www.mediafire.com
104.17.148.83  Public Scan Open in urlscan Pro

13 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

• https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
• https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/fe6331af5207/main.js

101 HTTP transactions Everything HTML Script Fetch XHR CSS Image Font Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request file Show response www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/	325 KB 86 KB	266ms 248ms	Document text/html	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash a76cc8cf2620fec1b3b1f83b0b95d99af4fdb0f42012d867aa1c54cee1772bd4 Security Headers Name Value Strict-Transport-Security max-age=0 X-Frame-Options SAMEORIGIN Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Linux" Response headers access-control-allow-methods OPTIONS, POST, GET access-control-allow-origin https://www.mediafire.com alt-svc h3=":443"; ma=86400 cache-control no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0 cf-cache-status DYNAMIC cf-ray 9fa291a9fd18d232-FRA content-encoding gzip content-type text/html; charset=UTF-8 date Mon, 11 May 2026 16:30:34 GMT expires 0 pragma no-cache priority u=0,i server cloudflare server-timing cfCacheStatus;desc="DYNAMIC" cfEdge;dur=8,cfOrigin;dur=0,cfWorker;dur=231 cfExtPri strict-transport-security max-age=0 vary Accept-Encoding x-by x-frame-options SAMEORIGIN x-mf-env liveApi x-mf-fe mf2 x-robots-tag noindex, nofollow
GET H3	200	min.js Show response cmp.gatekeeperconsent.com/	1 KB 841 B	35ms 15ms	Script application/javascript	172.67.199.186 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://cmp.gatekeeperconsent.com/min.js Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.199.186 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 345dbaad5cd394bb195e79a7d835ee2af91c02c76413d974f2e7fd3b9fcbfe39 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} content-encoding zstd report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=iFHxI7gylH1B%2FKNM%2BCcF1T0wle9KMtF5DFHlmE4txK6o6INlOjkWl9yu%2Fi11JnOM%2FHP3KB1SqIPD%2FpT5iME8NrbE9IqZ83aMHr12YiT%2FTZqsTWtET0gAnsBxFy4c5ZzPm6gxL5BXKxZ5r8sf"}]} cf-ray 9fa291abcfdfa01e-FRA alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:34 GMT content-type application/javascript server cloudflare priority u=1,i=?0
GET H3	200	cmp.min.js Show response the.gatekeeperconsent.com/	8 KB 3 KB	36ms 14ms	Script application/javascript	172.67.199.186 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://the.gatekeeperconsent.com/cmp.min.js Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.199.186 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 06c87cfc79d31896761b14ed789b3f747f1b885dac0ed193c16fb8d1d305083d Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow content-encoding gzip cf-cache-status HIT age 106 report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=K93udgJzgmf5Znyk5EyEz0YCkBIFwPcVnr%2FPR1StGJts9l4YYp8H1JJ1vNI55fHD61%2BKyQ2hMyehRHupil5NI%2Fq%2Fori5E%2B2PwSGt1J8IefNfvIMACf26ijWf60vy%2Fw83er3M7qmgcUbwnEI%2F"}]} alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:34 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding last-modified Mon, 11 May 2026 16:28:48 GMT priority u=1,i=?0 cache-control max-age=300, public nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} cf-ray 9fa291abccccd8e7-FRA server cloudflare
GET H2	200	js Show response www.googletagmanager.com/gtag/	322 KB 116 KB	164ms 84ms	Script application/javascript	2a00:1450:4001:c15::61 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-829541-1 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:c15::61 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software Google Tag Manager / Resource Hash b5af7ac8a2fd06019c69116142fe8dac4375f4743dc1cc7e01350bb30b52b291 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding zstd expires Mon, 11 May 2026 16:30:34 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Mon, 11 May 2026 16:30:34 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding last-modified Mon, 11 May 2026 15:59:28 GMT access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true access-control-allow-origin * content-length 118800 x-xss-protection 0 server Google Tag Manager
GET H2	200	tag Show response btloader.com/	94 KB 31 KB	35ms 19ms	Script application/javascript	2606:4700:10::ac42:ab85 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://btloader.com/tag?o=5678961798414336&upapi=true Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac42:ab85 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 2bc354a9cd190461ea50cff92441010aef928bb4747bec778b612e0d55bb1b7f Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, nofollow cache-control public, max-age=300, stale-if-error=3600, stale-while-revalidate=300 content-encoding br cf-cache-status HIT etag W/"f3cc939ec9405cccf7482f8a2b08da57" via 1.1 google cf-ray 9fa291ac0948d3ad-FRA access-control-allow-origin * date Mon, 11 May 2026 16:30:34 GMT content-type application/javascript last-modified Mon, 11 May 2026 15:43:33 GMT server cloudflare vary Accept-Encoding, X-Acceptable-Ads, DNT
GET H3	200	sa.min.js Show response www.ezojs.com/ezoic/	274 KB 82 KB	37ms 16ms	Script application/javascript	172.67.170.144 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.ezojs.com/ezoic/sa.min.js Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.170.144 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 4aa16a5205be7b020f4e2194045b0b95b0cad7ec41ffde93f21fb88e38610b1b Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow content-encoding gzip cf-cache-status HIT etag W/"b322cf078a2993da8790686dfa54f050" age 314 report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Lyc4BeAauSuTSi7hxviPIpLadgy%2BPb8w5gm4tX3KmuzewRMWoNhYBUBTr9hophtDCQIUQuMxeJjJI3xWdVcbhVYbXa4bN68iQtdoPL53c06HkuJZVbAFiDkhfoThadOu"}]} alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:34 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding priority u=3,i=?0 cache-control public, max-age=600, stale-while-revalidate=3600 nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} cf-ray 9fa291ac081a1da0-FRA server cloudflare
GET H2	200	element.js Show response translate.google.com/translate_a/	79 KB 28 KB	167ms 57ms	Script text/javascript	2a00:1450:4001:c15::66 Google LLC
General Check archive.org Show headers Download Go to Full URL https://translate.google.com/translate_a/element.js?cb=googFooterTranslate Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:c15::66 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software ESF / Resource Hash 3707c33e217c32e096ed5c27cbb38116741f5f48f2e4b22c22c12fbcc885df62 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control no-cache, no-store, max-age=0, must-revalidate cross-origin-opener-policy same-origin-allow-popups content-encoding gzip pragma no-cache cross-origin-resource-policy cross-origin x-content-type-options nosniff expires Mon, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Mon, 11 May 2026 16:30:34 GMT x-xss-protection 0 content-type text/javascript; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site server ESF x-frame-options SAMEORIGIN
