiQ3ZWMxNmM5Ny0zMDE0LTRkYzEtOTYwYy00ZjM4NGI2Mzk0NjJYARIcCg1jcndkY250cmwubmV0GLG75s3ZM0gAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRixu-bN2TNIAFICCGQSGAoJeWFob28uY29tGIS-5s3ZM0gAUgIIbxI-CgVvcGVueBIsZXlKcElqb2lVamxXVm1sVGFWUlRUeXRNZFVOb1kwZE9TMmREUVQwOUluMD0Y2MDmzdkzSAAS7gEKCHJ0YmhvdXNlEtgBR05JMnFUQW94dkhLVDQwaUs0ZXozbExva0puKy81dHM0eWx2L1RQejdjMHVyc3BuN01uTHQzcHEwREVDeFZ6bkpnU3VtWGVEdmhGMDZXMXFtK1ZtZHh0cUpmY1VkQ1NnbGVrekQ0ZWJzOCs0dlFNQittUCtaWmRhZ1lwNC90K0pMdmNRRGRHd3A3WUorRGhVZUxWRVJwSTdCVldqSGhCczgzR0gzcTloSU9VcnpIdTBYbzhMa2xqWjBIL004c1V5OVViUSt3K0dKbzFMamlKeGpyWkYzZz09GPrB5s3ZM0gA&dlt=1776400569175&idt=2486&ppid=3f960e14b55cea36b2a75a36172785c8&uule=a%20cm9sZToxIHByb2R1Y2VyOjEyIGxvYzoiSDNCLENBIg%3D%3D&prev_scp=a%3D1%26iid1%3D4292502663960386%26eid%3D4292502663960386%26t%3D134%26d%3D484470%26t1%3D134%26pvc%3D1%26adnum%3D1%26url%3Dhttps%253A%252F%252Fwww.mediafire.com%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26path%3D%252Ffile%252Fkyink5vgb4rtnsf%252FPEAK.zip%252Ffile%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26refa%3D1%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26dfpsn%3D%252F1254144%252C183096492%252Fmediafire_com-medrectangle-2%26tap%3Dmediafire_com-medrectangle-2-4292502663960386%26eb_br%3Dzero%26eba%3D0%26bv%3D12%26bvm%3D0%26bvr%3D2%26avc%3D35%26evc%3D38%26shp%3D1%26ftsn%3D12%26ftsng%3D12%26br1%3D0%26br2%3D36%26ezoic%3D1%26nmau%3D2%26mau%3D1%26stl%3D157%2C14%2C0%2C0%2C0%2C168%2C184%2C20%2C0%2C0%2C192%2C0%2C902%2C903%2C901%2C902%2C903%26osb%3DLinux%252FChrome%26dbg%3Dadap%253A1%2Crc%253A6%26reqt%3D1776400574117&adks=1277576459&frm=20&eo_id_str=ID%3D181980d16574115e%3AT%3D1776400572%3ART%3D1776400572%3AS%3DAA-AfjYiGDD-zdlWjvvAR4Q5moVA&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

9820ae75bea28bf572a4292f29b52d15a2af9c7725520d8a27afa604ae35ad9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: dcb
google-lineitem-id: -1
observe-browsing-topics: ?1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 17 Apr 2026 04:36:15 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -1
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 8384
x-xss-protection: 0
server: cafe

GET
H3 200 container.html Show response
17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame BEE0 7 KB
0 1ms
1ms Document
text/html 142.251.40.225
Google LLC

General

Check archive.org

Download Go to

Full URL

https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.225 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f1.1e100.net

Software

sffe /

Resource Hash

f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 3121
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Apr 2026 04:36:12 GMT
expires: Fri, 17 Apr 2026 04:36:12 GMT
last-modified: Thu, 08 May 2025 23:15:48 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST lcpm
go.ezodn.com/ 0
0

OPTIONS
H3 200 lcpm
go.ezodn.com/ Frame 0
0 77ms
53ms Preflight 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/lcpm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.mediafire.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 9ed8ba4a9e70178c-YYZ
content-length: 0
date: Fri, 17 Apr 2026 04:36:15 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
priority: u=1,i
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=TuRjW2xDJ1unudoZ0xd%2FfrI050r8qeaVDiFNdPaBruIyjYIog4XQYtFXca5%2BWmo1iF36yr9hURaLihTPA1%2FpA77Pf9SJmPlzRmnCOZsyrqfVFUtb%2F7EsmpcSsdv22Vk%3D"}]}
server: cloudflare
server-timing: cfExtPri
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers

POST
H2 204 collect
analytics.google.com/g/ 0
0 47ms
44ms Fetch
text/plain 216.239.32.181
Google LLC

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je64f1v887485693za20gzb6304663zd6304663&_p=1776400569253&_gaz=1&gcs=G111&gcd=13n3n3l3l5l1&npa=0&dma=0&tcfd=10000&_eu=AEIAAGQ&are=1&cid=2098053478.1776400571&frm=0&pscdl=noapi&rcb=5&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B147.0.0.0%7CGoogle%2520Chrome%3B147.0.0.0%7CNot-A.Brand%3B24.0.0.0&uam=&uamb=0&uap=Linux&uapv=&uaw=0&ul=en-ca&gaf=2&_s=2&tag_exp=0~115938465~115938468~117266400~118131810&sid=1776400570&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&dt=PEAK&en=ad_impression&ep.query_id=CNPO-umH9JMDFQiUFwcdjowc_Q&_et=4336&tfd=6207
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&cx=c&gtm=4e64f1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:196:0
report-to: {"group":"ascnsrsggc:196:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:196:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.mediafire.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:196:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:15 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 52ms
52ms Image
image/gif 142.250.65.227
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=2098053478.1776400571&gtm=45je64f1v887485693za20gzb6304663zd6304663&rcb=5&aip=1&dma=0&gcs=G111&gcd=13n3n3l3l5l1&npa=0&frm=0&tag_exp=0~115938465~115938468~117266400~118131810&z=1512850854

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.227 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-bc-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 17 Apr 2026 04:36:15 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 css
fonts.googleapis.com/ Frame BEE0 12 KB
2 KB 124ms
56ms Stylesheet
text/css 142.250.217.10
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

142.250.217.10 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-as-in-f10.1e100.net

Software

ESF /

Resource Hash

5dbf1dd60e4e6e8e3b111f600d85fd7c50214ad54fb88ad3ac729df31d054044

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 17 Apr 2026 04:36:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:15 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 17 Apr 2026 04:36:15 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css
fonts.googleapis.com/ Frame BEE0 12 KB
2 KB 125ms
58ms Stylesheet
text/css 142.250.217.10
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&text=

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

142.250.217.10 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-as-in-f10.1e100.net

Software

ESF /

Resource Hash

5dbf1dd60e4e6e8e3b111f600d85fd7c50214ad54fb88ad3ac729df31d054044

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 17 Apr 2026 04:36:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:15 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 17 Apr 2026 04:36:15 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20260415/r20110914/client/ Frame BEE0 39 KB
16 KB 1179ms
52ms Script
text/javascript 142.251.211.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20260415/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.211.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-bb-in-f1.1e100.net

Software

cafe /

Resource Hash

eb3b03c748e6d2ab316f6c79e60c834b2b4093e01637ee589353af4a1415f1d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 15117310096447999330
age: 22448
x-content-type-options: nosniff
expires: Thu, 30 Apr 2026 22:22:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Thu, 16 Apr 2026 22:22:08 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 15942
x-xss-protection: 0
server: cafe

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-45/js/ Frame BEE0 23 KB
6 KB 1216ms
90ms Script
text/javascript 142.251.211.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-45/js/ext.js

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.211.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-bb-in-f1.1e100.net

Software

sffe /

Resource Hash

4c95e84767aed248594e7d485707c7ed904fd2fe4ec3ea98687fc2de59ddf231

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
x-content-type-options: nosniff
expires: Fri, 17 Apr 2026 04:36:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:16 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Thu, 08 May 2025 23:15:48 GMT
cache-control: private, max-age=300
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
content-length: 6269
x-xss-protection: 0
server: sffe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame BEE0 237 KB
73 KB 31ms
30ms Script
text/javascript 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

7ece648c6d1d12fe49579177747819737d024c57ef2decac49e2d9e5b5409309

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 3668408261107957543
age: 1318
x-content-type-options: nosniff
expires: Fri, 17 Apr 2026 05:14:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 17 Apr 2026 04:14:17 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=ISO-8859-1
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 74838
x-xss-protection: 0
server: cafe

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20260415/r20110914/client/ Frame BEE0 3 KB
1 KB 49ms
46ms Script
text/javascript 142.251.211.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20260415/r20110914/client/window_focus_fy2021.js

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.211.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-bb-in-f1.1e100.net

Software

cafe /

Resource Hash

73ef34ed57b69c5a35720bfc3ac6ebf6da3cf1289824112841d403c0fd169f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 772434001065076922
age: 22502
x-content-type-options: nosniff
expires: Thu, 30 Apr 2026 22:21:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Thu, 16 Apr 2026 22:21:14 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1235
x-xss-protection: 0
server: cafe

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20260415/r20110914/client/ Frame BEE0 21 KB
9 KB 1171ms
46ms Script
text/javascript 142.251.211.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20260415/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.211.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-bb-in-f1.1e100.net

Software

cafe /

Resource Hash

e62f6d1bbf666e1e1fdd789ef87c63b8b0f09a734962a303fbafc57856eb3eb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 11082569455730939277
age: 22502
x-content-type-options: nosniff
expires: Thu, 30 Apr 2026 22:21:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Thu, 16 Apr 2026 22:21:14 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 8705
x-xss-protection: 0
server: cafe

GET l
www.google.com/ads/measurement/ Frame BEE0 0
0

GET
H3 200 container.html Show response
17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame 7FF9 7 KB
0 0ms
0ms Document
text/html 142.251.40.225
Google LLC

General

Check archive.org

Download Go to

Full URL

https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202604130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.225 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f1.1e100.net

Software

sffe /

Resource Hash

f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 3121
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Apr 2026 04:36:12 GMT
expires: Fri, 17 Apr 2026 04:36:12 GMT
last-modified: Thu, 08 May 2025 23:15:48 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 lcpm Show response
go.ezodn.com/ 12 B
430 B 57ms
56ms Fetch
application/json 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/lcpm
Requested by: Host:
URL: ez-standalone.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a0b31941a558739f2935239325579d5aff27702c4444741139e5237b7786725

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: application/json
sec-ch-ua-mobile: ?0

Response headers

nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=GQb%2FM6ROldKNALkxLthCdj1FqQy5LJgsv8lQ6Fi7COXEh2jFAvAsz8fca7HDFETF0AwXOfMfM9DPiOjfJMNRxEgZJaoZ1gTLNseUkNta%2F%2BZXIQ6Y63FgBOEvbpy5FiU%3D"}]}
cf-ray: 9ed8ba4b1e86178c-YYZ
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 12
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:15 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

GET
H2 200 css
fonts.googleapis.com/ Frame 7FF9 12 KB
0 31ms
30ms Stylesheet
text/css 142.250.217.10
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

142.250.217.10 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-as-in-f10.1e100.net

Software

ESF /

Resource Hash

5dbf1dd60e4e6e8e3b111f600d85fd7c50214ad54fb88ad3ac729df31d054044

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 17 Apr 2026 04:36:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:15 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 17 Apr 2026 04:36:15 GMT
x-frame-options: SAMEORIGIN
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css
fonts.googleapis.com/ Frame 7FF9 12 KB
0 31ms
31ms Stylesheet
text/css 142.250.217.10
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&text=

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

142.250.217.10 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-as-in-f10.1e100.net

Software

ESF /

Resource Hash

5dbf1dd60e4e6e8e3b111f600d85fd7c50214ad54fb88ad3ac729df31d054044

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 17 Apr 2026 04:36:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:15 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 17 Apr 2026 04:36:15 GMT
x-frame-options: SAMEORIGIN
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20260415/r20110914/client/ Frame 7FF9 39 KB
0 1090ms
1090ms Script
text/javascript 142.251.211.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20260415/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.211.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-bb-in-f1.1e100.net

Software

cafe /

Resource Hash

eb3b03c748e6d2ab316f6c79e60c834b2b4093e01637ee589353af4a1415f1d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 15117310096447999330
age: 22448
x-content-type-options: nosniff
expires: Thu, 30 Apr 2026 22:22:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Thu, 16 Apr 2026 22:22:08 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 15942
x-xss-protection: 0
server: cafe

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-45/js/ Frame 7FF9 23 KB
0 1128ms
1128ms Script
text/javascript 142.251.211.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-45/js/ext.js

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.211.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-bb-in-f1.1e100.net

Software

sffe /

Resource Hash

4c95e84767aed248594e7d485707c7ed904fd2fe4ec3ea98687fc2de59ddf231

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
x-content-type-options: nosniff
expires: Fri, 17 Apr 2026 04:36:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:16 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Thu, 08 May 2025 23:15:48 GMT
cache-control: private, max-age=300
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
content-length: 6269
x-xss-protection: 0
server: sffe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 7FF9 237 KB
0 1ms
0ms Script
text/javascript 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

7ece648c6d1d12fe49579177747819737d024c57ef2decac49e2d9e5b5409309

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 3668408261107957543
age: 1318
x-content-type-options: nosniff
expires: Fri, 17 Apr 2026 05:14:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 17 Apr 2026 04:14:17 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=ISO-8859-1
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 74838
x-xss-protection: 0
server: cafe

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20260415/r20110914/client/ Frame 7FF9 3 KB
0 43ms
43ms Script
text/javascript 142.251.211.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20260415/r20110914/client/window_focus_fy2021.js

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.211.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-bb-in-f1.1e100.net

Software

cafe /

Resource Hash

73ef34ed57b69c5a35720bfc3ac6ebf6da3cf1289824112841d403c0fd169f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 772434001065076922
age: 22502
x-content-type-options: nosniff
expires: Thu, 30 Apr 2026 22:21:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Thu, 16 Apr 2026 22:21:14 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1235
x-xss-protection: 0
server: cafe

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20260415/r20110914/client/ Frame 7FF9 21 KB
0 1080ms
1080ms Script
text/javascript 142.251.211.97
Google LLC

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20260415/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.211.97 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-bb-in-f1.1e100.net

Software

cafe /

Resource Hash

e62f6d1bbf666e1e1fdd789ef87c63b8b0f09a734962a303fbafc57856eb3eb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 11082569455730939277
age: 22502
x-content-type-options: nosniff
expires: Thu, 30 Apr 2026 22:21:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Thu, 16 Apr 2026 22:21:14 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 8705
x-xss-protection: 0
server: cafe

GET l
www.google.com/ads/measurement/ Frame 7FF9 0
0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BEE0 0
0 120ms
58ms Fetch
text/html 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C4EouvrjhadP3NYio3ugPjpny6A_PlantgwHns7mozAzAjbcBEAEg9PnGJWD96KKB8APIAQngAgCoAwHIAwKqBMsCT9CL86f7H12yu5oAIReSoyK85RWJeThaP6NO-7OtYAwsPjEm72D-tkwZKN4ObT63CF-86-dJgc2UAI4ADwe2xe_afMMes80zdT--mLmnIJwnuicalVPZNXk18mG6IH8_DFe6241fShcCeSDL68YZ7jzfi2XZHm3oj5NUxgKtVZruhwMxa8ix0jubmm6fK2raj55_E56aOv2J7Rd3KL7pw-_iLBOvpdqFylxZvXb4WVuIh2v1QCHydwdfKfgQGcDKnlbxFa9zm3ljDiDLlud-Grd31hYx3JnzHo0nmBWMVrP-HOLB57e8jG5vNfMZBKNfoOBsZuzgVWMM9gBJ3IEN1hFlgHWMqwc2-WBhyZNS1TXaa5uBizrm_bfb7YjVotSTDYTkM4sRSSXzRksvtk-QXVSnEMyKBhsuFcfjboaGXqby9j7tt1EjjBTLW-AEAYAGuarPsrS_tKLAAaAGIagHk9ixAqgHlNixAqgHldixAqgHmuGxAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCwIgGEQATIIioKAgICAgAg6DYBAgMCAgICAqIACqANIvf3BOlidgvfph_STA4AKA_oLAggBgAwBqg0CQ0HiDRMIgbr36Yf0kwMVCJQXBx2OjBz96g0TCI3U-OmH9JMDFQiUFwcdjowc_YgO____________AdAVAYAXAbIXLAoaEhRwdWItNjM5Njg0NDc0MjQ5NzIwOBi-yQcYDCoKMzM0NTM4Mzc3NFABqhgXCfYoXI8EjhJBEgozMzQ1MzgzNzc0GAE&sigh=hYIL2-O_G9k&uach_m=%5BUACH%5D&sreq=1&cid=CAQS5AEABaugfa7mbJNmL17sgLSlTToGqCgjIXeqhgaZ3OW_yRQB4wkRyITOOVR5jHFM7q7XgAY-2n5oGoKQCEeG9b2vZEefB5G37e9eLDLMYgDIudRSHiMbuGQoHu3MuO4XrTCcJVetcdMBpMS0pQqEuIInX0nozJ7DURNf2FTTfnXkMn9yC2zHv40pGRjVZZkUPraH2OX0xbleXjKw1y2O3QYiL2qCxcZzBvCyDrUS1HnMFmzqRDksBEq8hrQuPHcZ7pvizycdeBDqZar-8HJQGiqDtbzYjSsn4cgDF4rh33zPK-vy_C8YAQ
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: pnlgaa-au-in-f2.1e100.net
Software: /
Resource Hash

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

GET
H2 200 rtgban
ban.2trk.info/ Frame BEE0 679 B
0 144ms
81ms Fetch
image/jpeg 172.67.68.154
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://ban.2trk.info/rtgban?bannerparamv1=size=4819::cmpId=65362::bmpclickURL=https%3A%2F%2Fban.2trk.info%2Fclick%3FrequiredParamsv1%3DH4sIAAAAAAAA_31SbW_aMBD-K1GlSq1ojB2f39injLE3XlYGGt2-oISYkRJIGkKByj9-l8CHrpqm851Pj89n391zJR1F6YajZqdumG-r0kbZXTf0x13nM8QY4AnhGg1l2gCjyhjH3Qi1tgJjRo45qMNHjatrvNjHvuRGagAFARgVUO0CcXmJNrdqBScFl4ErknS-SuP5focvBQhzxyhVTDtDaE85evdGMCSggfQp-Eydv8iUkkCpUGCAn_P6DJpEHVQ0hHZQyBt1Nf5KsSW9Se_br9NCVJt9bwqzx4r1NOX2lLvppJW0iuTYqlrJM7ocnfdf0GGMai2xUCMMYpMpYoFo7Vu4RuEUbXfQx4qlggiUML4ADj5oqX0tTOTHfMGMTRIa2AWGDfOXNMuitiDUu3lg7J03SLf7o3fUci7h1guLIrMzG_fTqi24Ilx6N_3P0-HgzsvStfU-2cU6v_W6qzLf2DYDRWgt3iRaRmV6ueJmsabx488-_xpmT99Xiw_j3cM4xOavqqrYXfPwOviI63A4kI1N0miZlpYs8g1iyzSzuK1P6XYtnn_HUFbb3RKR-17YJy9pcYlphl2Ve1vP4UwW1MCxCw_-yZTXzfzvOBrK1XkZETVHkQRtCu2aGh6FDsfxKgyZ_7jvXnjc8OuvYpyWhFFJDJ4wqFNe_QE8ariTHAMAAA%253Bdurl155%3D::bamt=aeG4vgANe9MHF5QIAByMjrJ1iUWXJM-s-44vFg::mode=4::label=::ai=20::ul15=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.68.154 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lhBbEuYV%2FuRxJgWUJTxHpQu36KMCA7jwjw9ShTeknJzFmfTPhL6rgvoced6XjVoAhXdiG5rgCYl%2FhByo7pDL8%2Bc28go70n%2Br50mfg1IRyt8nWQLlDAsLgoh1rIoObxk%3D"}]}
x-content-type-options: nosniff
referrer-policy: unsafe-url
via: 1.1 google
expires: 0
cf-ray: 9ed8ba52ea30ab48-YYZ
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: image/jpeg
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
server: cloudflare

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BEE0 0
0 117ms
56ms Fetch
text/html 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CLb7ovrjhadP3NYio3ugPjpny6A_PlantgwHns7mozAzAjbcBEAEg9PnGJWD96KKB8APIAQngAgCoAwGqBMsCT9CL86f7H12yu5oAIReSoyK85RWJeThaP6NO-7OtYAwsPjEm72D-tkwZKN4ObT63CF-86-dJgc2UAI4ADwe2xe_afMMes80zdT--mLmnIJwnuicalVPZNXk18mG6IH8_DFe6241fShcCeSDL68YZ7jzfi2XZHm3oj5NUxgKtVZruhwMxa8ix0jubmm6fK2raj55_E56aOv2J7Rd3KL7pw-_iLBOvpdqFylxZvXb4WVuIh2v1QCHydwdfKfgQGcDKnlbxFa9zm3ljDiDLlud-Grd31hYx3JnzHo0nmBWMVrP-HOLB57e8jG5vNfMZBKNfoOBsZuzgVWMM9gBJ3IEN1hFlgHWMqwc2-WBhyZNS1TXaa5uBizrm_bfb7YjVotSTDYTkM4sRSSXzRksvtk-QXVSnEMyKBhsuFcfjboaGXqby9j7tt1EjjBTLW-AEAYAGuarPsrS_tKLAAaAGIagHk9ixAqgHlNixAqgHldixAqgHmuGxAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCwIgGEQATIIioKAgICAgAg6DYBAgMCAgICAqIACqANIvf3BOlidgvfph_STA4AKA_oLAggBgAwBqg0CQ0HiDRMIgbr36Yf0kwMVCJQXBx2OjBz96g0TCI3U-OmH9JMDFQiUFwcdjowc_YgO____________AdAVAYAXAbIXLAoaEhRwdWItNjM5Njg0NDc0MjQ5NzIwOBi-yQcYDCoKMzM0NTM4Mzc3NFABqhgXCfYoXI8EjhJBEgozMzQ1MzgzNzc0GAE&sigh=zSsyGXF_mZk&uach_m=%5BUACH%5D&sreq=1&cid=CAQS5AEABaugfa7mbJNmL17sgLSlTToGqCgjIXeqhgaZ3OW_yRQB4wkRyITOOVR5jHFM7q7XgAY-2n5oGoKQCEeG9b2vZEefB5G37e9eLDLMYgDIudRSHiMbuGQoHu3MuO4XrTCcJVetcdMBpMS0pQqEuIInX0nozJ7DURNf2FTTfnXkMn9yC2zHv40pGRjVZZkUPraH2OX0xbleXjKw1y2O3QYiL2qCxcZzBvCyDrUS1HnMFmzqRDksBEq8hrQuPHcZ7pvizycdeBDqZar-8HJQGiqDtbzYjSsn4cgDF4rh33zPK-vy_C8YAQ&vt=10
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: pnlgaa-au-in-f2.1e100.net
Software: /
Resource Hash

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BEE0 0
0 57ms
55ms Fetch
image/gif 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-start2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BEE0 0
0 51ms
50ms Fetch
image/gif 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
fonts.gstatic.com/s/roboto/v51/ Frame BEE0 42 KB
42 KB 108ms
47ms Font
font/woff2 142.251.211.163
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.211.163 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f3.1e100.net

Software

sffe /

Resource Hash

1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
sec-ch-ua-platform: "Linux"
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

age: 417512
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Mon, 12 Apr 2027 08:37:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 12 Apr 2026 08:37:44 GMT
last-modified: Wed, 18 Feb 2026 19:51:37 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 43136
x-xss-protection: 0
server: sffe

GET
H3 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v18/ Frame BEE0 44 KB
44 KB 126ms
67ms Font
font/woff2 142.251.211.163
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v18/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.211.163 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f3.1e100.net

Software

sffe /

Resource Hash

2dea6190c113af617923c6b71f7f10ffbdf72074556f79963610254fe40e49be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
sec-ch-ua-platform: "Linux"
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

age: 383944
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Mon, 12 Apr 2027 17:57:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 12 Apr 2026 17:57:12 GMT
last-modified: Thu, 04 Sep 2025 17:27:33 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 45532
x-xss-protection: 0
server: sffe

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7FF9 0
0 63ms
62ms Fetch
text/html 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CivuavrjhaZu0OaLn6toPjPjz6AXPlantgwHns7mozAzAjbcBEAEg9PnGJWD96KKB8APIAQngAgCoAwHIAwKqBMsCT9C8OLnNSx2J17qCBW_P-i6gmigbUfilkRQ3MEptXwKXCtFQrbP0Z4AYiqC12r10pMnlYo2vF8VdNmrN2WH3D-oBwsGz7Mw-ZIfci6fPBACIZZ9Odrb73lsLxWwEpYZsyzLQyrDgdzbmD9-x8-uuiQPtLSjvU_fDAuOe1Zoy536NEXW4vWn9AL6y1WWWmaWscr0uCGwgA43w7ox4_gv_3vIRsjZkusas_SU2--GYlWJ3LEE0r_HoznWudGiBPdk_rC5ImJygkm9o_jfhLDvQJaPpRizd1_vtCiT0t4vrrvgO1jXJnft4c7YSxxVsyPkKIZpBJ9zW88ZpsMaqgSBgRo08avq6OfDYeszs47XmToPyeQlGOje15tFao4VZSlmj3lWysctHsoj8E2pFZ4oh-whDwHq9XsZC4vlwA4YUEbkr2GE94TuwMac7reAEAYAG98SyveeK2stnoAYhqAeT2LECqAeU2LECqAeV2LECqAea4bECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAqgHrb6xAtgHANIILAiAYRABMgiKgoCAgICACDoNgECAwICAgICogAKoA0i9_cE6WJj0-emH9JMDgAoD-gsCCAGADAGqDQJDQeINEwiUyPrph_STAxWis1oFHQz8HF3qDRMIhuH76Yf0kwMVorNaBR0M_BxdiA7___________8B0BUBgBcBshcsChoSFHB1Yi02Mzk2ODQ0NzQyNDk3MjA4GL7JBxgMKgozMzQ1MzgzNzc0UAGqGBcJ9ihcjwSOEkESCjMzNDUzODM3NzQYAQ&sigh=MvWYx3Yw60A&uach_m=%5BUACH%5D&sreq=1&cid=CAQS5AEABaugfWc-Eb3wpl64kMz4KzizQxuE0n4FNYzd3qxzECIlVKF83f-AesfKLQxXmedI8Du83dmmWPtAd0fRHYpdq4pktMVW7XtIJhfccPBmQw7OAh8oqfiwxMWDfJjQ5KdWuLpF55tvFrkO2nTqfkhSl0Wp7tzrLCt4_pLuo9N5meQ2nr1e2yLaVq7DTGWrqQk56rzaxlNiiG5hWae51H5vCmJD-adgBE0AiFZm80QXB0idio2GSJJapJObX_d2Fsnf6_wuofYd8mnqRK6DzvMfSniBTVTXIx7I6fIMlfoYQEAQOkEYAQ
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: pnlgaa-au-in-f2.1e100.net
Software: /
Resource Hash

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

GET
H2 200 rtgban
ban.2trk.info/ Frame 7FF9 679 B
0 82ms
80ms Fetch
image/jpeg 172.67.68.154
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://ban.2trk.info/rtgban?bannerparamv1=size=5383::cmpId=66325::bmpclickURL=https%3A%2F%2Fban.2trk.info%2Fclick%3FrequiredParamsv1%3DH4sIAAAAAAAA_31SWW_bMAz-K0aBAi0cK7olZ0-O5x1I4rZI0BZ7CRwfqxc7NlLnKvTjRzl56LphoHiAIimR_K6kwUBhEPcam1mz6bZ5Ug3CwHsIjUeM4L7knPlMcy18IX1tCIdQxDQITCkmimLJDTMxsJUCCsWGGG7z497UHFS7W3mS-VJzrjjlPuRpQ8XladxnWeZGSgb-Njks67pepol9zjAkoDzBWBFtfIQjZfDgA0EuxVR6mHtEnT9JlJIcY6EE5uJc2bMdQKERMAiER0DoAxvrf8cwpWge3f04paKrd9GCP_3qSKQxy0-NWczdzG2zo9u52R5MBsb4OxiEYK0ltOoLH3yfre_vkcLNfAE3VLg7F04cLECG0wlMw2d0pbKs8CSVhccToT2tVeqpLCUpEzldJQWEzZq3sqqSoUDYuXkm5JMzLTe7o3PUcin5rRO0bZU_5atJ2Q0FU4hJ52bybTGbDpyqXOfO1zxdN7dO-LJt6nxIuELYkjNPimRbXlLMPpqN18fx4a4TXvXov8KGnk8PsJaXrmtfr1lwTb_AORwOqM6zMinKbY7SpgZfUVY5qPWp3KzF_ueKb7vNawGe-yiYoLeyvcT0QOi2u9xu6AwkYGroBSP_RNH7Mf93UT0cbV2GLIhhy2qI-dCCxsF8xGDxGkKWj_fhBeM99v5oxmiJCJbIx4gSC-z46jci9CzQSQMAAA%253Bdurl155%3D::bamt=aeG4vgAOWhsFWrOiABz8DFTiCEoeyuuGltlcAg::mode=4::label=::ai=1::ul15=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.68.154 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=krbBwuDc8CioXR2z71zHxCCwpSCxrC6AhFsUOVoZyRLg6BrNQkwcIzgeutXxDjZmqW%2F08cLd0s7IOHNpt2fdSbJ8PdkSXldNCmG9I4tThbMieZpyx7%2FV2AoHfDAW264%3D"}]}
x-content-type-options: nosniff
referrer-policy: unsafe-url
via: 1.1 google
expires: 0
cf-ray: 9ed8ba530a55ab48-YYZ
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: image/jpeg
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
server: cloudflare

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7FF9 0
0 61ms
59ms Fetch
text/html 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cds5ZvrjhaZu0OaLn6toPjPjz6AXPlantgwHns7mozAzAjbcBEAEg9PnGJWD96KKB8APIAQngAgCoAwGqBMsCT9C8OLnNSx2J17qCBW_P-i6gmigbUfilkRQ3MEptXwKXCtFQrbP0Z4AYiqC12r10pMnlYo2vF8VdNmrN2WH3D-oBwsGz7Mw-ZIfci6fPBACIZZ9Odrb73lsLxWwEpYZsyzLQyrDgdzbmD9-x8-uuiQPtLSjvU_fDAuOe1Zoy536NEXW4vWn9AL6y1WWWmaWscr0uCGwgA43w7ox4_gv_3vIRsjZkusas_SU2--GYlWJ3LEE0r_HoznWudGiBPdk_rC5ImJygkm9o_jfhLDvQJaPpRizd1_vtCiT0t4vrrvgO1jXJnft4c7YSxxVsyPkKIZpBJ9zW88ZpsMaqgSBgRo08avq6OfDYeszs47XmToPyeQlGOje15tFao4VZSlmj3lWysctHsoj8E2pFZ4oh-whDwHq9XsZC4vlwA4YUEbkr2GE94TuwMac7reAEAYAG98SyveeK2stnoAYhqAeT2LECqAeU2LECqAeV2LECqAea4bECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAqgHrb6xAtgHANIILAiAYRABMgiKgoCAgICACDoNgECAwICAgICogAKoA0i9_cE6WJj0-emH9JMDgAoD-gsCCAGADAGqDQJDQeINEwiUyPrph_STAxWis1oFHQz8HF3qDRMIhuH76Yf0kwMVorNaBR0M_BxdiA7___________8B0BUBgBcBshcsChoSFHB1Yi02Mzk2ODQ0NzQyNDk3MjA4GL7JBxgMKgozMzQ1MzgzNzc0UAGqGBcJ9ihcjwSOEkESCjMzNDUzODM3NzQYAQ&sigh=8PSc8T0y5Kg&uach_m=%5BUACH%5D&sreq=1&cid=CAQS5AEABaugfWc-Eb3wpl64kMz4KzizQxuE0n4FNYzd3qxzECIlVKF83f-AesfKLQxXmedI8Du83dmmWPtAd0fRHYpdq4pktMVW7XtIJhfccPBmQw7OAh8oqfiwxMWDfJjQ5KdWuLpF55tvFrkO2nTqfkhSl0Wp7tzrLCt4_pLuo9N5meQ2nr1e2yLaVq7DTGWrqQk56rzaxlNiiG5hWae51H5vCmJD-adgBE0AiFZm80QXB0idio2GSJJapJObX_d2Fsnf6_wuofYd8mnqRK6DzvMfSniBTVTXIx7I6fIMlfoYQEAQOkEYAQ&vt=10
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: pnlgaa-au-in-f2.1e100.net
Software: /
Resource Hash

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FF9 0
0 53ms
52ms Fetch
image/gif 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-start2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FF9 0
0 52ms
51ms Fetch
image/gif 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 reach_worklet.html Show response
www.googleadservices.com/pagead/managed/js/activeview/current/ Frame 4997 93 B
93 B 41ms
41ms Document
text/html 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