GET H3	200	consent_modules.json Show response privacy.gatekeeperconsent.com/	125 B 592 B	44ms 18ms	XHR application/json	172.67.199.186 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://privacy.gatekeeperconsent.com/consent_modules.json Requested by Host: the.gatekeeperconsent.com URL: https://the.gatekeeperconsent.com/cmp.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.199.186 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 9175dfc08ca8c9a1a43ea84e2bd9a0bb31d213340d52cfbc553c616ec82de136 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control max-age=15780000, public nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} content-encoding zstd report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=KESS2TFn5eM3tI1bdLoFg68NA1dqBobxzcsume%2Bo%2BDnLE9T%2FDT1MpQFD5JboALQMqeHTh7mjCx%2FxUtAeOBY1eRzEGMC60ElhgdZOKPhfUvbFkf5jQcheM2rJxpQXU4G1qA79IQIob8WwFMBgD4AMQg%3D%3D"}]} cf-ray 9fa291ac1c76190d-FRA access-control-allow-origin * alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:34 GMT content-type application/json;charset=UTF-8 server cloudflare priority u=1,i
GET H2	200	amplitude-8.5.0-min.gz.js Show response cdn.amplitude.com/libs/	68 KB 22 KB	35ms 8ms	Script application/javascript	18.245.86.4 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.86.4 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-18-245-86-4.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4 Request headers Origin https://www.mediafire.com sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers access-control-max-age 3000 content-encoding gzip etag "660c3b546f2a131de50b69b91f26c636" x-amz-version-id NY8_7uBz3xoXYJBVsMSBAGHOz8ixMBS3 age 470152 access-control-allow-methods GET, HEAD x-cache Hit from cloudfront x-amz-cf-id bsU-X0Y0OhkXz71WP44YY4cpngzCvktWY_TtpdZnhwcRF953c2shwg== date Wed, 06 May 2026 05:54:43 GMT content-type application/javascript vary Origin,Access-Control-Request-Headers,Access-Control-Request-Method last-modified Fri, 13 Aug 2021 22:37:42 GMT cache-control max-age=31536000 via 1.1 337ce1d1833905a0473cbaec913a354c.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 22154 x-amz-cf-pop FRA60-P6 server AmazonS3 x-amz-server-side-encryption AES256
GET H2	200	gtm.js Show response www.googletagmanager.com/	428 KB 137 KB	120ms 46ms	Script application/javascript	2a00:1450:4001:c15::61 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:c15::61 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software Google Tag Manager / Resource Hash ecde4b76c6b04d432473057e685553d9e533961fdb70c2424594f0ec1ce8a069 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding zstd expires Mon, 11 May 2026 16:30:34 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Mon, 11 May 2026 16:30:34 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding last-modified Mon, 11 May 2026 15:59:28 GMT access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true access-control-allow-origin * content-length 139698 x-xss-protection 0 server Google Tag Manager
GET H3	200	mf_logo_full_color.svg static.mediafire.com/images/backgrounds/header/	3 KB 2 KB	26ms 17ms	Image image/svg+xml	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status HIT etag W/"5813cfb2-d1d" age 14183 access-control-allow-methods OPTIONS, POST, GET alt-svc h3=":443"; ma=86400 server-timing cfExtPri x-mf-env liveApi date Mon, 11 May 2026 16:30:34 GMT content-type image/svg+xml last-modified Fri, 28 Oct 2016 22:22:42 GMT priority u=3,i x-mf-fe mf1 cf-ray 9fa291ac0b77d232-FRA access-control-allow-origin * server cloudflare
GET H3	200	file-zip-v3.png static.mediafire.com/images/filetype/	2 KB 2 KB	27ms 18ms	Image image/png	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://static.mediafire.com/images/filetype/file-zip-v3.png Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 4448e430d3c53bad548a5d135e1c7e2f9593e806ba47892640d430ea752e979e Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers cf-cache-status HIT etag "62deda56-750" age 13925 access-control-allow-methods OPTIONS, POST, GET expires Wed, 10 Jun 2026 12:38:29 GMT alt-svc h3=":443"; ma=86400 server-timing cfExtPri x-mf-env liveApi date Mon, 11 May 2026 16:30:34 GMT content-type image/png last-modified Mon, 25 Jul 2022 18:00:54 GMT priority u=3,i cache-control max-age=2592000 x-mf-fe mf1 cf-ray 9fa291ac0b73d232-FRA accept-ranges bytes access-control-allow-origin * content-length 1872 server cloudflare
GET H3	200	icons_sprite.svg www.mediafire.com/images/icons/svg_light/	36 KB 9 KB	31ms 31ms	Image image/svg+xml	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://www.mediafire.com/images/icons/svg_light/icons_sprite.svg Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status HIT etag W/"62deda56-90ab" age 7574 access-control-allow-methods OPTIONS, POST, GET alt-svc h3=":443"; ma=86400 server-timing cfExtPri x-mf-env liveApi date Mon, 11 May 2026 16:30:34 GMT content-type image/svg+xml last-modified Mon, 25 Jul 2022 18:00:54 GMT vary Accept-Encoding priority u=3,i cf-ray 9fa291ac0b52d232-FRA x-mf-fe mf2 access-control-allow-origin * server cloudflare
GET H3	200	arrow_dropdown.svg www.mediafire.com/images/icons/svg_dark/	315 B 495 B	30ms 29ms	Image image/svg+xml	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status HIT etag W/"62deda56-13b" age 3855 access-control-allow-methods OPTIONS, POST, GET alt-svc h3=":443"; ma=86400 server-timing cfExtPri x-mf-env liveApi date Mon, 11 May 2026 16:30:34 GMT content-type image/svg+xml last-modified Mon, 25 Jul 2022 18:00:54 GMT vary Accept-Encoding priority u=3,i cf-ray 9fa291ac0b56d232-FRA x-mf-fe mf1 access-control-allow-origin * server cloudflare
GET H3	200	check_circle_green.svg static.mediafire.com/images/icons/svg_dark/	444 B 534 B	29ms 21ms	Image image/svg+xml	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://static.mediafire.com/images/icons/svg_dark/check_circle_green.svg Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status HIT etag W/"62deda56-1bc" age 3293 access-control-allow-methods OPTIONS, POST, GET alt-svc h3=":443"; ma=86400 server-timing cfExtPri x-mf-env liveApi date Mon, 11 May 2026 16:30:34 GMT content-type image/svg+xml last-modified Mon, 25 Jul 2022 18:00:54 GMT priority u=3,i x-mf-fe mf1 cf-ray 9fa291ac0b78d232-FRA access-control-allow-origin * server cloudflare
GET H3	200	fb_16x16.png static.mediafire.com/images/backgrounds/download/social/	181 B 439 B	29ms 21ms	Image image/png	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://static.mediafire.com/images/backgrounds/download/social/fb_16x16.png Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 720671166ac43aba99e3952b0b9341ab4e0fee1fd891db54e2a07f05db653142 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers cf-cache-status HIT etag "62deda56-b5" age 14358 access-control-allow-methods OPTIONS, POST, GET expires Wed, 10 Jun 2026 12:31:15 GMT alt-svc h3=":443"; ma=86400 server-timing cfExtPri x-mf-env liveApi date Mon, 11 May 2026 16:30:34 GMT content-type image/png last-modified Mon, 25 Jul 2022 18:00:54 GMT priority u=3,i cache-control max-age=2592000 x-mf-fe mf2 cf-ray 9fa291ac0b7cd232-FRA accept-ranges bytes access-control-allow-origin * content-length 181 server cloudflare
GET H3	200	infinity.js.aspx Show response cdn.econventa.com/Scripts/	160 KB 47 KB	59ms 13ms	Script text/javascript	172.67.69.81 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://cdn.econventa.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.69.81 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 2553e2cdb353b5b9d1faf4eba3437679af66285939d53a0f441a883b19f5ec2f Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers last-modified Mon, 11 May 2026 16:26:17 GMT cache-control max-age=1200, no-transform content-encoding gzip cf-cache-status HIT accept-ch Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version age 257 cf-ray 9fa291ac6ec1d2a0-FRA alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:34 GMT content-type text/javascript vary Accept-Encoding server cloudflare priority u=3,i=?0
GET H3	200	footerIcons.png static.mediafire.com/images/backgrounds/footer/social/	583 B 842 B	16ms 15ms	Image image/png	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers cf-cache-status HIT etag "62deda56-247" age 13477 access-control-allow-methods OPTIONS, POST, GET expires Wed, 10 Jun 2026 12:45:57 GMT alt-svc h3=":443"; ma=86400 server-timing cfExtPri x-mf-env liveApi date Mon, 11 May 2026 16:30:34 GMT content-type image/png last-modified Mon, 25 Jul 2022 18:00:54 GMT priority u=3,i cache-control max-age=2592000 x-mf-fe mf2 cf-ray 9fa291ac2bb7d232-FRA accept-ranges bytes access-control-allow-origin * content-length 583 server cloudflare
GET H2	200	v8c78df7c7c0f484497ecbca7046644da1771523124516 Show response static.cloudflareinsights.com/beacon.min.js/	30 KB 11 KB	33ms 17ms	Script text/javascript	2606:4700::6810:5049 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5049 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 4b77eae349a8cbcea7133cf3640a64ebf1f69d54d8f6469d7be6fdc188ca4ca4 Request headers Origin https://www.mediafire.com sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control public, max-age=86400 content-encoding gzip etag W/"2026.2.0" cross-origin-resource-policy cross-origin cf-ray 9fa291ac4b90d272-FRA access-control-allow-origin * date Mon, 11 May 2026 16:30:34 GMT content-type text/javascript;charset=UTF-8 last-modified Thu, 07 May 2026 16:44:36 GMT server cloudflare
GET H3	200	tcf2_stub.js Show response privacy.gatekeeperconsent.com/	1 KB 1 KB	27ms 19ms	Script application/javascript	172.67.199.186 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://privacy.gatekeeperconsent.com/tcf2_stub.js Requested by Host: the.gatekeeperconsent.com URL: https://the.gatekeeperconsent.com/cmp.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.199.186 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 925beb768cc9209c0f4de784f15d6c1dde72232c5b457cb186fdea749d07eae8 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control max-age=15780000, public nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} content-encoding zstd report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=bmMsCZtjbR%2FMPQfUf3VtoXqWJtpk0N4lwmqDKNWYqaplJu8DE%2BNo4pRuRfosT22MHAQ5vpH4KgkZmZAQp0IV8MfQp9fsDF7vhwzYFi0wGi0Auy6NixNj4AavG96CPrOfD1l7p66f3J%2F8QSPcIADh5g%3D%3D"}]} cf-ray 9fa291ac4d2243d2-FRA access-control-allow-origin * alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:34 GMT content-type application/javascript server cloudflare priority u=3,i=?0
GET H3	200	cmp.js Show response the.gatekeeperconsent.com/v2/	86 KB 26 KB	13ms 13ms	Script text/javascript	172.67.199.186 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://the.gatekeeperconsent.com/v2/cmp.js?v=469 Requested by Host: the.gatekeeperconsent.com URL: https://the.gatekeeperconsent.com/cmp.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.199.186 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash cb1b01bfc3a6bcc42c2d0c740179ccda60a597a9b8e00d8dfac9f08e63d05807 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status HIT age 1530333 report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=UfK7ZkRTi1mAwwiy167cMzq18l266oA98SutU1AFTg0kTNRReat7RXm4EW5oiL3Mh2lwhGDTxt5KUGAmG65mEmSF84Z%2F4oquZkve3JWVTFDUpzWSU1pivr6JQ0FG0ILRHDq5KJbrEC%2FF0hsH"}]} alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:34 GMT content-type text/javascript; charset=utf-8 last-modified Wed, 22 Apr 2026 22:35:03 GMT vary Accept-Encoding priority u=3,i=?0 cache-control max-age=15780000, public nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} cf-ray 9fa291ac4cdad8e7-FRA accept-ranges bytes server cloudflare
GET H3	200	like.php Show response www.facebook.com/plugins/ Frame D365	0 107 B	122ms 112ms	Document text/html	157.240.0.35 Facebook
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK - Facebook, Inc., US), Reverse DNS edge-star-mini-shv-02-fra3.facebook.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net *.facebook.net *.whatsapp.com *.whatsapp.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-6X75NlBQ' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://accounts.google.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.mediafire.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Linux" Response headers alt-svc h3=":443"; ma=86400 cache-control private, no-cache, no-store, must-revalidate content-length 0 content-security-policy default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net *.facebook.net *.whatsapp.com *.whatsapp.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-6X75NlBQ' blob: 'self' connect.facebook.net 'wasm-unsafe-eval' https://accounts.google.com https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://accounts.google.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; content-type text/html;charset=utf-8 cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" date Mon, 11 May 2026 16:30:34 GMT document-policy include-js-call-stacks-in-crash-reports expires Sat, 01 Jan 2000 00:00:00 GMT pragma no-cache priority u=0,i report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7638672498208677219&cpp=C3&cv=1039215345&st=1778517034989"}]} reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7638672498208677219&cpp=C3&cv=1039215345&st=1778517034989" x-content-type-options nosniff x-fb-connection-quality EXCELLENT; q=0.9, rtt=9, rtx=0, c=24, mss=1232, tbw=5194, tp=9, tpl=0, uplat=104, ullat=0 x-fb-debug jze4JGltzcVXjOT7kzNJymSsYgzFCazTwtoiFxNKxjMa/3aVq/Dxv1md4hWvD2aqf2grPcLblpJzyTLFpCYGfA== x-xss-protection 0
GET H2	200	cchecker.html Show response cdn.btloader.com/ Frame C1EB	366 B 779 B	35ms 17ms	Document text/html	2606:4700:10::ac42:ab85 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://cdn.btloader.com/cchecker.html?upapi=true Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac42:ab85 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash c700c58e763a5ae34f446713819957ed9755025d35b8497ec1150f428f5ff227 Request headers Referer https://www.mediafire.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Linux" Response headers access-control-allow-origin * access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace age 349530 cache-control public, max-age=86400, immutable cf-cache-status HIT cf-ray 9fa291ac7c561c42-FRA content-encoding br content-type text/html date Mon, 11 May 2026 16:30:34 GMT expires Fri, 08 May 2026 14:40:44 GMT last-modified Thu, 16 Apr 2026 14:02:40 GMT server cloudflare x-goog-generation 1776348160499015 x-goog-hash crc32c=/3eT+A== md5=WtMW8Jy4XJceDGzQqhOktA== x-goog-metageneration 1 x-goog-storage-class MULTI_REGIONAL x-goog-stored-content-encoding identity x-goog-stored-content-length 366 x-guploader-uploadid AAVLpEirnt0vm0F2Jz-VyHp4G5Li3yJJMt_Xg_Hw3pbzbvsSs7qwKduO6EMCaO7z9sLnpYChmxmSfec