136b3dfa7c254f92a9a3513c191c87c05f7c7ff7f82c6d648a33496c3c380593

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-encoding: br
content-length: 69
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Apr 2026 04:36:16 GMT
etag: 9658810392779322030
expires: Fri, 17 Apr 2026 04:36:16 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D102 143 B
383 B 192ms
46ms Document
text/html 142.251.211.162
Google LLC

General

Check archive.org

Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.211.162 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

age: 2982
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Apr 2026 03:46:34 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 719E 1 KB
837 B 28ms
27ms Document
text/html 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

bea1c5ab168f662fc9eb5bda3474e5b1bbd0d3ecc1d9c68e2a753f613c2ae0c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

age: 73075
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 812
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Apr 2026 08:18:21 GMT
etag: 9725182468138058862
expires: Fri, 17 Apr 2026 08:18:21 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 reach_worklet.html Show response
www.googleadservices.com/pagead/managed/js/activeview/current/ Frame BD11 93 B
0 28ms
28ms Document
text/html 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

136b3dfa7c254f92a9a3513c191c87c05f7c7ff7f82c6d648a33496c3c380593

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-encoding: br
content-length: 69
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Apr 2026 04:36:16 GMT
etag: 9658810392779322030
expires: Fri, 17 Apr 2026 04:36:16 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame BEE0 208 B
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05a6bedcc63ee571fed9a78648e97368908c867c9a9b54d31d1c19e87a454b3e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H3 200 KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
fonts.gstatic.com/s/roboto/v51/ Frame 7FF9 42 KB
0 141ms
141ms Font
font/woff2 142.251.211.163
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.211.163 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f3.1e100.net

Software

sffe /

Resource Hash

1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
sec-ch-ua-platform: "Linux"
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

age: 417512
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Mon, 12 Apr 2027 08:37:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 12 Apr 2026 08:37:44 GMT
last-modified: Wed, 18 Feb 2026 19:51:37 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 43136
x-xss-protection: 0
server: sffe

GET
H3 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v18/ Frame 7FF9 44 KB
0 150ms
150ms Font
font/woff2 142.251.211.163
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v18/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.211.163 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f3.1e100.net

Software

sffe /

Resource Hash

2dea6190c113af617923c6b71f7f10ffbdf72074556f79963610254fe40e49be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
sec-ch-ua-platform: "Linux"
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

age: 383944
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Mon, 12 Apr 2027 17:57:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 12 Apr 2026 17:57:12 GMT
last-modified: Thu, 04 Sep 2025 17:27:33 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 45532
x-xss-protection: 0
server: sffe

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame AB28 143 B
0 181ms
181ms Document
text/html 142.251.211.162
Google LLC

General

Check archive.org

Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.211.162 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

age: 2982
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Apr 2026 03:46:34 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DE3B 1 KB
0 17ms
17ms Document
text/html 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

bea1c5ab168f662fc9eb5bda3474e5b1bbd0d3ecc1d9c68e2a753f613c2ae0c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

age: 73075
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 812
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Apr 2026 08:18:21 GMT
etag: 9725182468138058862
expires: Fri, 17 Apr 2026 08:18:21 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 7FF9 213 B
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e7aca7fa5b7c8f6d1a033f56b6fa0960abe0547bc38d182465f25da11a8ba03

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H3 200 reach_worklet.js Show response
www.googleadservices.com/pagead/managed/js/activeview/current/ Frame 4997 195 KB
62 KB 56ms
55ms Script
text/javascript 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.js

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

6ccb1d24b672a10a1bf92e29412ca29b46f5abdce36e20beae8f4b4c909b31a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 6429351313867025537
x-content-type-options: nosniff
expires: Fri, 17 Apr 2026 04:36:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 17 Apr 2026 04:36:16 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 63404
x-xss-protection: 0
server: cafe

GET
H3 200 reach_worklet.js Show response
www.googleadservices.com/pagead/managed/js/activeview/current/ Frame BD11 195 KB
0 49ms
49ms Script
text/javascript 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.js

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

6ccb1d24b672a10a1bf92e29412ca29b46f5abdce36e20beae8f4b4c909b31a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: br
etag: 6429351313867025537
x-content-type-options: nosniff
expires: Fri, 17 Apr 2026 04:36:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 17 Apr 2026 04:36:16 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 63404
x-xss-protection: 0
server: cafe

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DE3B
Redirect Chain

https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEGcd6v5KMH_B0H02rSr8p8g&google_cver=1&google_push=AXcoOmRxoW3WOL5gdOPfWnTrwgsufWoPa_9qe6Wp6VI3-id1QHLLGkm...
https://dclk-match.dotomi.com/match/bounce/current?DotomiTest=5aa6cd0d355f128e&is_secure=true&networkId=14000&version=1&google_gid=CAESEGcd6v5KMH_B0H02rSr8p8g&google_cver=1&google_push=AXcoOmRxoW3W...
https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AQAHvDtv1QDN2QICXoYKAQEBAQEBAQCcmLiwBgEBAJyYuLAG&expiration=1776486976&google_cver=1&is_secure=true&google_gid=CAES...

170 B
232 B

68ms
68ms

Image
image/png

142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AQAHvDtv1QDN2QICXoYKAQEBAQEBAQCcmLiwBgEBAJyYuLAG&expiration=1776486976&google_cver=1&is_secure=true&google_gid=CAESEGcd6v5KMH_B0H02rSr8p8g&google_push=AXcoOmRxoW3WOL5gdOPfWnTrwgsufWoPa_9qe6Wp6VI3-id1QHLLGkm6k5_a-3ECJL8DpXz7snlSLV0eDGYR9kKxGL_NlP9udIqDdmwYigQqreu9v4Yp4klmD8D0WooUJ2XM-VDBefGDXuhyf3x40fM1-x-v

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

expires: 0
cache-control: no-cache, private, max-age=0, no-store
location: https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AQAHvDtv1QDN2QICXoYKAQEBAQEBAQCcmLiwBgEBAJyYuLAG&expiration=1776486976&google_cver=1&is_secure=true&google_gid=CAESEGcd6v5KMH_B0H02rSr8p8g&google_push=AXcoOmRxoW3WOL5gdOPfWnTrwgsufWoPa_9qe6Wp6VI3-id1QHLLGkm6k5_a-3ECJL8DpXz7snlSLV0eDGYR9kKxGL_NlP9udIqDdmwYigQqreu9v4Yp4klmD8D0WooUJ2XM-VDBefGDXuhyf3x40fM1-x-v
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
pragma: no-cache
server: nginx

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DE3B
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEP_3X9cdFQE-3QNHQrlMPZM&google_cver=1&google_push=AXcoOmQahJzJhANO9puCBlVJFqMMI7RFpTHNF2NK0jiRg_66OBKlxENWpcUmphEeo2MgWBRlk_2AMQMZ4pOMwuYyijQ7FpWmANaMs...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEP_3X9cdFQE-3QNHQrlMPZM&google_cver=1&google_push=AXcoOmQahJzJhANO9puCBlVJFqMMI7RFpTHNF2NK0jiRg_66OBKlxENWpcUmphEeo2MgWBRlk_2AMQMZ4pOMwuYyijQ7FpWmANa...
https://cm.g.doubleclick.net/pixel?google_nid=exp&google_push=AXcoOmQahJzJhANO9puCBlVJFqMMI7RFpTHNF2NK0jiRg_66OBKlxENWpcUmphEeo2MgWBRlk_2AMQMZ4pOMwuYyijQ7FpWmANaMsxNDElpQnX6WF77eIeAEQXGTBn7DZqC0k9M...

170 B
232 B

68ms
67ms

Image
image/png

142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=exp&google_push=AXcoOmQahJzJhANO9puCBlVJFqMMI7RFpTHNF2NK0jiRg_66OBKlxENWpcUmphEeo2MgWBRlk_2AMQMZ4pOMwuYyijQ7FpWmANaMsxNDElpQnX6WF77eIeAEQXGTBn7DZqC0k9MsBb4osQqvCG_74jBFZ_IY&google_ula=2786954&google_hm=18072661955249290803

Protocol

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

cache-control: no-cache, private
location: https://cm.g.doubleclick.net/pixel?google_nid=exp&google_push=AXcoOmQahJzJhANO9puCBlVJFqMMI7RFpTHNF2NK0jiRg_66OBKlxENWpcUmphEeo2MgWBRlk_2AMQMZ4pOMwuYyijQ7FpWmANaMsxNDElpQnX6WF77eIeAEQXGTBn7DZqC0k9MsBb4osQqvCG_74jBFZ_IY&google_ula=2786954&google_hm=18072661955249290803
cf-cache-status: DYNAMIC
pragma: no-cache
x-function: 209
cf-ray: 9ed8ba550df4a25a-YUL
expires: Thu, 01 Jan 1970 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
x-reuse-index: 66
p3p: CP="NOI DEVo TAIa OUR BUS"
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:16 GMT
content-type: text/html
server: cloudflare
priority: u=3,i

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DE3B
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?https://cm.g.doubleclick.net/pixel?google_nid=adelphic_mobile&google_gid=CAESEAABzg3aGp7jGrhu9kwg9RQ&google_cver=1&google_push=AXcoOmQFMVtcRipg5S6...
https://cm.g.doubleclick.net/pixel?google_nid=adelphic_mobile&google_gid=CAESEAABzg3aGp7jGrhu9kwg9RQ&google_cver=1&google_push=AXcoOmQFMVtcRipg5S61Xp_jpRDK-JOSKW8R5l9f1ya0iXOTt_eOYqqHqJ5UpNTdSeKtKV...

170 B
232 B

64ms
64ms

Image
image/png

142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adelphic_mobile&google_gid=CAESEAABzg3aGp7jGrhu9kwg9RQ&google_cver=1&google_push=AXcoOmQFMVtcRipg5S61Xp_jpRDK-JOSKW8R5l9f1ya0iXOTt_eOYqqHqJ5UpNTdSeKtKVAF4wwqP7dWXPX9SfmmBr3uIzXcNGvBXjhryPwgm9r6S2uBAhmXusu99aOllgJLlIscBLsRbHbgT8Ln3rre1LQ&google_hm=rV3fIeM5QZWc85JYRqROtw==

Protocol

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 17 Apr 2026 04:36:17 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

X-CI-RTID: f5ed7a78-16d6-49eb-8b4c-f1ee47edad3b
Location: https://cm.g.doubleclick.net/pixel?google_nid=adelphic_mobile&google_gid=CAESEAABzg3aGp7jGrhu9kwg9RQ&google_cver=1&google_push=AXcoOmQFMVtcRipg5S61Xp_jpRDK-JOSKW8R5l9f1ya0iXOTt_eOYqqHqJ5UpNTdSeKtKVAF4wwqP7dWXPX9SfmmBr3uIzXcNGvBXjhryPwgm9r6S2uBAhmXusu99aOllgJLlIscBLsRbHbgT8Ln3rre1LQ&google_hm=rV3fIeM5QZWc85JYRqROtw==
Content-Length: 356
Date: Fri, 17 Apr 2026 04:36:17 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DE3B
Redirect Chain

https://creativecdn.com/cm-notify?pi=adxab&google_nid=rtb_house&google_gid=CAESEImVu45Rk247GcdnwAqnQWE&google_cver=1&google_push=AXcoOmRK6y2qq8CdFodgzM_jn_asYo3sYp6hMlCkWm-K01NALlHIaH1V4HBRtdc1I29Q...
https://creativecdn.com/cm-notify?pi=adxab&google_nid=rtb_house&google_gid=CAESEImVu45Rk247GcdnwAqnQWE&google_cver=1&google_push=AXcoOmRK6y2qq8CdFodgzM_jn_asYo3sYp6hMlCkWm-K01NALlHIaH1V4HBRtdc1I29Q...
https://cm.g.doubleclick.net/pixel?google_ula=5153224&google_hm=16sQnisZYvx_Sa12PLO7zHvm9YbRs6DT6Decnudsuxk&pi=adx&tdc=ams&pi=adxab&google_nid=rtb_house&google_gid=CAESEImVu45Rk247GcdnwAqnQWE&googl...

170 B
232 B

69ms
68ms

Image
image/png

142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_ula=5153224&google_hm=16sQnisZYvx_Sa12PLO7zHvm9YbRs6DT6Decnudsuxk&pi=adx&tdc=ams&pi=adxab&google_nid=rtb_house&google_gid=CAESEImVu45Rk247GcdnwAqnQWE&google_cver=1&google_push=AXcoOmRK6y2qq8CdFodgzM_jn_asYo3sYp6hMlCkWm-K01NALlHIaH1V4HBRtdc1I29Qy-EjgPJKwnjhkwUg0twM1QACn6ynePCM1xsVGKR31QOHSslDuNFZpZj1mWsGeG7aHLGrystZ77SUv3Iou_4G2FtI&tc=1

Protocol

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 17 Apr 2026 04:36:17 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
location: https://cm.g.doubleclick.net/pixel?google_ula=5153224&google_hm=16sQnisZYvx_Sa12PLO7zHvm9YbRs6DT6Decnudsuxk&pi=adx&tdc=ams&pi=adxab&google_nid=rtb_house&google_gid=CAESEImVu45Rk247GcdnwAqnQWE&google_cver=1&google_push=AXcoOmRK6y2qq8CdFodgzM_jn_asYo3sYp6hMlCkWm-K01NALlHIaH1V4HBRtdc1I29Qy-EjgPJKwnjhkwUg0twM1QACn6ynePCM1xsVGKR31QOHSslDuNFZpZj1mWsGeG7aHLGrystZ77SUv3Iou_4G2FtI&tc=1
content-length: 0
date: Fri, 17 Apr 2026 04:36:17 GMT
pragma: no-cache
vary: Accept-Encoding

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DE3B
Redirect Chain

https://bb.lijit.com/dsp/google/pixelmatch?google_gid=CAESED_xjoqdSfO0H7tBR6veMPM&google_cver=1&google_push=AXcoOmRXmv1Lrvk68tJD6CZrk9YXsykJkyLL6rtRgM4eoi9YIkDPXTAgecierlt9Y0VmgZQjkKGUoHVqP1_MzYjTd...
https://bb.lijit.com/dsp/google/pixelmatch?google_gid=CAESED_xjoqdSfO0H7tBR6veMPM&google_cver=1&google_push=AXcoOmRXmv1Lrvk68tJD6CZrk9YXsykJkyLL6rtRgM4eoi9YIkDPXTAgecierlt9Y0VmgZQjkKGUoHVqP1_MzYjTd...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRXmv1Lrvk68tJD6CZrk9YXsykJkyLL6rtRgM4eoi9YIkDPXTAgecierlt9Y0VmgZQjkKGUoHVqP1_MzYjTdl9gCrrDBLV8OfmSfSw5t8COg0JWA8ayCaPQvqBPDruTu...

170 B
232 B

65ms
65ms

Image
image/png

142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRXmv1Lrvk68tJD6CZrk9YXsykJkyLL6rtRgM4eoi9YIkDPXTAgecierlt9Y0VmgZQjkKGUoHVqP1_MzYjTdl9gCrrDBLV8OfmSfSw5t8COg0JWA8ayCaPQvqBPDruTugRLKGGgFim1skIMsXYHE4c&google_hm=Mg7UAGZHR_zjofCvTcGebDxA

Protocol

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 17 Apr 2026 04:36:17 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmRXmv1Lrvk68tJD6CZrk9YXsykJkyLL6rtRgM4eoi9YIkDPXTAgecierlt9Y0VmgZQjkKGUoHVqP1_MzYjTdl9gCrrDBLV8OfmSfSw5t8COg0JWA8ayCaPQvqBPDruTugRLKGGgFim1skIMsXYHE4c&google_hm=Mg7UAGZHR_zjofCvTcGebDxA
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-origin: *
content-length: 0
date: Fri, 17 Apr 2026 04:36:17 GMT
vary: Accept-Encoding
access-control-allow-headers: X-Requested-With, Content-Type

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DE3B
Redirect Chain

https://google.partners.tremorhub.com/sync?UIDF=CAESEDOvaB4HbIBTsUcAFcwQ-to&google_cver=1&google_push=AXcoOmSAdDZfAiMO3J7tUlAXsXhgzwMvpyZ5iT-0lCYk6Oh-sJAY1CheV4hi3wLVxvQTsuChhF7jj4Lar9i0ZysGJzoyTmr...
https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=ZGQ1ZDA4M2NhZjExNGM5N2E2YzdjYTRlMDYwM2VmZWI%3D&UIDF=CAESEDOvaB4HbIBTsUcAFcwQ-to&google_cver=1&google_push=AXcoOmSAdDZfAiMO3J7tUlAXsXhg...