GET H2	200	px.gif Show response ad-delivery.net/	43 B 610 B	42ms 14ms	Fetch image/gif	2606:4700:10::ac42:948c Cloudflare
General Check archive.org Show headers Download Go to Full URL https://ad-delivery.net/px.gif?ch=2&e=0.5324368513718493 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac42:948c -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-goog-metageneration 5 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 1029887 x-goog-stored-content-encoding identity expires Tue, 12 May 2026 16:30:34 GMT x-goog-stored-content-length 43 date Mon, 11 May 2026 16:30:34 GMT content-type image/gif last-modified Wed, 05 May 2021 19:25:32 GMT x-guploader-uploadid ABgVH88YWGJooP3RQypITTu4eUOoozimloKclx-VwjquNN2LVUHBg9UPfL6FjLVUgTCMD2_7 cache-control public, max-age=86400 x-goog-storage-class MULTI_REGIONAL cf-ray 9fa291ac88c6dbfe-FRA accept-ranges bytes access-control-allow-origin * x-goog-generation 1620242732037093 content-length 43 server cloudflare
GET H3	200	favicon.ico Show response ad.doubleclick.net/	1 KB 129 B	99ms 46ms	Fetch image/x-icon	142.251.20.149 Google LLC
General Check archive.org Show headers Download Go to Full URL https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.5327545543130093 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.20.149 , United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS bx-in-f149.1e100.net Software sffe / Resource Hash d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} x-content-type-options nosniff expires Tue, 12 May 2026 16:30:34 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Mon, 11 May 2026 16:30:34 GMT content-type image/x-icon vary Accept-Encoding last-modified Tue, 08 May 2012 13:08:06 GMT cache-control public, max-age=86400 cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" content-length 104 x-xss-protection 0 server sffe
GET H2	200	px.gif Show response ad-delivery.net/	43 B 109 B	42ms 15ms	Fetch image/gif	2606:4700:10::ac42:948c Cloudflare
General Check archive.org Show headers Download Go to Full URL https://ad-delivery.net/px.gif?ch=1&e=0.5830870102229143 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac42:948c -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-goog-metageneration 5 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 1029887 x-goog-stored-content-encoding identity expires Tue, 12 May 2026 16:30:34 GMT x-goog-stored-content-length 43 date Mon, 11 May 2026 16:30:34 GMT content-type image/gif last-modified Wed, 05 May 2021 19:25:32 GMT x-guploader-uploadid ABgVH88YWGJooP3RQypITTu4eUOoozimloKclx-VwjquNN2LVUHBg9UPfL6FjLVUgTCMD2_7 cache-control public, max-age=86400 x-goog-storage-class MULTI_REGIONAL cf-ray 9fa291ac88c2dbfe-FRA accept-ranges bytes access-control-allow-origin * x-goog-generation 1620242732037093 content-length 43 server cloudflare
GET H2	200	dns Show response ab.dns-finder.com/meta/	2 B 214 B	175ms 122ms	Fetch text/plain	34.36.200.111 Google LLC
General Check archive.org Show headers Download Go to Full URL https://ab.dns-finder.com/meta/dns Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.36.200.111 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US), Reverse DNS 111.200.36.34.bc.googleusercontent.com Software / Resource Hash 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control private, max-age=180, stale-if-error=180, stale-while-revalidate=180 access-control-expose-headers X-Resolver x-resolver default via 1.1 google access-control-allow-origin * alt-svc h3=":443"; ma=2592000 content-length 2 date Mon, 11 May 2026 16:30:35 GMT content-type text/plain; charset=utf-8 vary Origin
GET H2	200	trustedIframe.html Show response btloader.com/ Frame 2B38	6 KB 2 KB	41ms 26ms	Document text/html	2606:4700:10::ac42:ab85 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://btloader.com/trustedIframe.html?o=5678961798414336&upapi=true Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac42:ab85 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 3f124cdc02a40817853db0a92e2dd20e0d4342c9b3532edb34429a78a2bbac54 Request headers Referer https://www.mediafire.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Linux" Response headers cache-control public, max-age=3600, stale-while-revalidate=3600 cf-ray 9fa291ac7d401c05-FRA content-encoding br content-type text/html date Mon, 11 May 2026 16:30:34 GMT server cloudflare
GET H3	200	world.svg static.mediafire.com/images/backgrounds/download/additional_content/	143 KB 53 KB	48ms 47ms	Image image/svg+xml	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://static.mediafire.com/images/backgrounds/download/additional_content/world.svg Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 4342feac38021c4fe3069eba0edf1c2e1b4345e2b548b0afb7ab21b7369b3bc8 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status HIT etag W/"62deda56-23ce2" age 6407 access-control-allow-methods OPTIONS, POST, GET alt-svc h3=":443"; ma=86400 server-timing cfExtPri x-mf-env liveApi date Mon, 11 May 2026 16:30:34 GMT content-type image/svg+xml last-modified Mon, 25 Jul 2022 18:00:54 GMT priority u=3,i x-mf-fe mf2 cf-ray 9fa291ac5c68d232-FRA access-control-allow-origin * server cloudflare
GET H3	200	continent-as.svg static.mediafire.com/images/backgrounds/download/additional_content/	43 KB 17 KB	25ms 24ms	Image image/svg+xml	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://static.mediafire.com/images/backgrounds/download/additional_content/continent-as.svg Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 082cecf2da70da88efb1db41dd0096deb999b7b7d1cf8344ca2b37930739a377 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status HIT etag W/"62deda56-aae3" age 6026 access-control-allow-methods OPTIONS, POST, GET alt-svc h3=":443"; ma=86400 server-timing cfExtPri x-mf-env liveApi date Mon, 11 May 2026 16:30:34 GMT content-type image/svg+xml last-modified Mon, 25 Jul 2022 18:00:54 GMT priority u=3,i x-mf-fe mf2 cf-ray 9fa291ac5c6ad232-FRA access-control-allow-origin * server cloudflare
GET H3	200	pak.svg static.mediafire.com/images/flags_svg/	707 B 653 B	21ms 20ms	Image image/svg+xml	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://static.mediafire.com/images/flags_svg/pak.svg Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash d6ace20003ef4172b2cb2f090614f06602fb139a900cd1c65c4f8cc17367bc37 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status HIT etag W/"62deda56-2c3" age 7772 access-control-allow-methods OPTIONS, POST, GET alt-svc h3=":443"; ma=86400 server-timing cfExtPri x-mf-env liveApi date Mon, 11 May 2026 16:30:34 GMT content-type image/svg+xml last-modified Mon, 25 Jul 2022 18:00:54 GMT priority u=3,i x-mf-fe mf1 cf-ray 9fa291ac5c6fd232-FRA access-control-allow-origin * server cloudflare
GET H3	200	flag.svg static.mediafire.com/images/backgrounds/download/additional_content/	234 B 440 B	19ms 17ms	Image image/svg+xml	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://static.mediafire.com/images/backgrounds/download/additional_content/flag.svg Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash f52a0c7d9fa7ae8e45916c491ae7193f9a1e289f128f05264122c53d8da970db Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status HIT etag W/"62deda56-ea" age 6788 access-control-allow-methods OPTIONS, POST, GET alt-svc h3=":443"; ma=86400 server-timing cfExtPri x-mf-env liveApi date Mon, 11 May 2026 16:30:34 GMT content-type image/svg+xml last-modified Mon, 25 Jul 2022 18:00:54 GMT priority u=3,i x-mf-fe mf2 cf-ray 9fa291ac5c72d232-FRA access-control-allow-origin * server cloudflare
GET H3	200	mf_round.svg static.mediafire.com/images/backgrounds/download/additional_content/	1 KB 1 KB	19ms 18ms	Image image/svg+xml	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://static.mediafire.com/images/backgrounds/download/additional_content/mf_round.svg Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash f1a67642fc97b508ce07cf6df329022bf5184a1c573044dc021e0d6e64688c64 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status HIT etag W/"62deda56-5b1" age 12434 access-control-allow-methods OPTIONS, POST, GET alt-svc h3=":443"; ma=86400 server-timing cfExtPri x-mf-env liveApi date Mon, 11 May 2026 16:30:34 GMT content-type image/svg+xml last-modified Mon, 25 Jul 2022 18:00:54 GMT priority u=3,i x-mf-fe mf1 cf-ray 9fa291ac5c73d232-FRA access-control-allow-origin * server cloudflare
GET H3	200	browser_chrome.svg static.mediafire.com/images/backgrounds/download/additional_content/	8 KB 2 KB	21ms 20ms	Image image/svg+xml	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://static.mediafire.com/images/backgrounds/download/additional_content/browser_chrome.svg Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 1c6ba1010c2cc88c59de9e9584728da124770fa399643ffc1beffcec54b84be7 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status HIT etag W/"62deda56-1e24" age 2123 access-control-allow-methods OPTIONS, POST, GET alt-svc h3=":443"; ma=86400 server-timing cfExtPri x-mf-env liveApi date Mon, 11 May 2026 16:30:34 GMT content-type image/svg+xml last-modified Mon, 25 Jul 2022 18:00:54 GMT priority u=3,i x-mf-fe mf1 cf-ray 9fa291ac5c75d232-FRA access-control-allow-origin * server cloudflare
GET H2	200	device Show response cdn.api.btloader.com/	87 B 294 B	82ms 37ms	Fetch application/json	2606:4700:10::ac42:ab85 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://cdn.api.btloader.com/device?orgid=5678961798414336&fullVersionList=%5B%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22148.0.0.0%22%7D%2C%7B%22brand%22%3A%22Google+Chrome%22%2C%22version%22%3A%22148.0.0.0%22%7D%2C%7B%22brand%22%3A%22Not-A.Brand%22%2C%22version%22%3A%2224.0.0.0%22%7D%5D&upapi=true Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac42:ab85 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 2ce6e5b04061617aeacd5c1b16004fbdc2fb510dcd7ccb92e1df8bcefbe2354d Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control public, max-age=3600 content-encoding br cf-cache-status DYNAMIC x-ratelimit-reset 1778517035 via 1.1 google cf-ray 9fa291aca96cd2ea-FRA x-ratelimit-remaining 99 access-control-allow-origin * date Mon, 11 May 2026 16:30:35 GMT x-ratelimit-limit 100 content-type application/json vary Origin server cloudflare
POST H2	200	/ Show response api.amplitude.com/	7 B 137 B	570ms 195ms	XHR text/html	35.164.73.90 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://api.amplitude.com/ Requested by Host: cdn.amplitude.com URL: https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.164.73.90 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-35-164-73-90.us-west-2.compute.amazonaws.com Software / Resource Hash aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27 Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" Content-Type application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile ?0 Response headers strict-transport-security max-age=15768000 access-control-allow-origin * content-length 7 date Mon, 11 May 2026 16:30:35 GMT content-type text/html;charset=utf-8
GET H3	200	main.js Show response www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/fe6331af5207/ Frame 418A Redirect Chain https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/fe6331af5207/main.js?	23 KB 11 KB	11ms 11ms	Script application/javascript	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/fe6331af5207/main.js? Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash f8868c5a6aa8907083da91144bc1999cf700476b6048e11754abfb21c1bc1aee Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 Referer Response headers cache-control max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public content-encoding gzip x-content-type-options nosniff cf-ray 9fa291ad5f20d232-FRA alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:35 GMT content-type application/javascript; charset=UTF-8 server cloudflare priority u=3,i=?0 Redirect headers cache-control max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public location /cdn-cgi/challenge-platform/h/g/scripts/jsd/fe6331af5207/main.js? cf-ray 9fa291ac7cb3d232-FRA access-control-allow-origin * alt-svc h3=":443"; ma=86400 content-length 0 server-timing cfExtPri date Mon, 11 May 2026 16:30:34 GMT server cloudflare priority u=3,i=?0
GET H3	200	ezorca.min.js Show response go.ezodn.com/ezoic/	348 KB 81 KB	49ms 20ms	Script application/javascript	188.114.97.3 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.ezodn.com/ezoic/ezorca.min.js Requested by Host: www.ezojs.com URL: https://www.ezojs.com/ezoic/sa.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 23287b4527798fc29fece61e3cebe54db6ec9083e338b152c625274bd81724f9 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow content-encoding br cf-cache-status HIT etag W/"1b999235542b567f802080491ad503f6" age 241 report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=bTiLnj25O8%2FT%2BuL8GIHzC%2BAVrXICXT6sgtk7dI6WI%2B2TPS9DUBg2VvsVbLovRYitfCxRvkCEnGLdVCn51aOFz5tmvzLM%2B8png1WDGxV7a02gQ2CaDR1VGI4gUfZJ2qk%3D"}]} alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding priority u=1,i=?0 cache-control public, max-age=14400, stale-while-revalidate=3600 nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} cf-ray 9fa291acde2b1e59-FRA server cloudflare
GET H3	200	columbus.js Show response www.ezojs.com/detroitchicago/	33 KB 15 KB	22ms 22ms	Script application/javascript	172.67.170.144 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.ezojs.com/detroitchicago/columbus.js Requested by Host: www.ezojs.com URL: https://www.ezojs.com/ezoic/sa.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.170.144 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash d5f3b0b14d09909398ca69f59408911181d25700a0dd9203fd20417d968747cc Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow cache-control private, max-age=0, must-revalidate, no-cache, no-store nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} content-encoding gzip cf-cache-status BYPASS report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=K24D5Sm307b0Fz6clK7wZJqmVUNWm464q8x1TELUOz27mVwCoWwQ8H6Ppis0ejIT0p7jhUKDm3wuLX2NmLr9amuZockA%2FkmsI%2BTITHbA7hw98cVTBB0ASL1ZumzY%2BLGF"}]} cf-ray 9fa291aca81d1da0-FRA alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding server cloudflare priority u=3,i=?0