170 B
232 B

63ms
62ms

Image
image/png

142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=ZGQ1ZDA4M2NhZjExNGM5N2E2YzdjYTRlMDYwM2VmZWI%3D&UIDF=CAESEDOvaB4HbIBTsUcAFcwQ-to&google_cver=1&google_push=AXcoOmSAdDZfAiMO3J7tUlAXsXhgzwMvpyZ5iT-0lCYk6Oh-sJAY1CheV4hi3wLVxvQTsuChhF7jj4Lar9i0ZysGJzoyTmrR2BGPG5M77XNNuT6M9XyZ5ir66cOC-MAKWOxYJhwzYlKbSq9wsMoVNy77zi4

Protocol

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 17 Apr 2026 04:36:17 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=ZGQ1ZDA4M2NhZjExNGM5N2E2YzdjYTRlMDYwM2VmZWI%3D&UIDF=CAESEDOvaB4HbIBTsUcAFcwQ-to&google_cver=1&google_push=AXcoOmSAdDZfAiMO3J7tUlAXsXhgzwMvpyZ5iT-0lCYk6Oh-sJAY1CheV4hi3wLVxvQTsuChhF7jj4Lar9i0ZysGJzoyTmrR2BGPG5M77XNNuT6M9XyZ5ir66cOC-MAKWOxYJhwzYlKbSq9wsMoVNy77zi4
content-length: 0
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Fri, 17 Apr 2026 04:36:17 GMT
server: nginx

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DE3B
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEMY7xr3N7VbKXZ1-f0XIr4A&google_cver=1&google_push=AXcoOmRybbvKod9i0H9tSRWn7a32bdI_aOqhai8nMj8ayWs6ZFk3Wz1pr82lHN3BZK3g-0fWW8rnO_5PDv_DCGC6x8AOpMnl5A...
https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEMY7xr3N7VbKXZ1-f0XIr4A&google_cver=1&google_push=AXcoOmRybbvKod9i0H9tSRWn7a32bdI_aOqhai8nMj8ayWs6ZFk3Wz1pr82lHN3BZK3g-0fWW8rnO_5PDv_DCGC6x8AOpMnl5A...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_push=AXcoOmRybbvKod9i0H9tSRWn7a32bdI_aOqhai8nMj8ayWs6ZFk3Wz1pr82lHN3BZK3g-0fWW8rnO_5PDv_DCGC6x8AOpMnl5A-nUI6...

170 B
232 B

70ms
68ms

Image
image/png

142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_push=AXcoOmRybbvKod9i0H9tSRWn7a32bdI_aOqhai8nMj8ayWs6ZFk3Wz1pr82lHN3BZK3g-0fWW8rnO_5PDv_DCGC6x8AOpMnl5A-nUI6IWgiV_F3doT8aIlMEJI7ymlflJEXgCBNO64mSqjxLurevTs-Fr7Ge&google_hm=MTI3NDA2NTc5NTQyMzA1MDgzMTI1Nw%3D%3D

Protocol

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 17 Apr 2026 04:36:17 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

date: Fri, 17 Apr 2026 04:36:17 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_push=AXcoOmRybbvKod9i0H9tSRWn7a32bdI_aOqhai8nMj8ayWs6ZFk3Wz1pr82lHN3BZK3g-0fWW8rnO_5PDv_DCGC6x8AOpMnl5A-nUI6IWgiV_F3doT8aIlMEJI7ymlflJEXgCBNO64mSqjxLurevTs-Fr7Ge&google_hm=MTI3NDA2NTc5NTQyMzA1MDgzMTI1Nw%3D%3D
content-length: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame DE3B 0
40 B 67ms
61ms Image
text/html 142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IHrfQcEE1mZ3MmBwKXcPzuI6CwZtegRolSsMo2XOHdcSGjpYgKzEIk_cdWbgFez0WAItHR

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: text/html
server: HTTP server (unknown)

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 719E
Redirect Chain

https://b.applovin.com/v1/gcm/push?google_gid=CAESEO_NWncdgwCwcEe2TsdwSPE&google_cver=1&google_push=AXcoOmTxf0I59p5_RgE4f-W1hZryY14WLo7ZZwZX-cPKlQT1z_vgMafQJpwXU49vczYXTxfGEXBdGfjLu5aVwzqd5aN66NXQxqnJ
https://cm.g.doubleclick.net/pixel?google_nid=aplv&google_push=AXcoOmTxf0I59p5_RgE4f-W1hZryY14WLo7ZZwZX-cPKlQT1z_vgMafQJpwXU49vczYXTxfGEXBdGfjLu5aVwzqd5aN66NXQxqnJ

170 B
232 B

65ms
64ms

Image
image/png

142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=aplv&google_push=AXcoOmTxf0I59p5_RgE4f-W1hZryY14WLo7ZZwZX-cPKlQT1z_vgMafQJpwXU49vczYXTxfGEXBdGfjLu5aVwzqd5aN66NXQxqnJ

Protocol

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 17 Apr 2026 04:36:17 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
location: https://cm.g.doubleclick.net/pixel?google_nid=aplv&google_push=AXcoOmTxf0I59p5_RgE4f-W1hZryY14WLo7ZZwZX-cPKlQT1z_vgMafQJpwXU49vczYXTxfGEXBdGfjLu5aVwzqd5aN66NXQxqnJ
content-length: 0
date: Fri, 17 Apr 2026 04:36:17 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 719E
Redirect Chain

https://pixelfnt-us.dsp-api.moloco.com/v1/cm/adxpm?google_gid=CAESEG4HPqWGAht-ibv1Uvsf-pY&google_cver=1&google_push=AXcoOmTXspHbVY1WO6jCpf4PSAtNTKERBK2glLNCXzYZ0yw6fsY_wZtyHsUzPssoROFhpn8ZtbdJW3MWI...
https://cm.g.doubleclick.net/pixel?google_nid=moloco_ads&google_hm=himcSM1RRHejsveUypoCFg&google_push=AXcoOmTXspHbVY1WO6jCpf4PSAtNTKERBK2glLNCXzYZ0yw6fsY_wZtyHsUzPssoROFhpn8ZtbdJW3MWIlvXdl5A487a__k...

170 B
232 B

64ms
64ms

Image
image/png

142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=moloco_ads&google_hm=himcSM1RRHejsveUypoCFg&google_push=AXcoOmTXspHbVY1WO6jCpf4PSAtNTKERBK2glLNCXzYZ0yw6fsY_wZtyHsUzPssoROFhpn8ZtbdJW3MWIlvXdl5A487a__kRv6vV

Protocol

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 17 Apr 2026 04:36:17 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
location: https://cm.g.doubleclick.net/pixel?google_nid=moloco_ads&google_hm=himcSM1RRHejsveUypoCFg&google_push=AXcoOmTXspHbVY1WO6jCpf4PSAtNTKERBK2glLNCXzYZ0yw6fsY_wZtyHsUzPssoROFhpn8ZtbdJW3MWIlvXdl5A487a__kRv6vV
content-length: 233
date: Fri, 17 Apr 2026 04:36:17 GMT
content-type: text/html; charset=utf-8

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 719E
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEO...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmTbgiGm3e3N9jCPI4MsCWk_UaITHXKGioUdvtAkYBZCGjFzeNnFTeQCD6rzuToJFhiaSp-x7wytG4hJug6aIJrMDzONMlS3&google_hm=

170 B
232 B

121ms
121ms

Image
image/png

142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmTbgiGm3e3N9jCPI4MsCWk_UaITHXKGioUdvtAkYBZCGjFzeNnFTeQCD6rzuToJFhiaSp-x7wytG4hJug6aIJrMDzONMlS3&google_hm=

Protocol

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 17 Apr 2026 04:36:18 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

expires: 0
cache-control: no-store, no-cache, must-revalidate
location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmTbgiGm3e3N9jCPI4MsCWk_UaITHXKGioUdvtAkYBZCGjFzeNnFTeQCD6rzuToJFhiaSp-x7wytG4hJug6aIJrMDzONMlS3&google_hm=
date: Fri, 17 Apr 2026 04:36:17 GMT
pragma: no-cache
content-type: text/html
etag: OPTOUT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 719E
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEMY7xr3N7VbKXZ1-f0XIr4A&google_cver=1&google_push=AXcoOmQnQGQ6r504KdBpddtMFKgoFqtAcbYYqwt2reMkJ5WTI5CiBY5nLT9_Vs8oN7_Cb2a6bYYEJJhHUI5rRRAvBR_xpKttB5Y
https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEMY7xr3N7VbKXZ1-f0XIr4A&google_cver=1&google_push=AXcoOmQnQGQ6r504KdBpddtMFKgoFqtAcbYYqwt2reMkJ5WTI5CiBY5nLT9_Vs8oN7_Cb2a6bYYEJJhHUI5rRRAvBR_xpKttB5...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_push=AXcoOmQnQGQ6r504KdBpddtMFKgoFqtAcbYYqwt2reMkJ5WTI5CiBY5nLT9_Vs8oN7_Cb2a6bYYEJJhHUI5rRRAvBR_xpKttB5Y&goo...

170 B
232 B

67ms
67ms

Image
image/png

142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_push=AXcoOmQnQGQ6r504KdBpddtMFKgoFqtAcbYYqwt2reMkJ5WTI5CiBY5nLT9_Vs8oN7_Cb2a6bYYEJJhHUI5rRRAvBR_xpKttB5Y&google_hm=MjcyOTU4NTk5MTQyNTA0Mzk0NzQ3Nw%3D%3D

Protocol

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 17 Apr 2026 04:36:17 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

date: Fri, 17 Apr 2026 04:36:17 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_push=AXcoOmQnQGQ6r504KdBpddtMFKgoFqtAcbYYqwt2reMkJ5WTI5CiBY5nLT9_Vs8oN7_Cb2a6bYYEJJhHUI5rRRAvBR_xpKttB5Y&google_hm=MjcyOTU4NTk5MTQyNTA0Mzk0NzQ3Nw%3D%3D
content-length: 0

GET sync-pixel
cs-ob.yellowblue.io/ Frame 719E 0
0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 719E
Redirect Chain

https://cm-mx.advolve.io/pixel?google_gid=CAESEB24Sb4zirWV1Bd_wqawuzo&google_cver=1&google_push=AXcoOmTkIPV5ks7rOE4i1ufnWz_0PlISnK6drRPqSA9SskCEsOOAx77giChPUZ38S0jRcsmy3L7Dckw9V_udEV-6isZAVRgaRmjNmA
https://cm.g.doubleclick.net/pixel?google_nid=advolve&google_push=AXcoOmTkIPV5ks7rOE4i1ufnWz_0PlISnK6drRPqSA9SskCEsOOAx77giChPUZ38S0jRcsmy3L7Dckw9V_udEV-6isZAVRgaRmjNmA&google_hm=69e1b8c1036ece8017...

170 B
232 B

68ms
62ms

Image
image/png

142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=advolve&google_push=AXcoOmTkIPV5ks7rOE4i1ufnWz_0PlISnK6drRPqSA9SskCEsOOAx77giChPUZ38S0jRcsmy3L7Dckw9V_udEV-6isZAVRgaRmjNmA&google_hm=69e1b8c1036ece8017af66a4&google_ula=9190312969

Protocol

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 17 Apr 2026 04:36:17 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=advolve&google_push=AXcoOmTkIPV5ks7rOE4i1ufnWz_0PlISnK6drRPqSA9SskCEsOOAx77giChPUZ38S0jRcsmy3L7Dckw9V_udEV-6isZAVRgaRmjNmA&google_hm=69e1b8c1036ece8017af66a4&google_ula=9190312969
Content-Length: 0
Date: Fri, 17 Apr 2026 04:36:17 GMT
x-envoy-upstream-service-time: 0
Server: nginx
Connection: keep-alive

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 719E
Redirect Chain

https://s.seedtag.com/cs/cookiesync/google?google_gid=CAESEMVMuqAwijZGcAC10OQCkFU&google_cver=1&google_push=AXcoOmQfWt3mVwi2cNVtbKNyYzykTwTk8aWXrjeij9jQe8VQg_52HPISK1a4RwzrI53nW5enud-etXWyVmzuMDpId...
https://cm.g.doubleclick.net/pixel?google_nid=seedtag_beachfront&google_hm=019d99b9-b0c3-7604-b1fa-159be8e222d2&google_push=AXcoOmQfWt3mVwi2cNVtbKNyYzykTwTk8aWXrjeij9jQe8VQg_52HPISK1a4RwzrI53nW5enu...

170 B
232 B

64ms
64ms

Image
image/png

142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=seedtag_beachfront&google_hm=019d99b9-b0c3-7604-b1fa-159be8e222d2&google_push=AXcoOmQfWt3mVwi2cNVtbKNyYzykTwTk8aWXrjeij9jQe8VQg_52HPISK1a4RwzrI53nW5enud-etXWyVmzuMDpId-2Ej6XcD1tz

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=seedtag_beachfront&google_hm=019d99b9-b0c3-7604-b1fa-159be8e222d2&google_push=AXcoOmQfWt3mVwi2cNVtbKNyYzykTwTk8aWXrjeij9jQe8VQg_52HPISK1a4RwzrI53nW5enud-etXWyVmzuMDpId-2Ej6XcD1tz
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, HEAD
via: 1.1 google
cf-ray: 9ed8ba544d95a279-YUL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
content-length: 246
date: Fri, 17 Apr 2026 04:36:16 GMT
content-type: text/plain; charset=utf-8
vary: Accept
server: cloudflare
priority: u=3,i
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 719E 0
59 B 62ms
60ms Image
text/html 142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IA-_i4RQjWj7afmsFTZGzLq3nwsKl-nusm-facC-tfTKxGONA294bXmXXxl9uMB9mcqjtpBy3Q

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: text/html
server: HTTP server (unknown)

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BEE0 0
0 47ms
46ms Fetch
image/gif 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BEE0 0
0 46ms
46ms Fetch
image/gif 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACYANgBGgD

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FF9 0
0 89ms
48ms Fetch
image/gif 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FF9 0
0 97ms
50ms Fetch
image/gif 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACYANgBGgD

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 model_person_country_code_CA_person_region_code_5175656265635f4d6f6e747265616c.json Show response
www.googletagservices.com/agrp/prod/ Frame 4997 632 KB
86 KB 414ms
49ms Fetch
application/json 142.250.72.2
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagservices.com/agrp/prod/model_person_country_code_CA_person_region_code_5175656265635f4d6f6e747265616c.json

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.72.2 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

den08s06-in-f2.1e100.net

Software

sffe /

Resource Hash

7dfb320f62f8e93b26f7760ed53ade019c720b1a267826a9672177c801223e5b

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-people-metrics-releaser
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.googleadservices.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
age: 11531
report-to: {"group":"ads-people-metrics-releaser","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-people-metrics-releaser"}]}
x-content-type-options: nosniff
expires: Sat, 18 Apr 2026 01:24:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 01:24:06 GMT
last-modified: Tue, 30 Jul 2024 19:25:57 GMT
content-type: application/json
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-people-metrics-releaser
cache-control: public, max-age=86400
cross-origin-opener-policy: same-origin; report-to="ads-people-metrics-releaser"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 87370
x-xss-protection: 0
server: sffe

GET
H2 200 model_person_country_code_CA_person_region_code_5175656265635f4d6f6e747265616c.json Show response
www.googletagservices.com/agrp/prod/ Frame BD11 632 KB
0 413ms
413ms Fetch
application/json 142.250.72.2
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagservices.com/agrp/prod/model_person_country_code_CA_person_region_code_5175656265635f4d6f6e747265616c.json

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.72.2 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

den08s06-in-f2.1e100.net

Software

sffe /

Resource Hash

7dfb320f62f8e93b26f7760ed53ade019c720b1a267826a9672177c801223e5b

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-people-metrics-releaser
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.googleadservices.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

content-encoding: gzip
age: 11531
report-to: {"group":"ads-people-metrics-releaser","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-people-metrics-releaser"}]}
x-content-type-options: nosniff
expires: Sat, 18 Apr 2026 01:24:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 01:24:06 GMT
last-modified: Tue, 30 Jul 2024 19:25:57 GMT
content-type: application/json
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-people-metrics-releaser
cache-control: public, max-age=86400
cross-origin-opener-policy: same-origin; report-to="ads-people-metrics-releaser"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 87370
x-xss-protection: 0
server: sffe

POST
H3 200 report-shared-storage
www.googleadservices.com/.well-known/private-aggregation/ Frame 4997 0
0 49ms
46ms Fetch
text/html 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googleadservices.com/.well-known/private-aggregation/report-shared-storage

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0

Response headers

timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

POST
H3 200 report-shared-storage
www.googleadservices.com/.well-known/private-aggregation/ Frame 4997 0
0 51ms
50ms Fetch
text/html 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googleadservices.com/.well-known/private-aggregation/report-shared-storage

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0

Response headers

timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

POST
H3 200 report-shared-storage
www.googleadservices.com/.well-known/private-aggregation/ Frame 4997 0
0 48ms
46ms Fetch
text/html 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googleadservices.com/.well-known/private-aggregation/report-shared-storage

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0

Response headers

timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4997 0
0 49ms
49ms Fetch
image/gif 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAESDk9wZXJhdGlvbkVycm9yGpgBc2hhcmVkU3RvcmFnZS53b3JrbGV0LmFkZE1vZHVsZSBpcyBkaXNhYmxlZCBiZWNhdXNlIGVpdGhlciBzaGFyZWRTdG9yYWdlIGlzIGRpc2FibGVkIG9yIGJvdGggc2hhcmVkU3RvcmFnZS5zZWxlY3RVUkwgYW5kIHByaXZhdGVBZ2dyZWdhdGlvbiBhcmUgZGlzYWJsZWQ%3D

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.googleadservices.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H3 200 report-shared-storage
www.googleadservices.com/.well-known/private-aggregation/ Frame BD11 0
0 48ms
47ms Fetch
text/html 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googleadservices.com/.well-known/private-aggregation/report-shared-storage

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0

Response headers

timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

POST
H3 200 report-shared-storage
www.googleadservices.com/.well-known/private-aggregation/ Frame BD11 0
0 49ms
47ms Fetch
text/html 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googleadservices.com/.well-known/private-aggregation/report-shared-storage

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0

Response headers

timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

POST
H3 200 report-shared-storage
www.googleadservices.com/.well-known/private-aggregation/ Frame BD11 0
0 49ms
47ms Fetch
text/html 142.251.45.194
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googleadservices.com/.well-known/private-aggregation/report-shared-storage

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.45.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnlgaa-au-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
Content-Type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0

Response headers

timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD11 0
0 95ms
50ms Fetch
image/gif 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.googleadservices.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:16 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame AB28
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
307 B

68ms
67ms

Document
text/html

142.251.211.162
Google LLC

General

Check archive.org

Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.211.162 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Apr 2026 04:36:16 GMT
expires: Fri, 17 Apr 2026 04:36:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Apr 2026 04:36:16 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D102
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
145 B

89ms
69ms

Document
text/html

142.251.211.162
Google LLC

General

Check archive.org

Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
URL: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.211.162 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-as-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Apr 2026 04:36:16 GMT
expires: Fri, 17 Apr 2026 04:36:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Apr 2026 04:36:16 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4997 0
0 52ms
52ms Fetch
image/gif 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAIgATpTbW9kZWxfcGVyc29uX2NvdW50cnlfY29kZV9DQV9wZXJzb25fcmVnaW9uX2NvZGVfNTE3NTY1NjI2NTYzNWY0ZDZmNmU3NDcyNjU2MTZjLmpzb25IyAFSGkNOUE8tdW1IOUpNREZRaVVGd2Nkam93Y19RWiQIzBAQm50BGOyYPSCmhakEKEAwAjgBXQAAgD%2FqAQYIZBhkIGQ%3D

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.googleadservices.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:17 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD11 0
0 52ms
51ms Fetch
image/gif 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAIgATpTbW9kZWxfcGVyc29uX2NvdW50cnlfY29kZV9DQV9wZXJzb25fcmVnaW9uX2NvZGVfNTE3NTY1NjI2NTYzNWY0ZDZmNmU3NDcyNjU2MTZjLmpzb25IyAFSGkNKdUxfdW1IOUpNREZhS3pXZ1VkRFB3Y1hRWiQIzBAQm50BGOyYPSCmhakEKEAwAjgBXQAAgD%2FqAQYIZBhkIGQ%3D

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.googleadservices.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Fri, 17 Apr 2026 04:36:17 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 audins.js Show response
go.ezodn.com/detroitchicago/ 516 B
773 B 27ms
26ms Script
application/javascript 172.67.142.121
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://go.ezodn.com/detroitchicago/audins.js?cb=3
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.142.121 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bcf7993523efcd42f5599e1c210b6433e35a39de688c9e5ae90829741937df71

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

x-robots-tag: noindex, follow
content-encoding: br
cf-cache-status: HIT
age: 206707
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9zCVVWdB9pug35tXaaZYxS2Qym201dX1yaI0Dw3Aas41GaHGCcaaRZIp2B3SqMF45tkNvswpeVP3Zho%2B9VMejvHxp2uL%2Fj6OfUOL2Wk24K8QNCq5mD%2F1i4%2Bb5lWMqIA%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 17 Apr 2026 04:36:17 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 14 Apr 2026 19:11:10 GMT
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 9ed8ba595f4ce702-YYZ
accept-ranges: bytes
content-length: 275
server: cloudflare

GET
H2 200 quant.js Show response
secure.quantserve.com/ 33 KB
12 KB 106ms
29ms Script
application/javascript 192.184.68.228
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/detroitchicago/audins.js?cb=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.184.68.228 , United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
Software: /
Resource Hash: dab57fd1fa79022a4fc26533b9c0d5d2f59ae80d86a2a0d72ca53639b2f633c3

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: private, max-age=86400
content-encoding: gzip
etag: "ynV3urHYPJfGyLW/1QBWiQ=="
expires: Sat, 18 Apr 2026 04:36:17 GMT
accept-ranges: bytes
date: Fri, 17 Apr 2026 04:36:17 GMT
content-type: application/javascript
vary: Accept-Encoding

GET
H2 200 rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/ 160 B
632 B 348ms
23ms Script
application/javascript 3.168.122.105
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.168.122.105 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-3-168-122-105.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4718dd9f68e969d1cb5e1b6172206b7150ad1d8cd5c5c1fe5812dd0e1646d426

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

etag: "af15ecfe46737cb2a37226fd060f23a6"
age: 1035
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: E9Q3YbHNXUW43UzbT7S8u41emVamsSUMZCzx3GQJ_u5d2OGg3nhdfw==
date: Fri, 17 Apr 2026 04:19:03 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 14 Oct 2022 00:41:49 GMT
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
via: 1.1 a75abffd2aaa3fabfaa23d0bc3b0e77a.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 160
x-amz-cf-pop: JFK52-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2

200

cs Show response
pixel.quantserve.com/
Redirect Chain

https://pixel.quantserve.com/cs?a=p-31iz6hfFutd16&gdpr=0
https://pixel.quantserve.com/cs?a=p-31iz6hfFutd16&gdpr=0&__qcmcs=1

666 B
931 B

32ms
31ms

Fetch
application/json

192.184.68.228
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://pixel.quantserve.com/cs?a=p-31iz6hfFutd16&gdpr=0&__qcmcs=1
Protocol: H2
Server: 192.184.68.228 , United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
Software: /
Resource Hash: fc12e6190bdf56f5c79c412fd960933eb6f2fb5303c67b82563835c1c3f6a596

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

access-control-allow-origin: https://www.mediafire.com
content-length: 666
date: Fri, 17 Apr 2026 04:36:17 GMT
content-type: application/json
vary: Origin
access-control-allow-credentials: true

Redirect headers

strict-transport-security: max-age=86400
cache-control: private, no-store, proxy-revalidate
location: https://pixel.quantserve.com/cs?a=p-31iz6hfFutd16&gdpr=0&__qcmcs=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
content-length: 0
date: Fri, 17 Apr 2026 04:36:17 GMT
vary: Origin

GET
H2

200

sync
pippio.com/api/
Redirect Chain

https://idsync.rlcdn.com/380609.gif?gdpr=0&partner_uid=UVtX-AVaUfhKA1P6BFYf8FFXB_xKWwf8UFXs49PX
https://idsync.rlcdn.com/1000.gif?memo=CMGdFxIzCi8IARCfOBooVVZ0WC1BVmFVZmhLQTFQNkJGWWY4RkZYQl94S1d3ZjhVRlhzNDlQWBAAGg0IwfGGzwYSBQjoBxAAQgBKAA
https://pippio.com/api/sync?pid=5324&it=1&iv=819369a69c0c1e9b64d186defa75a85850fd699184d5bdc0f064c9bde41f8865791426b5417dce21&_=2

42 B
571 B

101ms
47ms

Image
image/gif

107.178.254.65
Google LLC

General

Check archive.org

Download Go to Show image

Full URL: https://pippio.com/api/sync?pid=5324&it=1&iv=819369a69c0c1e9b64d186defa75a85850fd699184d5bdc0f064c9bde41f8865791426b5417dce21&_=2
Protocol: H2
Server: 107.178.254.65 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 65.254.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

cache-control: no-cache, no-store
timing-allow-origin: *
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 42
date: Fri, 17 Apr 2026 04:36:18 GMT
content-type: image/gif

Redirect headers

cache-control: no-cache, no-store
timing-allow-origin: *
location: https://pippio.com/api/sync?pid=5324&it=1&iv=819369a69c0c1e9b64d186defa75a85850fd699184d5bdc0f064c9bde41f8865791426b5417dce21&_=2
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 0
date: Fri, 17 Apr 2026 04:36:17 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=5F2UybBcksn_BZDLsVDcweRRxM3_XcTN5VOcOwJX
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=5F2UybBcksn_BZDLsVDcweRRxM3_XcTN5VOcOwJX&C=1

43 B
329 B

49ms
47ms

Image
image/gif

104.18.26.193
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=5F2UybBcksn_BZDLsVDcweRRxM3_XcTN5VOcOwJX&C=1
Protocol: H2
Server: 104.18.26.193 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Referer: https://www.mediafire.com/

Response headers

cache-control: no-cache
nel: {"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=kUWPcEUSa0OKwOBEWoZXiP3hXSYa2fQBTFN7srT%2FH4W4sEmFUvmhe%2F%2FYev7tHfocynbB3400%2BQ2qu6MF1myd6agGO2oE3mp5xCsxLCDq2gYvthtN%2FfJAV%2FvaqIq0tfx8UWD8Ttr1hADk6g%3D%3D"}]}
cf-ray: 9ed8ba61fa88a257-YUL
expires: 0
alt-svc: h3=":443"; ma=86400
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Fri, 17 Apr 2026 04:36:18 GMT
content-type: image/gif
server: cloudflare

Redirect headers

cache-control: no-cache
location: /rum?cm_dsp_id=81&gdpr=0&external_user_id=5F2UybBcksn_BZDLsVDcweRRxM3_XcTN5VOcOwJX&C=1
cf-cache-status: DYNAMIC
pragma: no-cache
nel: {"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=MvW%2Ff9H7OfvwDOnNUWpAd%2FYjcqYGzBuSVW3Y2mSbiZacNlwsSE24ym0gKBt2dP2CvuBtMt%2B%2F6%2F%2BKhOVbOfr1K0ljHS8o0%2B7KFEURDcQ0BrfbnZyonRMgpDZ5Afm9UXz%2F%2BGZAvwyvyF4Zjg%3D%3D"}]}
cf-ray: 9ed8ba61aa11a257-YUL
expires: 0
alt-svc: h3=":443"; ma=86400
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Fri, 17 Apr 2026 04:36:18 GMT
server: cloudflare

GET Pug
image2.pubmatic.com/AdServer/ 0
0

GET
H/1.1 200
OK tap.php
pixel.rubiconproject.com/ 42 B
1 KB 1108ms
31ms Image
image/gif 216.19.192.2
Magnite

General

Check archive.org

Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4939&nid=1902&gdpr=0&put=Z0mPaTNIiWl8EYtrMkTHYWdF3218Sd9tZkculexa
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.19.192.2 , United States, ASN26667 (RUBICONPROJECT - Magnite, Inc., US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 70208151847bd142f2805940a4dd52d8
Pragma: no-cache
content-length: 42
Content-Type: image/gif

GET
H2 200 pixel
cm.g.doubleclick.net/ 170 B
409 B 116ms
45ms Image
image/png 142.251.40.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=&google_hm=C7WJ11eIVs0Ycscs5Iox1A

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 17 Apr 2026 04:36:17 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BEE0 42 B
65 B 50ms
49ms Fetch
image/gif 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssrEQE_8jnBBbMKrr52LUvo6EztxoTRAy9akeSmFCYl3UrbzVJR4_cWwRK9o_UnJW3fDU8M2C-6kPFP9YsSKDtgxaT6NmSYJOs5nOku2iQsNj1PmW_AueQkwTkZMcVfBkrb4RP-2Gx5vX0JEcPh6Fly5eFL-MwnSep32CmLPOG3Xh9pnuY&sig=Cg0ArKJSzKaIgNSXY94vEAE&id=lidar2&mcvt=1000&p=1108,36,1191,764&tm=1369.8000030517578&tu=369.7000045776367&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20260413&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=9&adk=1630800042&rs=4&la=0&cr=0&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0%3D&vs=4&r=v&co=7233337600&rst=1776400575075&rpt=1742&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 17 Apr 2026 04:36:17 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7FF9 42 B
65 B 49ms
49ms Fetch
image/gif 142.251.210.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssa82XWUWcPUNPGi5gOhaEA_P012wsAkt4W5itF9x00rY0C1I0hSNriJAdNd2h2LBN-Y3_6cvKKcK_n4Nec0e3UwJ2_Hf26zA_uLzJRpTxnIiTC_XwhO4bqD8Q6sYWgY_CYfm6IezkHpqaEnxk-PwDnkqRVH1-docYX6LSTT8jx8eWL0eU&sig=Cg0ArKJSzBOOHqn4MKy-EAE&id=lidar2&mcvt=1006&p=1108,784,1191,1512&tm=1335.6999969482422&tu=329.5&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20260413&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=9&adk=1277576459&rs=4&la=0&cr=0&uach=WyJMaW51eCIsIiIsIng4NiIsIiIsIjE0Ny4wLjc3MjcuNTUiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxNDcuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxNDcuMC4wLjAiXSxbIk5vdC1BLkJyYW5kIiwiMjQuMC4wLjAiXV0sMF0%3D&vs=4&r=v&co=7233337600&rst=1776400575185&rpt=1623&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.210.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lclgaa-ba-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 17 Apr 2026 04:36:17 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 pixel;r=1132371445;labels=Domain.mediafire_com%2CDomainId.484470;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile;ns=0;ce=1;qjs=1;qv=cb91e2be-20...
pixel.quantserve.com/ 35 B
159 B 31ms
30ms Image
image/gif 192.184.68.228
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1132371445;labels=Domain.mediafire_com%2CDomainId.484470;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile;ns=0;ce=1;qjs=1;qv=cb91e2be-20260407153927;ref=;dst=1;et=1776400578008;tzo=420;ogl=type.website%2Csite_name.MediaFire%2Clocale.en_US%2Curl.https%3A%2F%2Fwww%252Emediafire%252Ecom%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK%252Ezip%2Ffile%2Ctitle.PEAK%2Cimage.https%3A%2F%2Fstatic%252Emediafire%252Ecom%2Fimages%2Ffiletype%2Fdownload%2Fzip%252Ejpg%2Cdescription.;d=mediafire.com;uht=2;fpan=1;fpa=P1-1c8a072c-09f1-47a6-8044-fd8f70ef2b1b;pbc=;_ses=0630af59-1c79-4ed2-80da-66ae5c69b6e6;_seg=0;_ss=1;_gacid=2098053478.1776400571;_gasid=K68XP6D85D_1776400570;gdpr=0;mdl=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.184.68.228 , United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

strict-transport-security: max-age=86400
cache-control: private, no-store, proxy-revalidate
content-length: 35
date: Fri, 17 Apr 2026 04:36:18 GMT
content-type: image/gif

POST
H3 204 collect
analytics.google.com/g/ 0
0 49ms
48ms Fetch
text/plain 216.239.32.181
Google LLC

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je64f1v887485693za20gzb6304663zd6304663&_p=1776400569253&gcs=G111&gcd=13n3n3l3l5l1&npa=0&dma=0&tcfd=10000&_eu=AEIAAGQ&are=1&cid=2098053478.1776400571&frm=0&pscdl=noapi&rcb=5&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B147.0.0.0%7CGoogle%2520Chrome%3B147.0.0.0%7CNot-A.Brand%3B24.0.0.0&uam=&uamb=0&uap=Linux&uapv=&uaw=0&ul=en-ca&gaf=2&_s=3&tag_exp=0~115938465~115938468~117266400~118131810&sid=1776400570&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile&dt=PEAK&en=ad_impression&ep.query_id=CJuL_umH9JMDFaKzWgUdDPwcXQ&_et=88&tfd=11307
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&cx=c&gtm=4e64f1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:196:0
report-to: {"group":"ascnsrsggc:196:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:196:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.mediafire.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:196:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 17 Apr 2026 04:36:20 GMT
content-type: text/plain
server: Golfe2