POST H2	200	saa.go Show response g.ezoic.net/	68 KB 20 KB	68ms 20ms	XHR text/javascript	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/saa.go Requested by Host: www.ezojs.com URL: https://www.ezojs.com/ezoic/sa.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash b8fa7fbe99d3a67b34d3a1f8da78f27cddeff2dd1b02a819c35eac3e79704715 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" Content-Type text/plain sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex access-control-max-age 1728000 cache-control private, max-age=0, must-revalidate, no-cache, no-store content-encoding br access-control-allow-credentials true access-control-allow-methods GET, POST, PUT, OPTIONS expires Sun, 10 May 2026 16:30:35 GMT access-control-allow-origin https://www.mediafire.com date Mon, 11 May 2026 16:30:35 GMT content-type text/javascript vary Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers access-control-allow-headers Content-Type
GET H3	200	boise.js Show response go.ezodn.com/detroitchicago/	860 B 931 B	18ms 18ms	Script application/javascript	188.114.97.3 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.ezodn.com/detroitchicago/boise.js?gcb=195-16&cb=5 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash c656d50263d423e681e4963066e86f087cb646cab3b440b3b082a0da28eb79ea Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow content-encoding br cf-cache-status HIT age 2179017 report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gfRe5f%2BLrxKxr%2Fqa5laBPj%2FicjmA0mT%2FdUcrJuzws%2B5MS37UEE9Gn2N9tTeH7HbPyPMvJb7KIHea%2B5vUcqorklwXM1%2FKaXH6CMlem3qSHEMaLbVXwtW32aC7t20PUO4%3D"}]} alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding last-modified Thu, 16 Apr 2026 11:13:37 GMT priority u=3,i=?0 cache-control public, max-age=31536000 nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} cf-ray 9fa291ad3e881e59-FRA accept-ranges bytes content-length 429 server cloudflare
GET H3	200	mulvane.js Show response go.ezodn.com/parsonsmaize/	1 KB 1 KB	17ms 16ms	Script application/javascript	188.114.97.3 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.ezodn.com/parsonsmaize/mulvane.js?gcb=195-16&cb=e75e48eec0 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 6a163c9c1e18a0fae78f3ce587d463c4aa6d39991639580d1106a9fa0774b8e8 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow content-encoding br cf-cache-status HIT age 2032957 report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=7qTPeAES%2FjybGP%2BZ4%2Fbneai2xjAm8d5Plb5wLmjBEvqF20bzJrP98692vGLQ5PHtf5deDMDhmcDK5%2FyeSb9shD9E0MpHwNvHbYuflY7i8cBN7eTueTgipc57BLZmPTg%3D"}]} alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding last-modified Sat, 18 Apr 2026 03:47:57 GMT priority u=3,i=?0 cache-control public, max-age=31536000 nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} cf-ray 9fa291ad3e8a1e59-FRA accept-ranges bytes content-length 526 server cloudflare
GET H3	200	birmingham.js Show response go.ezodn.com/detroitchicago/	752 B 875 B	17ms 16ms	Script application/javascript	188.114.97.3 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.ezodn.com/detroitchicago/birmingham.js?gcb=195-16&cb=539c47377c Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 30be558393bd8b0585c806a6eaed6d6f5b51d1ca63c0113061dfe35eaa128ce3 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow content-encoding br cf-cache-status HIT age 2111583 report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4oaecZE3EPUkBRc3mvX1dYYYLurhdkdsJCpt9ZhfJGqf9VvUQi9q64cG9OKneGZiuhMAdn70yvB%2FnTANgDN4Oy3oLfjwEbLY1APJYEu3RPdT5HfnTv9P5yLqw7WNzpM%3D"}]} alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding last-modified Fri, 17 Apr 2026 05:57:31 GMT priority u=3,i=?0 cache-control public, max-age=31536000 nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} cf-ray 9fa291ad3e8b1e59-FRA accept-ranges bytes content-length 380 server cloudflare
GET H3	200	ezoicanalytics.js Show response go.ezodn.com/	2 KB 1 KB	17ms 17ms	Script application/javascript	188.114.97.3 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.ezodn.com/ezoicanalytics.js?cb=1&dcb=195-16&shcb=34 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash e814d50a228f54aecf40d8a58e41d48ce1dfc4376fd5fbedc28078fe0a8c5526 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow content-encoding br cf-cache-status HIT age 25531 report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=H%2BgZJMf2W61QE%2F0Cqa5j33NxLsFiXqzwoRe%2BxFqOUD19%2FRh7V6YHaUgjnmfXRA9ccGPbu5IwMjZY3W3UqzzR9bGVWTl0kjTYIQ0fVW%2FiIFoHAbuB6igYnXr6UHQ%2FzeQ%3D"}]} alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding last-modified Mon, 11 May 2026 09:25:03 GMT priority u=3,i=?0 cache-control public, max-age=86400 nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} cf-ray 9fa291ad3e8e1e59-FRA server cloudflare
GET H3	200	identity.js Show response www.ezojs.com/	362 KB 102 KB	18ms 18ms	Script application/javascript	172.67.170.144 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.ezojs.com/identity.js Requested by Host: www.ezojs.com URL: https://www.ezojs.com/ezoic/sa.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.170.144 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 355474edae19c91b8508ab5483713a18ae97cad7cf90bafa0fecf2e73ed98266 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow content-encoding gzip cf-cache-status HIT etag W/"2afdae5bbf19d531f38c964b0c7ec6c6" age 150 report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=FDp%2BKql1I5jVdEoz%2BOtA2ZZJfk0OrrUI4EdAxRZhV0reMewx8LutAjROakJFCiE7RaWmhJT1Oz1W26TlxnNs8FnJFAjPXa%2BUkOvLwQT4gbtVykc6tLboW5XpNEl5QEHp"}]} alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding priority u=3,i=?0 cache-control public, max-age=900, stale-while-revalidate=3600 nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} cf-ray 9fa291ad38201da0-FRA server cloudflare
POST H2	200	ezconfig Show response g.ezoic.net/detroitchicago/	92 B 124 B	17ms 15ms	Fetch application/json	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/detroitchicago/ezconfig Requested by Host: www.ezojs.com URL: https://www.ezojs.com/ezoic/sa.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash 1b7c4edd444f73d828aacb88e0f35efd212c8378d07e5ff848d699adf68ba550 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" Content-Type application/json sec-ch-ua-mobile ?0 Response headers access-control-max-age 1728000 content-encoding br access-control-allow-credentials true access-control-allow-methods GET, POST, PUT, OPTIONS access-control-allow-origin https://www.mediafire.com content-length 66 date Mon, 11 May 2026 16:30:35 GMT content-type application/json vary Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers access-control-allow-headers Content-Type