POST
H3 200 log Show response
translate.googleapis.com/element/ 131 B
151 B 55ms
53ms Fetch
text/plain 142.250.65.234
Google LLC

General

Check archive.org

Download Go to

Full URL

https://translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_US.z0UCiweHGjo.O/am=AAAAAQ/d=1/exm=el_conf/ed=1/rs=AN8SPfoXKONoCKxgkf32Lw1Jl5DO3d0n-Q/m=el_main

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.234 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga25s73-in-f10.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua-platform: "Linux"
Referer: https://www.mediafire.com/
Content-Encoding: gzip
sec-ch-ua: "Chromium";v="147", "Google Chrome";v="147", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
Content-Type: application/binary
X-Goog-AuthUser: 0

Response headers

x-frame-options: SAMEORIGIN
content-encoding: gzip
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131
date: Fri, 17 Apr 2026 04:36:20 GMT
x-xss-protection: 0
content-type: text/plain; charset=UTF-8
server: Playlog
access-control-allow-headers: X-Playlog-Web

OPTIONS
H3 200 log
translate.googleapis.com/element/ Frame 0
0 109ms
44ms Preflight
text/plain 142.250.65.234
Google LLC

General

Check archive.org

Download Go to

Full URL

https://translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.234 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

lga25s73-in-f10.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-encoding,content-type,x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://www.mediafire.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,content-encoding,content-type,x-goog-authuser,origin
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 17 Apr 2026 04:36:20 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: id5-sync.com
URL: https://id5-sync.com/bounce

Domain: id5-sync.com
URL: https://id5-sync.com/gm/v3

Domain: id5-sync.com
URL: https://id5-sync.com/gm/v3

Domain: id5-sync.com
URL: https://id5-sync.com/g/v2/457.json

Domain: ups.analytics.yahoo.com
URL: https://ups.analytics.yahoo.com/ups/58934/cms

Domain: id5-sync.com
URL: https://id5-sync.com/gm/v3

Domain: id5-sync.com
URL: https://id5-sync.com/g/v2/457.json

Domain: go.ezodn.com
URL: https://go.ezodn.com/lcpm

Domain: www.google.com
URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRizxoQjeolS6y2-DsHd_YRZ55Pwsp_ICQ0XkbzcXlzmOjRpFAssEsofhtL8Q_IejuX28AvrBdxPEbd2oyeNlBRdxWAWQ

Domain: www.google.com
URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQPjGyKCub5EJzruB1tVA4GZyEVFe9mKfHALsz-E-zKu2rM21KV7h8-whC5bzmpwAXUMvzZmDMUGhb7hdibNT5iOCPhBg

Domain: cs-ob.yellowblue.io
URL: https://cs-ob.yellowblue.io/sync-pixel?google_gid=CAESEE71WCOy67M4h8xAQuU3_w0&google_cver=1&google_push=AXcoOmSzc8Ig5C0_UAY5hfrLySV6HnyaJxHw3O7ZxPjs1vYI7pPor1U9cOUWpFM9L0F9ZwljI0-xOCDXxQ7gnPkfOIzE-Xe0pLr7-Q

Domain: image2.pubmatic.com
URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=VYxZcgGNX3JO1F1wAIERelWACXZOjAl2VIK-OShb

Verdicts & Comments Add Verdict or Comment

474 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

124 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip	1969-12-31 23:59:59	Name: g36FastPopSessionRequestNumber Value: 1
www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip	1970-01-21 22:12:16	Name: ezux_lpl_484470 Value: 1776400572483\|29a2e0a2-3957-4bf6-8185-b6e813811d8a\|true
.mediafire.com/	1970-01-21 23:02:40	Name: ukey Value: qw21ue6w1f5f8kc383j0sai927u5zciv
.mediafire.com/	1970-01-21 13:30:59	Name: ky4v Value: 1
.mediafire.com/	1970-01-21 14:09:52	Name: conv_tracking_data-2 Value: %7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22linux%5C%2FChrome%22%2C%22mf_campaign%22%3A%22kyink5vgb4rtnsf%22%2C%22mf_term%22%3A%223e7e674e136a270d2cdb9a79a2bc17ad%22%7D
www.mediafire.com/	1970-01-21 13:36:45	Name: chkout_src Value: eyJ0ZW1wbGF0ZUlkIjoiNTkiLCJydWxlSWQiOiIxMTkifQ%3D%3D
.mediafire.com/	1970-01-21 22:12:16	Name: amp_28916b Value: UydE-4V9LdRorAcPXtkkoc...1jmcrj52i.1jmcrj52k.0.1.1
econventa.com/	1969-12-31 23:59:59	Name: IKSR Value: %7B%7D
econventa.com/	1969-12-31 23:59:59	Name: INF_DFL8 Value: false
econventa.com/	1970-01-21 23:02:40	Name: IUID Value: 783b4683-51b6-42cd-89a0-3191da481445
econventa.com/	1969-12-31 23:59:59	Name: ISSH Value: 82BDD4
econventa.com/	1969-12-31 23:59:59	Name: VMI Value:
econventa.com/	1970-01-21 23:02:40	Name: IPLH Value: %23%7B%7D
econventa.com/	1970-01-21 23:02:40	Name: IPLH_Q Value: %23%5B%5D
econventa.com/	1970-01-21 23:02:40	Name: CHN Value: %23%5B%5D
econventa.com/	1970-01-21 23:02:40	Name: MSSH Value: %23%7B%7D
econventa.com/	1970-01-21 23:02:40	Name: MSRH Value: %23%7B%7D
econventa.com/	1970-01-21 23:02:40	Name: IPMPLU Value: %2301%2F01%2F0001%2000%3A00%3A00
econventa.com/	1970-01-21 23:02:40	Name: IPMUID Value: %23
econventa.com/	1970-01-21 23:02:40	Name: BSWUID Value: %23
econventa.com/	1970-01-21 23:02:40	Name: IBL Value: %23%5B%5D
econventa.com/	1970-01-21 23:02:40	Name: IOPT Value: %23%5B%5D
econventa.com/	1970-01-21 23:02:40	Name: IPLSH Value: %23%7B%7D
econventa.com/	1970-01-21 23:02:40	Name: IPLSH_Q Value: %23%5B%5D
econventa.com/	1970-01-21 23:02:40	Name: IZH Value: %23%7B%7D
econventa.com/	1970-01-21 23:02:40	Name: IZH_Q Value: %23%5B%5D
econventa.com/	1970-01-21 23:02:40	Name: IMCH Value: %23%7B%7D
econventa.com/	1970-01-21 23:02:40	Name: IMCH_Q Value: %23%5B%5D
econventa.com/	1970-01-21 23:02:40	Name: IMH Value: %23%7B%7D
econventa.com/	1970-01-21 23:02:40	Name: IMH_Q Value: %23%5B%5D
econventa.com/	1970-01-21 23:02:40	Name: ISH Value: %23%7B%22101%22%3A%5B%7B%22SId%22%3A%2282BDD4%22%2C%22D%22%3A%2226%2F4%2F17T4%3A36%3A9%22%7D%5D%7D
econventa.com/	1970-01-21 23:02:40	Name: ISH_Q Value: %23%5B101%5D
econventa.com/	1970-01-21 23:02:40	Name: ISPH Value: %23%7B%7D
econventa.com/	1970-01-21 23:02:40	Name: ISPH_Q Value: %23%5B%5D
econventa.com/	1970-01-21 23:02:40	Name: ICH Value: %23%7B%7D
econventa.com/	1970-01-21 23:02:40	Name: ICH_Q Value: %23%5B%5D
.mediafire.com/	1970-01-21 22:12:16	Name: cf_clearance Value: 0NOQkWiyMCSpcMPfC5cYrfcB5MFP1TZEWawkjD7zKRA-1776400569-1.2.1.1-VkELB8At8UcCQ5c4RXkhkYWH2tPUAUORkzZEfbrPNA_hj2fkgsInoBik4KFynYqoov.IkEnxNk1nqwWL9isHp0aWDd96A_4xqtOTeKKyMZAaBJTXGNGRDjOQEP3w3qLsaPP7cbjBTgt52iPjQLJNfYURmiS57TKkDFg.mwLhHmXz5hnxAeNKr.Q1svASXqivMx7P1nbgsjn00tAwJV1ejdP.BwOtviTrOdoMiam3S8dcYUrdzecRUzwCuRiLKSCorCzhNCLNblyBasvGhXSq9rijc7Kt5OInp3OvJit9ie7wYlNKRxm93Gn6vpF0kyPOGiqAnD.xXmf3TgawI17tMg
.mediafire.com/	1970-01-21 13:26:42	Name: __cf_bm Value: HU5Ne8BVtHgW8ihK9X3rAWKFZZZAHaCS0QfaRhAyaUk-1776400569.6285777-1.0.1.1-NzAeGVh7.E8O1wAhZI_6qc96bKI.4_qD2XdLtKwVmC7aD_xd3Zd6b.FTQW2Es.SG10fIPLkpUvmkKSZbIXR3mHim6pw1xkRWokltu_QeK7BdPLhWnfL1fYhsoSMDU2Mc
.mediafire.com/	1970-01-21 13:26:41	Name: ezfs_484470 Value: 2405659105
.mediafire.com/	1970-01-21 13:26:47	Name: ezoab_484470 Value: mod1
.mediafire.com/	1970-01-21 13:29:33	Name: ezovuuidtime_484470 Value: 1776400569
.mediafire.com/	1970-01-21 13:26:42	Name: lp_484470 Value: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file
.mediafire.com/	1970-01-21 13:26:42	Name: ezovuuid_484470 Value: 9e5f7b26-32dd-4db1-706e-43a8de21a9b1
.mediafire.com/	1970-01-21 13:26:42	Name: ezoref_484470 Value:
www.mediafire.com/	1970-01-21 13:29:33	Name: ezstandaloneuser Value: true
www.mediafire.com/	1970-01-21 23:02:40	Name: ezds Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
www.mediafire.com/	1970-01-21 23:02:40	Name: ezohw Value: w%3D1600%2Ch%3D1200
.mediafire.com/	1970-01-21 13:28:06	Name: _gid Value: GA1.2.1593668907.1776400571
.mediafire.com/	1970-01-21 13:26:40	Name: _gat_gtag_UA_829541_1 Value: 1
.ezoic.net/	1970-01-21 22:12:16	Name: ezoid Value: 395692cc-fecc-45d0-6cfb-a7cc2f3db5bc
.mediafire.com/	1970-01-21 23:02:40	Name: _ga Value: GA1.1.2098053478.1776400571
.mediafire.com/	1970-01-21 13:26:47	Name: ezorab_484470 Value: rmod1
.mediafire.com/	1970-01-21 22:12:16	Name: ezoid Value: 395692cc-fecc-45d0-6cfb-a7cc2f3db5bc
.mediafire.com/	1970-01-21 13:29:33	Name: active_template::484470 Value: pub_site.1776400570
.mediafire.com/	1970-01-21 13:26:42	Name: ezopvc_484470 Value: 2
.mediafire.com/	1970-01-21 22:12:16	Name: _sharedid Value: 7ec16c97-3014-4dc1-960c-4f384b639462
.mediafire.com/	1970-01-21 22:12:16	Name: _sharedid_cst Value: SBp4Zg%3D%3D
www.mediafire.com/	1970-01-21 13:26:44	Name: _lr_retry_request Value: true
www.mediafire.com/	1970-01-21 14:09:52	Name: _lr_env_src_ats Value: false
www.mediafire.com/	1970-01-21 19:55:28	Name: ezppid_ck Value: 3f960e14b55cea36b2a75a36172785c8
.adsrvr.org/	1970-01-21 22:12:16	Name: TDID Value: 326187df-6ff0-40d7-9fac-35fab8801dae
.crwdcntrl.net/	1970-01-21 19:55:26	Name: _cc_dc Value: 0
.crwdcntrl.net/	1970-01-21 19:55:26	Name: _cc_id Value: fcc482a63a37146f7ce186f6149f4e92
.crwdcntrl.net/	1970-01-21 19:55:28	Name: _cc_cc Value: "ACZ4nGNQSEtONrEwSjQzTjQ2NzQxSzNPTjW0MEszMzSxTDNJtTRiAILMhzt2MyAAAGHBC4A%3D"
.crwdcntrl.net/	1970-01-21 19:55:28	Name: _cc_aud Value: "ABR4nGNgYGDIfLhjNwMcAAAh5gK%2B"
.id5-sync.com/	1970-01-21 15:36:16	Name: id5 Value: 66954c16-d69f-7595-89cb-6c3200564030#1776400571722#1
.criteo.com/	1970-01-21 22:48:16	Name: uid Value: 9ff1417a-580b-4448-a80a-5d708162b474
www.mediafire.com/	1970-01-21 14:53:04	Name: pbjs-unifiedid Value: %7B%22TDID%22%3A%22326187df-6ff0-40d7-9fac-35fab8801dae%22%2C%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222026-04-17T04%3A36%3A11%22%7D
www.mediafire.com/	1970-01-21 14:53:04	Name: pbjs-unifiedid_cst Value: SBp4Zg%3D%3D
.ads.bidsystem.ai/	1970-01-21 13:46:50	Name: BSID Value: FCQvtdzAzV_iNn1NRwzwc
.mediafire.com/	1970-01-21 13:28:06	Name: panoramaId_expiry Value: 1776486971658
.mediafire.com/	1970-01-21 19:55:28	Name: _cc_id Value: fcc482a63a37146f7ce186f6149f4e92
.flashtalking.com/	1970-01-21 22:12:16	Name: _D9J Value: a1583dffcb074ff388de7c8f41c962cd
.mediafire.com/	1970-01-21 22:48:16	Name: __gads Value: ID=c25be0f0e2e669f1:T=1776400572:RT=1776400572:S=ALNI_Mb3DLf7RzaJ2uANsEim2JXjyZIEcQ
.mediafire.com/	1970-01-21 22:48:16	Name: __gpi Value: UID=00001360ece2b37b:T=1776400572:RT=1776400572:S=ALNI_MZSy9rghxmUUxmKYBNg45TSzMBQhQ
.mediafire.com/	1970-01-21 17:45:52	Name: __eoi Value: ID=181980d16574115e:T=1776400572:RT=1776400572:S=AA-AfjYiGDD-zdlWjvvAR4Q5moVA
.openx.net/	1970-01-21 22:12:16	Name: i Value: 47d55589-2893-48ef-8bb8-285c18d2a008\|1776400572
.openx.net/	1970-01-21 13:48:16	Name: pd Value: v2\|1776400572\|gyvMkWxhhE
.doubleclick.net/	1970-01-21 23:02:40	Name: IDE Value: AHWqTUnBLHvwGb5gFL1m-B78A3OjimcP8AcEaOCumt24-hoeJ5yb3aZnLxZW-6M4zEc
.adsrvr.org/	1970-01-21 22:12:16	Name: TDCPM Value: IAEoAg..
.mediafire.com/	1970-01-21 22:12:16	Name: connectId Value: %7B%22ttl%22%3A86400000%2C%22lastUsed%22%3A1776400573463%2C%22lastSynced%22%3A1776400572361%7D
.criteo.com/	1970-01-21 22:48:16	Name: cto_bundle Value: JtpCK196c2FuSGZWczBoMHAxVVRQRDdLMzglMkJydjZnektLSXVvZkNrb2RDM0lxVldWJTJGcGVHYUF6ZlhwZHVnWHZmVkpncXlNU09ZNGQlMkJaNUtOZHVVTkV0MUYzN1V6NWZRajFKWTN1dklvJTJGTkRzSjNzc0pCY3VGeDhrU0FtcFFQclp5dXBDbXFPTXoxNjlaZiUyRkRoVldHTSUyQngxNWclM0QlM0Q
www.mediafire.com/	1970-01-21 22:12:16	Name: _tfpvi Value: YjdkNmQ5NTAtZjkxMS00OGZkLWJjYjEtZTRjNThjMWIxMWQwIy0xLTQ%3D
.mediafire.com/	1970-01-21 22:47:51	Name: cto_bundle Value: mkynSF9Yb2FYdmolMkZPVUpvV2ZlMkNJODZMdlZpbjhGbFhkV3VQZ2FhOFd1QUhWMXF6SjZwJTJCNUpET0gyTEFrdldqNVM1b080Vk5ocSUyQnlIMkFOREZmZ3M1TnVKbmJXZkVKVk56eThGOGdBTzJpM0wzS2hqWFcwd0tpcmt1WXhSTWFjRklvM21SU1lkZlJVQ2hLdW5DYmN4UGVqZmclM0QlM0Q
.mediafire.com/	1970-01-21 22:47:51	Name: cto_bidid Value: 3KjN719zUGhsRU5ZSlVGSHptNUc4d1JyR1ZMSE8xUkpiNFJubzVTdW1zUTJHcXZPN09McThRYlBYdkc1bmhqbXRxTWlsZVF6U0FJd2hDeTNtOTJ1QmhwcE42ZFBNNDZsNDd4NjF1czZFVCUyRlRrdG5jJTNE
.turn.com/	1970-01-21 17:45:52	Name: uid Value: 7830989017535051250
.mediafire.com/	1970-01-21 23:02:40	Name: _ga_K68XP6D85D Value: GS2.1.s1776400570$o1$g0$t1776400575$j60$l0$h0
.2trk.info/	1970-01-21 14:53:04	Name: 65362_viewnew Value: date%3D04%2F17%2F2026+04%3A36%3A16%26subid%3Dbid_%7ECM.65362%7ESZ.140%7EBt.nat%7ETS.pdx%7Edv.3%7EST.25%7EBI.110886972959%7EDI.0_NAT%26size%3D4819%26campaignid%3D65362%26impressionid%3D177640057648315229316456705784024032161843%26bidid%3DWb80bjYK3JAlqRhcDQsXQA%26bs%3D674a4759-5434-4868-859a-b3c19edd02ec%26gid%3DCAESEOZyc5tmuET4Wjt1E803eyo%26ex%3Dpdx%26refURL%3Dmediafire.com
.2trk.info/	1970-01-21 14:53:04	Name: _pre\|65362 Value: 65362%7C0%7C177640057648315229316456705784024032161843%7Cc49eab25-263d-41e3-add1-88b2d7c7a193%7C4819%7C674a4759-5434-4868-859a-b3c19edd02ec%7Chttps%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile%7Cbid_%7ECM.65362%7ESZ.140%7EBt.nat%7ETS.pdx%7Edv.3%7EST.25%7EBI.110886972959%7EDI.0_NAT%7C0%7C20260417+04%3A36%3A16
.2trk.info/	1970-01-21 15:36:16	Name: fingerprint Value: cokdate%3D04%2F17%2F2026+04%3A36%3A16%26userid%3D76926445-6dd1-4a15-9a42-42b73c061607%26rank%3D100%26icrank%3D1000%26icount%3D1%26ccount%3D0%26csranka%3D0%26csrankb%3D0%26vsranka%3D0%26vsrankb%3D0%26ip%3D86.106.90.214%26p%3D%26ty%3D0
.2trk.info/	1970-01-21 14:53:04	Name: 66325_viewnew Value: date%3D04%2F17%2F2026+04%3A36%3A16%26subid%3Dbid_%7ECM.66325%7ESZ.140%7EBt.nat%7ETS.pdx%7Edv.3%7EST.25%7EBI.110886972959%7EDI.549644393848595698_NAT%26size%3D5383%26campaignid%3D66325%26impressionid%3D177640057650730708407483952078495711507300%26bidid%3DvEMBkxBwOt5-lV9saw_XyQ%26bs%3D932b7ddf-626f-4a58-887c-7dc1c35e2baf%26gid%3DCAESEOZyc5tmuET4Wjt1E803eyo%26ex%3Dpdx%26refURL%3Dmediafire.com
.2trk.info/	1970-01-21 14:53:04	Name: _pre\|66325 Value: 66325%7C0%7C177640057650730708407483952078495711507300%7C76926445-6dd1-4a15-9a42-42b73c061607%7C5383%7C932b7ddf-626f-4a58-887c-7dc1c35e2baf%7Chttps%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkyink5vgb4rtnsf%2FPEAK.zip%2Ffile%7Cbid_%7ECM.66325%7ESZ.140%7EBt.nat%7ETS.pdx%7Edv.3%7EST.25%7EBI.110886972959%7EDI.549644393848595698_NAT%7C0%7C20260417+04%3A36%3A16
.seedtag.com/	1970-01-21 22:05:04	Name: st_uid Value: 019d99b9-b0c3-7604-b1fa-159be8e222d2
.seedtag.com/	1969-12-31 23:59:59	Name: st_usi Value: 1
.dotomi.com/	1970-01-21 13:26:40	Name: DotomiTest Value: 6532133766161175182
.tribalfusion.com/	1970-01-21 15:36:16	Name: ANON_ID Value: aHnoeUolXVyQuWxdKZcRa7HUqhSUGLPoTgfYkGFMx
.creativecdn.com/	1970-01-21 22:12:16	Name: g Value: I1LfwDuO1F55OVvR2eEl_1776400576902
.creativecdn.com/	1970-01-21 22:12:16	Name: ts Value: 1776400576
.doubleclick.net/	1970-01-21 13:26:44	Name: DSID Value: NO_DATA
.3lift.com/	1970-01-21 15:36:16	Name: tluid Value: 2729585991425043947477
.quantserve.com/	1970-01-21 22:56:54	Name: mc Value: 69e1b8c1-aa3c4-96555-95577
.quantserve.com/	1970-01-21 15:36:16	Name: sp Value: CggIng0SAxD6EQoICNllEgMQ-hEKCQjRpgISAxD6EQoJCIX_AhIDEPoRCggIiQ0SAxD6EQ==
.lijit.com/	1970-01-21 22:12:16	Name: ljt_reader Value: Mg7UAGZHR_zjofCvTcGebDxA
.tremorhub.com/	1970-01-21 22:12:37	Name: tvid Value: dd5d083caf114c97a6c7ca4e0603efeb
.tremorhub.com/	1970-01-21 23:02:40	Name: tv_UIDF Value: CAESEDOvaB4HbIBTsUcAFcwQ-to
.tremorhub.com/	1970-01-21 13:33:52	Name: tvssa Value: 1776400577761
.advolve.io/	1970-01-21 22:12:16	Name: x Value: 69e1b8c1036ece8017af66a4
.moloco.com/	1970-01-21 22:12:16	Name: mlcwc Value: eyJ2ZXJzaW9uIjoxLCJwYXlsb2FkIjoiYStCNjNCMU9tLzEyMXFZTlNRWWtQdFUxbnpoMlN3blZOYzlmMWI0N1FEUFFtdmcyUG95eSs3Wm01MlkwZDZ6U3lOL2VGRVBnZXFVSk13dExWQ3E0dmZTays4N1oycUlPYkJnWU9MRi9LV2Jqcm1xNVZpMFREbzdudE96WWhwdXFZVXVML0Q1bjVhcFRxT2hod29iUXNRckJsRGlUTkZRVXhjRGF6TC9kU0ZkL2cyQ2RZN3BIc1pjOE1ZTjV6QUhHOEFuU3U2aTFHZmFVZm5TcmJYOHEzKzJObS9rRWdObFBaWGlLZ0d0TG1BZndDMjQxSUM0eW5adDZCeWdWa3ZrPSIsIm5vbmNlIjoieUpEOTdBODFacGNXclFIayJ9
.ipredictive.com/	1970-01-21 22:12:16	Name: cu Value: ad5ddf21-e339-4195-9cf3-925846a44eb7\|1776400577804
.rlcdn.com/	1970-01-21 22:12:16	Name: rlas3 Value: j8yBvz8hQhcek16rRHcFAMASOxlUr3VqfBZ8lRLauys=
.rlcdn.com/	1970-01-21 14:53:04	Name: pxrc Value: CMHxhs8GEgUI6AcQABIFCOhHEAA=
.mediafire.com/	1970-01-21 22:51:09	Name: __qca Value: P1-1c8a072c-09f1-47a6-8044-fd8f70ef2b1b
.pippio.com/	1970-01-21 22:12:16	Name: did Value: j-K2EDmVJ_T2dszr
.pippio.com/	1970-01-21 22:12:16	Name: didts Value: 1776400578
.pippio.com/	1970-01-21 14:53:04	Name: nnls Value:
.pippio.com/	1970-01-21 14:53:04	Name: pxrc Value: CAA=
.casalemedia.com/	1970-01-21 22:12:16	Name: CMID Value: aeG4wtHM6twAAEI9AA0JtgAA
.casalemedia.com/	1970-01-21 15:36:16	Name: CMPS Value: 3858
.casalemedia.com/	1970-01-21 15:36:16	Name: CMPRO Value: 3858
.rubiconproject.com/	1970-01-21 22:12:16	Name: audit_p Value: 1\|7pcGp0gNSu0R3ACTvcgCpXR6QCxtENrP88IwbR+kvN/52XwX10nsy9FaGoyoN/Tc8HS0CWx0VdYwHTRO1/p4iG9AY35C/l4TO/7QE9uWA86+oAf4tkqh239lur18jQptbkYJsTJ3rVZzlDm6wj570I8+WFd8eCxcPsFTcK0CaY4Yv/wVjRY6WLwMQHOVPKMq3OlDu/ORdD8=
.rubiconproject.com/	1970-01-21 22:12:16	Name: khaos Value: MO2F1EZO-22-26IW
.rubiconproject.com/	1970-01-21 22:12:16	Name: khaos_p Value: MO2F1EZO-22-26IW
.rubiconproject.com/	1970-01-21 22:12:16	Name: audit Value: 1\|7pcGp0gNSu0R3ACTvcgCpXR6QCxtENrP88IwbR+kvN/52XwX10nsy9FaGoyoN/Tc8HS0CWx0VdYwHTRO1/p4iG9AY35C/l4TO/7QE9uWA86+oAf4tkqh239lur18jQptbkYJsTJ3rVZzlDm6wj570I8+WFd8eCxcPsFTcK0CaY4Yv/wVjRY6WLwMQHOVPKMq3OlDu/ORdD8=
.rubiconproject.com/	1970-01-21 15:36:16	Name: receive-cookie-deprecation Value: 1

19 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file(Line 1405) Message: document.domain mutation is ignored because the surrounding agent cluster is origin-keyed.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.
network	error	URL: https://www.mediafiredls.com/onclick/0 Message: Failed to load resource: the server responded with a status of 404 ()
rendering	warning	URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file Message: [GroupMarkerNotSet(crbug.com/242999)!:2C742621C0A0]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
javascript	error	URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file Message: Access to fetch at 'https://id5-sync.com/bounce' from origin 'https://www.mediafire.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://id5-sync.com/bounce Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file Message: Access to XMLHttpRequest at 'https://id5-sync.com/gm/v3' from origin 'https://www.mediafire.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://id5-sync.com/gm/v3 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file Message: Access to XMLHttpRequest at 'https://id5-sync.com/gm/v3' from origin 'https://www.mediafire.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://id5-sync.com/gm/v3 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file Message: Access to fetch at 'https://id5-sync.com/g/v2/457.json' from origin 'https://www.mediafire.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://id5-sync.com/g/v2/457.json Message: Failed to load resource: net::ERR_FAILED
rendering	warning	URL: https://ep2.adtrafficquality.google/sodar/sodar2/254/runner.html Message: [GroupMarkerNotSet(crbug.com/242999)!:2C74211D40A0]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
javascript	error	URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file Message: Access to XMLHttpRequest at 'https://id5-sync.com/gm/v3' from origin 'https://www.mediafire.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://id5-sync.com/gm/v3 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.mediafire.com/file/kyink5vgb4rtnsf/PEAK.zip/file Message: Access to fetch at 'https://id5-sync.com/g/v2/457.json' from origin 'https://www.mediafire.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://id5-sync.com/g/v2/457.json Message: Failed to load resource: net::ERR_FAILED
other	error	URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html Message: Attestation check for Shared Storage on https://www.googleadservices.com failed.
other	error	URL: https://www.googleadservices.com/pagead/managed/js/activeview/current/reach_worklet.html Message: Attestation check for Shared Storage on https://www.googleadservices.com failed.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