GET H2	200	ezintegration g.ezoic.net/	43 B 121 B	15ms 15ms	Image image/gif	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://g.ezoic.net/ezintegration?d=www.mediafire.com&ts=1778517034979 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers expires Sun, 10 May 2026 16:30:35 GMT cache-control private, max-age=0, must-revalidate, no-cache, no-store content-length 43 date Mon, 11 May 2026 16:30:35 GMT x-middleton-display integration_verify content-type image/gif vary Accept-Encoding
OPTIONS H2	200	ezconfig g.ezoic.net/detroitchicago/ Frame	0 0	43ms 14ms	Preflight	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/detroitchicago/ezconfig Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.mediafire.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers content-type access-control-allow-methods GET, POST, PUT, OPTIONS access-control-allow-origin https://www.mediafire.com access-control-max-age 1728000 content-length 0 date Mon, 11 May 2026 16:30:35 GMT vary Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
POST H3	200	9fa291a9fd18d232 Show response www.mediafire.com/cdn-cgi/challenge-platform/h/g/jsd/oneshot/fe6331af5207/0.405447013468484:1778512970:QFeraNcmubUcBu9ggVAS7OO20CPSvL1G5sL2cvIL3Xc/ Frame 418A	0 869 B	16ms 12ms	XHR text/plain	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/jsd/oneshot/fe6331af5207/0.405447013468484:1778512970:QFeraNcmubUcBu9ggVAS7OO20CPSvL1G5sL2cvIL3Xc/9fa291a9fd18d232 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua-platform "Linux" Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" Content-Type text/plain;charset=UTF-8 sec-ch-ua-mobile ?0 Response headers timing-allow-origin https://www.mediafire.com cf-ray 9fa291ade8c9d232-FRA alt-svc h3=":443"; ma=86400 server-timing cfExtPri content-length 0 cf-chl-out-s 0Gt8w/IufaZZ37x/Qb3NJQ==$U1YDikVuAyqoRraBu9/L1g== date Mon, 11 May 2026 16:30:35 GMT content-type text/plain; charset=UTF-8 server cloudflare priority u=1,i
POST H2	204	exd api.btloader.com/	0 0	156ms 123ms	Fetch	130.211.23.194 Google LLC
General Check archive.org Show headers Download Go to Full URL https://api.btloader.com/exd?tid=NH9lqh8C-uMupbpLvQ-9e17e047ad&sid=RNqGunoC-zQDAqn5EDU-9e17e047ad&cv=2.1.189-1-gf2b7278&upapi=true Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 130.211.23.194 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US), Reverse DNS 194.23.211.130.bc.googleusercontent.com Software / Resource Hash Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers via 1.1 google access-control-allow-origin * cache-control no-cache, no-store, must-revalidate alt-svc h3=":443"; ma=2592000 date Mon, 11 May 2026 16:30:35 GMT vary Origin
GET H3	200	config.json Show response the.gatekeeperconsent.com/v2/	18 KB 3 KB	38ms 30ms	XHR application/json	172.67.199.186 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://the.gatekeeperconsent.com/v2/config.json?domain=www.mediafire.com&changeLogId=0&cb=0 Requested by Host: the.gatekeeperconsent.com URL: https://the.gatekeeperconsent.com/v2/cmp.js?v=469 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.199.186 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 1b9e36d7f7ed9e2ddcc85cfa08b52d95b39c8d031c309bb5bc911caed2d63420 Security Headers Name Value Content-Security-Policy default-src 'none' X-Content-Type-Options nosniff X-Frame-Options deny Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status DYNAMIC report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=aiTtji%2F%2Bh9i5IfpPt0lQ6YMVOzlyzKRn12SRIqXGGXJ0K01fLiCoX6HlWcF1H0GXlcW%2FhtQLFY8rf52gJA4DUMpLWWaYTkEFOBnN469d3WgaLrLbG%2F9ImKOAJstHxyOfrFkjppvdzyRx4e%2FD"}]} x-content-type-options nosniff alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:35 GMT content-type application/json, application/json vary Accept-Encoding priority u=1,i x-frame-options deny content-security-policy default-src 'none' cache-control max-age=3600, public nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} cf-ray 9fa291ae0f3c18b5-FRA access-control-allow-origin * server cloudflare
GET H2	200	Tag.engine Show response econventa.com/	2 KB 3 KB	164ms 131ms	Script application/json	2606:4700:20::681a:842 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://econventa.com/Tag.engine?time=-120&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=54997&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=60&fpe=1&bw=1600&bh=1200&res=1600x1200&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F344v7q09fhhbkbf%2FGC5_V4.3.apk%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone Requested by Host: cdn.econventa.com URL: https://cdn.econventa.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:842 -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash ece650730a87c56c5cf58e43d1e702af2a9c5c562d1ec98976c7af263778765c Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status DYNAMIC accept-ch Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version cf-ray 9fa291ae3e07bbaa-FRA alt-svc h3=":443"; ma=86400 date Mon, 11 May 2026 16:30:35 GMT content-type application/json vary Accept-Encoding server cloudflare
GET H2	200	m=el_main_css www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.zZZZhVqDDCw.L.W.O/am=BBA4/d=0/rs=AN8SPfoccYc_h-zeKMQux1N0I7taUB-_tA/	22 KB 5 KB	117ms 37ms	Stylesheet text/css	2a00:1450:4001:c15::5e Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.zZZZhVqDDCw.L.W.O/am=BBA4/d=0/rs=AN8SPfoccYc_h-zeKMQux1N0I7taUB-_tA/m=el_main_css Requested by Host: URL: /_/translate_http/_/js/k=translate_http.tr.de.N4_IShTIIaw.O/am=BBA4/d=1/rs=AN8SPfpbzVMiBgFtWh46ZUVEzE3FdEpobA/m=el_conf Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:c15::5e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 0ecbd1374ebd05d9733e3230e6ccaefadbfd8907cd151221d8af6fdf881b4e09 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip age 234224 report-to {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]} x-content-type-options nosniff expires Sat, 08 May 2027 23:26:51 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 08 May 2026 23:26:51 GMT last-modified Thu, 09 Apr 2026 01:12:55 GMT content-type text/css; charset=UTF-8 vary Accept-Encoding cache-control public, max-age=31536000 cross-origin-opener-policy same-origin; report-to="rosetta" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta accept-ranges bytes access-control-allow-origin * content-length 4160 x-xss-protection 0 server sffe
GET H2	200	m=el_main Show response translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.de.N4_IShTIIaw.O/am=AAAAAg/d=1/exm=el_conf/ed=1/rs=AN8SPfrTPQIafKyoqKwliUYf5IngbWLpEQ/	410 KB 119 KB	130ms 38ms	Script text/javascript	2a00:1450:4001:c17::5f Google LLC