17944659ab4141c12b4301d119e9db8e.safeframe.googlesyndication.com
a.tribalfusion.com
ab.dns-finder.com
ad-delivery.net
ad.doubleclick.net
ad.turn.com
ads.bidsystem.ai
analytics.google.com
api.amplitude.com
api.btloader.com
api.rlcdn.com
at.teads.tv
b.applovin.com
ban.2trk.info
bb.lijit.com
btloader.com
carbon-cdn.ccgateway.net
cdn.amplitude.com
cdn.econventa.com
cdn.id5-sync.com
cdn.jsdelivr.net
cm-mx.advolve.io
cm.g.doubleclick.net
cmp.gatekeeperconsent.com
connectid.analytics.yahoo.com
creativecdn.com
cs-ob.yellowblue.io
d-code.liadm.com
d9.flashtalking.com
dclk-match.dotomi.com
dsum-sec.casalemedia.com
eb2.3lift.com
econventa.com
ep1.adtrafficquality.google
ep2.adtrafficquality.google
esp.rtbhouse.com
fonts.googleapis.com
fonts.gstatic.com
g.ezoic.net
go.ezodn.com
google-bidout-d.openx.net
google.partners.tremorhub.com
googleads.g.doubleclick.net
gum.criteo.com
id.a-mx.com
id.crwdcntrl.net
id.hadron.ad.gt
id5-sync.com
idsync.rlcdn.com
image2.pubmatic.com
image6.pubmatic.com
invstatic101.creativecdn.com
lb.eu-1-id5-sync.com
lbs.eu-1-id5-sync.com
lexicon.33across.com
link.rubiconproject.com
match.adsrvr.org
oa.openxcdn.net
oajs.openx.net
pagead2.googlesyndication.com
pippio.com
pixel.quantserve.com
pixel.rubiconproject.com
pixelfnt-us.dsp-api.moloco.com
privacy-location-edge.ccgateway.net
privacy.gatekeeperconsent.com
rules.quantcount.com
s.seedtag.com
s.tribalfusion.com
secure.quantserve.com
securepubads.g.doubleclick.net
static.cloudflareinsights.com
static.criteo.net
static.mediafire.com
static.xx.fbcdn.net
stats.g.doubleclick.net
sync.1rx.io
sync.ipredictive.com
tags.crwdcntrl.net
the.gatekeeperconsent.com
tpc.googlesyndication.com
translate.google.com
translate.googleapis.com
ups.analytics.yahoo.com
us-u.openx.net
www.ezojs.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.mediafire.com
www.mediafiredls.com
cs-ob.yellowblue.io
go.ezodn.com
id5-sync.com
image2.pubmatic.com
ups.analytics.yahoo.com
www.google.com
104.16.174.226
104.16.55.62
104.16.79.73
104.17.148.83
104.18.26.193
104.20.20.189
104.20.35.150
104.20.47.80
104.21.3.76
104.21.42.32
104.26.3.173
104.26.8.66
107.178.254.65
108.138.128.120
108.138.128.28
108.139.29.53
108.139.47.34
130.211.23.194
135.125.170.28
142.250.217.10
142.250.217.14
142.250.65.227
142.250.65.234
142.250.65.65
142.250.65.66
142.250.68.195
142.250.72.2
142.251.154.119
142.251.210.34
142.251.210.40
142.251.211.162
142.251.211.163
142.251.211.166
142.251.211.206
142.251.211.97
142.251.40.225
142.251.40.226
142.251.45.194
151.101.130.132
157.240.241.35
159.127.42.108
169.150.236.100
172.233.235.52
172.253.63.154
172.64.150.63
172.66.169.55
172.66.171.133
172.67.142.121
172.67.170.144
172.67.199.186
172.67.68.154
185.184.8.90
192.184.68.228
207.65.37.181
216.19.192.2
216.239.32.181
23.208.69.135
3.168.122.105
3.210.120.90
3.227.87.136
3.235.212.84
3.237.175.195
3.33.220.150
3.95.142.2
34.102.146.192
34.107.165.188
34.111.130.7
34.120.107.143
34.36.200.111
34.96.70.87
35.169.25.20
35.169.74.153
35.190.39.111
35.241.1.16
35.244.154.8
35.244.159.8
37.19.206.161
52.10.154.206
52.223.40.198
52.91.215.149
54.85.8.229
57.129.32.46
57.129.88.52
57.144.180.128
69.147.82.61
69.194.240.13
69.194.242.12
74.119.117.47
74.119.117.62
00cd519defdbc1ddeba378c2b76b4b626bce37f66fbf6ffce2f088a08efa21c3
027724609ee248cb8dac952e11a51cdff1019a63d54f71e40637dce834ebe4f2
03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599
058be5abe1f1de434034ee2f88ed2482a5ee9490b1703055ae7097874dc3e5f3
05930a798346ebdc2931fd2e7afa6998ba369946985e1660457ec6b02994d351
05a6bedcc63ee571fed9a78648e97368908c867c9a9b54d31d1c19e87a454b3e
06c87cfc79d31896761b14ed789b3f747f1b885dac0ed193c16fb8d1d305083d
07a54e49f65745ec3e0c0bfec9c0005b787370f8f65476b8da936e14d9ceaaa1
0a13b620c6de4af3574cc21559502317bdfac82fbecb8e4d6bc69ce355dd853d
0a9da3cf7efd1a7499a1c888d44ab103ca6c92a9ab354e17e146384b39cead50
0b6e77dfd0df0191698aa60ddcb2395de47b55a812e8fdd909c0e56086e98272
0b887160fe14be4d99e139f8b766e0dd9135dfc9dd381682aea27ee4c989f14c
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c568b62c2853b008f121c7d878e555ad9ad6d23b5388dbd4651abbc2e6d40bf
0c73896bac441c0a9de3806fa771873b5623cf1176f145c0bf0c96e0b1f19810
0dcae222606cf25659d185a62f2fcd41caf42f6dd3d9dda50eda1f281e304065
0ecbd1374ebd05d9733e3230e6ccaefadbfd8907cd151221d8af6fdf881b4e09
0f9111dbdf3922713a51efe5a1c850a1fc992e94e2bbfa0167423d3c7bfc7d3f
10dd80a3759d44c207e398dda5ee8fb727dc73afa7b80f9d586229bce364cc6d
136b3dfa7c254f92a9a3513c191c87c05f7c7ff7f82c6d648a33496c3c380593
1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18120a6bee05cd823d5f4ab0c52006863a059a5d6c535c790a31bdd2ee8c45e7
182cfbccaaf2caa5d9af0f7b37ef6197cec542af2f0c4813f604b80fd1fec297
18a048cb77aaf051be401dd5e8e94a763d3372636b42ba6035ee7f306c7cabcb
1b7c4edd444f73d828aacb88e0f35efd212c8378d07e5ff848d699adf68ba550
1c6ba1010c2cc88c59de9e9584728da124770fa399643ffc1beffcec54b84be7
20467529973311fe76ff914096e9acefc5d108f1c65997f52940e667403c0a3b
23553ef4163ba46def93b72c41faff5ec11ebc433ea5097693d1610c95746053
23c976fe6fc4d5f7859006ed56ac9856eee4d87905492b860e7fb502beea666f
24434236112e2c40b190268b75b5a499d50fa6a4cd93664b9ec82f7852865ebf
2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
26c3c701626ccdf73fb245abb8129d074266393359113e6e51b806181a69a5de
2aa6b3da3e42ba6fd0d93d12eca57d727f6ebe2c79b7d640fdc71b6b1bb861f2
2c2f674aed7fb892dee235de0b6c230986bb0acc3a19ffee15f67d136e100eea
2dea6190c113af617923c6b71f7f10ffbdf72074556f79963610254fe40e49be
2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f
2feb65a69a2bc9f2f95fe88598da7ebcb50a20328709596b01bba5866e38bdf8
30be558393bd8b0585c806a6eaed6d6f5b51d1ca63c0113061dfe35eaa128ce3
30f1570e0bca7ac216d47126b186e268719195f4967fb017d8cae01004a07c03
33afa4777aa10ac0d220f7cd120ab9169a5193004c4401297de5b4d9fa2c9224
345dbaad5cd394bb195e79a7d835ee2af91c02c76413d974f2e7fd3b9fcbfe39
36ce068a4107077cee7072231c246281cd2a208444ed215337b5c3f4ec1b9a3e
3a9f306824d6e118cf7248a9331b18520750b67af9096c6cb7b026651b419d3b
3db1df8e9763f3440dc8595e7b4c99ae4b2dbab0dbf1624f2da5800a5e62026e
3f124cdc02a40817853db0a92e2dd20e0d4342c9b3532edb34429a78a2bbac54
3f60cc3cd83ee800209fd4d2a31b8bb8d0425d5e3e20b64fc47b14e1e7f4b7ab
4342feac38021c4fe3069eba0edf1c2e1b4345e2b548b0afb7ab21b7369b3bc8
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4448e430d3c53bad548a5d135e1c7e2f9593e806ba47892640d430ea752e979e
446a24acf9272b37cf14bf847684201154b6648113a148f1381b7489db6294f3
44b848ce1bea5ca25251a1c22058f8df660f1c8161c21ebc13a9ba55ec479d10
4695fc55c74f843f9e0f9fd470139bfd9eea16aa0091c48e48871f9403ccae77
4718dd9f68e969d1cb5e1b6172206b7150ad1d8cd5c5c1fe5812dd0e1646d426
4afb9cdae11f7fea34264145c41e663a90f689d2e393c2cd1bf84b71cf45d7d3
4b3a940833146615ba44ad24b2c0b4c2218b71f2a7e83695ae0e315de81f16c9
4b44cf0d9d68af7eef9acf68208ff991b1e06fc5411e36b1ae80af94f06aa388
4b77eae349a8cbcea7133cf3640a64ebf1f69d54d8f6469d7be6fdc188ca4ca4
4c95e84767aed248594e7d485707c7ed904fd2fe4ec3ea98687fc2de59ddf231
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50168f949215d63b97c03cc17642ad4f09faadf84d596d313c7c50d16e7f524e
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
50a63bf06dcdc62ce03de6a07d10770dc80cfa47ef2b63db1e9f6a5fbd786a7d
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
54d0db6fb24e2bc92d9caac84d03efe976ae69c169dd661606695bf09909b72c
55a3de3af0eafecb386aa443866879e6c3308cdce79eb8a93f9c5c7cfbab20b5
55b284e2bcd88bc7cfb29974016bfb9c497343327ce50b3ac95ac2d23dd710fa
56351c084d8d56437d41f1e58b7eb184b563871e88bab60f6b15486c39f13996
5adfa8fdf36805dec0395a90e3347559da75fe8fc8830c48e22c94b18f8d9753
5c6be993959b0c8ac9f80e00d7f01fb5814e8cc5fea68957c2c745822717116e
5ca82ef7d68488178f9bdc684b81c698829d38096194afea7dde018f322658fe
5dbac6375a475c2313bd9250c5ee7b12186ee44917761e50eacebc7f626c0954
5dbf1dd60e4e6e8e3b111f600d85fd7c50214ad54fb88ad3ac729df31d054044
5e150da645ec0405d3a9015e8c93e7a53777e373fde88b0af762f4e3f1d72fb5
5e7aca7fa5b7c8f6d1a033f56b6fa0960abe0547bc38d182465f25da11a8ba03
5efa9c95fde0d54aba4f6fa1f1c7fd6bbb2c4185677d320a71a0bb882ec2b14a
5f00d505a9fca8ac48eef039d9589c79fa4021637cf317b7d27a5fc6177880d9
60972426541d4f54beb5b68cd40437dbe423321b6468d71a560e6d3ace4db7af
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
631f3d02d142b9c0f2b6bc580d3548e4002355f269b75e2e4b3dd6e194946aca
66f5f2414cabc538d6a21c407e4b118950e79d54670c860ed09b577e4114d3aa
6a0b31941a558739f2935239325579d5aff27702c4444741139e5237b7786725
6a163c9c1e18a0fae78f3ce587d463c4aa6d39991639580d1106a9fa0774b8e8
6a9b554d2c7d0f11b3397e47d2602a9aec5349f233fe9dc50bdbadbb14d7b572
6b9ae1fa0d1fc51ee0ad3feb565083bee200289c71bb346020f9b3d80cf73636
6ccb1d24b672a10a1bf92e29412ca29b46f5abdce36e20beae8f4b4c909b31a1
7152b1a8f92e12ba387acd309b9099e2832891fd848b514b284b1bb8eebabd63
720671166ac43aba99e3952b0b9341ab4e0fee1fd891db54e2a07f05db653142
723b2fb21ce4fdee0c41b745c88083fce8598d8cf5e3566638f50de66f5dae44
73ef34ed57b69c5a35720bfc3ac6ebf6da3cf1289824112841d403c0fd169f97
748e6bfe328ce20adfdc3bab92bb2e2684fb75e6e847355495a8149d0301717c
751ae194a89253e6061aee50333144186c10deff5c0b2ea28f9498e2d4bb6764
76e57bab4a503278f256efb32c9460e1c74d44686284af8da68e09e58bbd1676
7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02
7dfb320f62f8e93b26f7760ed53ade019c720b1a267826a9672177c801223e5b
7e39e84b440072e722cfa15e68cda7f86a1e830fa9ca2c95c38479dbc4da2080
7ece648c6d1d12fe49579177747819737d024c57ef2decac49e2d9e5b5409309
7f940096fb4d206e16550901aa8a54fd424ac9edf62c95780b4262992bc16710
82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26
8403a18d5ce8a0eefec8599eba23167ae9cee02ab44b21ded52b146b9663e2cb
8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd
893719087a8bc6dcdfabc4e1d54fd6d724953d40da2ad369f8b4fb5f689394d7
8952b91af1705fc7fddb2a9bcc53534d55f136755e48e957711d85b038287542
8af2d4d39123c52a7c0ab7f7e4fbf96c5bfeb969ccce59ceb2bc7c96a7624f2b
8f60f7c0934d06990ee21f70fcc76027271f830211f75aa3543f7a2a958a083a
8fb0902cb2d17d83fa68fa9a81a2e2872675c67bac55f2aced4aa2c5540f6655
9170a8b2fb3234baa721bf8b3de5935d8d160f6f987215b83b07a49a403e5e74
958b75150b5ca49fe592bb56f99fb61bc24e37cd747b778839e7d6c71eb91661
97136378db14f595c40fa69faab3cfe11401a33cee170ce29f3a8a6d6cabf321
9820ae75bea28bf572a4292f29b52d15a2af9c7725520d8a27afa604ae35ad9b
987483faa3960dcc7b63c8f366f5fe78487356e01f60f9b85b4c9f466f5d4dcd
a03920723c972872632e31dd6052cd351e0aa0e93d06a0f7330ec74cec95d771
a09179dd962df38a01440ce2e4748c37bd832fe1ac2f65ad974490a89d63d129
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
aa8a5c4a92b78ce2c775274d190dafb720a44b4facce02c94e63f63c90c60a57
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09
ac5a4a0937632f257b63ebd53a656fd045529bc506cf4abb880bec8421e8eb60
ada3012dc0d9c9cac355425a9c4e4956181cb00953a192730cbcc775e87a0cfa
adcfddfe0d2d3902a62912bf92360b3829e3c6da6677370f9e7acbbd081b88fd
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
afc222aabf430f1be68418c8a2b29e3423d64530dbcd9032ab9b1c5d49f67b36
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4d2883e87f3b4566974ade5298a8103592b3d062e0383080ff4e28fd3e34a83
b658b9df8f35d3c43cffd3afa4fd211124c44c76066576b1b635ee2eb885a01c
b7b8204c7a894c083d6469a3e24b8b5213c2074a13fa8a7c2d7a2768a6b042b4
b837449c7254dd5887b620b7903bb4dbafbf2424ae3eb25e7a9f3471ff105365
b8888a5d3bab25c13be153b403d8e76ab279e8ce9c87165182afd95261ea7d27
b8f0ca68362cf245f891fc09ddfa50806d195e78e196cf96ac5d9cf72be2577a
bac89398e03af076eb4721cdb190eb31d29f2ac96839b1961876fa1e76166fb2
bcf7993523efcd42f5599e1c210b6433e35a39de688c9e5ae90829741937df71
be514bd685c7bce2cc33ee1047411c157196d703bff6d975f291c0ed9b1f18d4
bea1c5ab168f662fc9eb5bda3474e5b1bbd0d3ecc1d9c68e2a753f613c2ae0c2
bf7b996825c5afa5b7b06ca9341ea47a76dfa5369e7dd6d776d0df90a71810ca
c21613957786c9c45564e16f05cfe6da4d6afcd7df461d263c804b9b8fa973a2
c2997018cce4f4ef76461aefae4f66bcee11960d04f372e37aba7a88dfc41354
c42f6f372e1047cacdeafa25cee35701fbe2abfde78a89e6e1efb08912d1f629
c498ccdf7cfddcd9f57628337ae1fbe09652357633f36cec5188ed8537fab049
c656d50263d423e681e4963066e86f087cb646cab3b440b3b082a0da28eb79ea
c6c094bc0054f9cbe34102ff49f86b3928b5ac09f3d2ac87e170d0500675921f
cb6c1a2d4e9a1239a7887de158b87d86ecbd7047e9ed8214f367406762730003
cb8d603426932f2666666f4bd32b3dde726161c7f7413e385d2e124e6e03039c
cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d08d4ba1a74e1ae1b522e4b6ca015f9b8e7ac5df4b4e480a63418eb08e4b6382
d5f3b0b14d09909398ca69f59408911181d25700a0dd9203fd20417d968747cc
d804c6bd7b16ae6d3ad23166e4237a9af5267c3489c26a24e6a122afe7fb9c0e
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
dab57fd1fa79022a4fc26533b9c0d5d2f59ae80d86a2a0d72ca53639b2f633c3
dc54b817820f14ce6395ba2a037f37d4bb0af75d5b017336140793fbe2f7f738
dc987a618ea91a37323b1432cfef45dba1292483a0d5e75e8f2cb05b45f64e4f
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e107e5cd873b09408535a6e7b824137dcfb52c3584c627c91a6c73803ce58874
e12bc1fca47f992f263407fdc0b3d6cb30d860ab0ed5e93a662387174e597d7b
e1e22e9625bfac0401d24820062fe36b5d52a35b932820a63e0c1de324b40df7
e2ab010254ed312e529c9c1ed7e7bbbd95cf2db1eec7d6f8709d6a5f0819d8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e62f6d1bbf666e1e1fdd789ef87c63b8b0f09a734962a303fbafc57856eb3eb2
e7c23a55386a8f1b364e626bd873058f55b51ef82a3a475693a49cfea4caf342
e814d50a228f54aecf40d8a58e41d48ce1dfc4376fd5fbedc28078fe0a8c5526
e8711232bd1dc0bdeddbe4643628c9abc8f58c2dc68d01d7e8ba745578a93d6f
e9e3067263cb10bbec7713f5f1e83312ffe77e36764ca0594fdcb991f20af4db
eae2a1b81d8d2a9516288dee4f71d3c839b2f3ae9d1c9954947a48efd9d598f8
eb3b03c748e6d2ab316f6c79e60c834b2b4093e01637ee589353af4a1415f1d8
ecf8b89b41bdd93302bdf280bd426fbf3776b75a37ff49ed135108616eebbc8f
edd680c9b54bb3b32fc33c190a61bee45ae32830556682300465f0aaddf86e38
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef356daa5ef1739f8dc44870d698ce39e253262719e606e7380de4a1e6670303
f1a61277e3f902f50ab42015d8b07218db9b7601bb0967e54a52bfdcb4fa7e81
f1a67642fc97b508ce07cf6df329022bf5184a1c573044dc021e0d6e64688c64
f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b
f278fb9b67f3b8713869dce4b3bb6783cf7a75219167e5c3196a5f026ad8989c
f52a0c7d9fa7ae8e45916c491ae7193f9a1e289f128f05264122c53d8da970db
f5e7696103a8df60f8d32a6dffe6f9bd10e5620fd84288babdb4908b48f8a288
f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061
f93261a25cb2a049a6a73ab7e03b0c693fabb2a549e69b9c62943631d289b1f8
f9bfb432a83aa5697d5cd4de6fe6a5f0fe0b0251e592cc8ef5f47dd074c71bed
fa51a1d9896a02fa4ffcffc70acba197e10f08059e10f9830c28fdfdfeaff38c
fc12e6190bdf56f5c79c412fd960933eb6f2fb5303c67b82563835c1c3f6a596
fdeb815bc5477d043a86ca053382a9c68bb8bd79e77b40d1230b954788ec6d69
fe2eddeaa8adad53d570fdeeb04412a07ec65ad99b25fe5beb092dfe4fb78cc9
ff14c298e24e94a8d5f0c74d2655da24799ed85c6771e368c88fa8ba6e751805

www.mediafire.com 104.17.148.83 Public Scan Open in urlscan Pro

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

302 Requests

89 %HTTPS

0 %IPv6

66 Domains

96 Subdomains

76 IPs

5 Countries

2678 kBTransfer

10105 kBSize

124 Cookies

15 Outgoing links

Redirected requests

302 HTTP transactions Everything HTML Script Fetch XHR CSS Image Font Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.mediafire.com
104.17.148.83 Public Scan Open in urlscan Pro

Screenshot
Live screenshot

Full Image

302
Requests

89 %
HTTPS

0 %
IPv6

66
Domains

96
Subdomains

76
IPs

5
Countries

2678 kB
Transfer

10105 kB
Size

124
Cookies

302 HTTP transactions
3 data transactions