General Check archive.org Show headers Download Go to Full URL https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.de.N4_IShTIIaw.O/am=AAAAAg/d=1/exm=el_conf/ed=1/rs=AN8SPfrTPQIafKyoqKwliUYf5IngbWLpEQ/m=el_main Requested by Host: URL: /_/translate_http/_/js/k=translate_http.tr.de.N4_IShTIIaw.O/am=BBA4/d=1/rs=AN8SPfpbzVMiBgFtWh46ZUVEzE3FdEpobA/m=el_conf Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:1450:4001:c17::5f Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 646a9d4a5ffa7d99e5a043bfca44728899f241687f0c465009652c4b8781949d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip age 342388 report-to {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]} x-content-type-options nosniff expires Fri, 07 May 2027 17:24:07 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 07 May 2026 17:24:07 GMT last-modified Wed, 06 May 2026 15:12:45 GMT content-type text/javascript; charset=UTF-8 vary Accept-Encoding cache-control public, max-age=31536000 cross-origin-opener-policy same-origin; report-to="rosetta" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta accept-ranges bytes access-control-allow-origin * content-length 121048 x-xss-protection 0 server sffe
POST H2	200	analytics Show response g.ezoic.net/ezais/	16 KB 5 KB	38ms 32ms	Fetch text/plain	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/ezais/analytics?cb=1 Requested by Host: go.ezodn.com URL: https://go.ezodn.com/ezoicanalytics.js?cb=1&dcb=195-16&shcb=34 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash 04671a60da857065a290e45300854490520eb56028f3b3d5c70558f15a232388 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" Content-Type text/plain sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex access-control-max-age 1728000 content-encoding br access-control-allow-credentials true access-control-allow-methods GET, POST, PUT, OPTIONS access-control-allow-origin https://www.mediafire.com date Mon, 11 May 2026 16:30:35 GMT content-type text/plain; charset=utf-8 vary Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers access-control-allow-headers Content-Type
GET H3	200	gvl.json Show response the.gatekeeperconsent.com/cmp/	859 KB 99 KB	19ms 18ms	XHR application/json	172.67.199.186 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://the.gatekeeperconsent.com/cmp/gvl.json?v=11&lang=en Requested by Host: the.gatekeeperconsent.com URL: https://the.gatekeeperconsent.com/v2/cmp.js?v=469 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.199.186 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash d2a2f4e30e0dfc471b96be769a867673261bc12e96f79b117d04f6b17448279c Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status HIT age 311610 report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hBjJ%2Be1Eh73Rjpz2hywg5xr90AyEP8Ki3mlZfShgMe2gdjmuYm9GwyO8Lc6Y1JukijfwO07Vx%2FMtwZ7VKeEO5x7heyYSOVuJbIRNHCYqJxpKYZMLxKZWkexhIpuGFBaUeQpdW9sBJmGRCIvf"}]} alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:35 GMT content-type application/json last-modified Fri, 08 May 2026 01:57:04 GMT vary Accept-Encoding priority u=1,i cache-control max-age=345600, public nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} cf-ray 9fa291ae6f4118b5-FRA accept-ranges bytes access-control-allow-origin * server cloudflare
GET H2	200	olathe.js Show response g.ezoic.net/parsonsmaize/	2 KB 900 B	17ms 15ms	Script application/javascript	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/parsonsmaize/olathe.js?gcb=195-16&cb=30 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash 8af2d4d39123c52a7c0ab7f7e4fbf96c5bfeb969ccce59ceb2bc7c96a7624f2b Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow cache-control max-age=31536000, public content-encoding br date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding
GET H2	200	et.js Show response g.ezoic.net/porpoiseant/	2 KB 655 B	19ms 18ms	Script application/javascript	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/porpoiseant/et.js?gcb=195-16&cb=4 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash 8fb0902cb2d17d83fa68fa9a81a2e2872675c67bac55f2aced4aa2c5540f6655 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow cache-control max-age=31536000, public content-encoding br content-length 624 date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding
GET H2	200	reno.js Show response g.ezoic.net/detroitchicago/	2 KB 864 B	15ms 14ms	Script application/javascript	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/detroitchicago/reno.js?gcb=195-16&cb=0bf9e049ca Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash c03c74e3dfa5656dcd9841f61549cec816a1b2ec377dcc439761ca77a46ab1e2 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow cache-control max-age=31536000, public content-encoding br date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding
GET H2	200	overlandpark.js Show response g.ezoic.net/detroitchicago/	1 KB 522 B	17ms 16ms	Script application/javascript	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/detroitchicago/overlandpark.js?gcb=195-16&cb=301bbdaf04 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash ac5a4a0937632f257b63ebd53a656fd045529bc506cf4abb880bec8421e8eb60 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow cache-control max-age=31536000, public content-encoding br content-length 491 date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding
GET H2	200	denver.js Show response g.ezoic.net/detroitchicago/	2 KB 1 KB	16ms 15ms	Script application/javascript	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/detroitchicago/denver.js?gcb=195-16&cb=4ff75c6f00 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash dc987a618ea91a37323b1432cfef45dba1292483a0d5e75e8f2cb05b45f64e4f Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow cache-control max-age=31536000, public content-encoding br date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding
GET H2	200	wichita.js Show response g.ezoic.net/detroitchicago/	2 KB 982 B	16ms 15ms	Script application/javascript	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/detroitchicago/wichita.js?gcb=195-16&cb=e49d8d9bca Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash b837449c7254dd5887b620b7903bb4dbafbf2424ae3eb25e7a9f3471ff105365 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow cache-control max-age=31536000, public content-encoding br date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding
GET H2	200	vitals.js Show response g.ezoic.net/tardisrocinante/	11 KB 4 KB	18ms 17ms	Script application/javascript	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/tardisrocinante/vitals.js?gcb=16&cb=5 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash 0a9da3cf7efd1a7499a1c888d44ab103ca6c92a9ab354e17e146384b39cead50 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow cache-control max-age=31536000, public content-encoding br date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding
GET H2	200	chanute.js Show response g.ezoic.net/parsonsmaize/	21 KB 5 KB	16ms 16ms	Script application/javascript	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/parsonsmaize/chanute.js?a=a&cb=19&dcb=195-16&shcb=34 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash e12bc1fca47f992f263407fdc0b3d6cb30d860ab0ed5e93a662387174e597d7b Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow cache-control max-age=31536000, public content-encoding br date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding
GET H2	200	jellyfish.js Show response g.ezoic.net/porpoiseant/	28 KB 7 KB	18ms 17ms	Script application/javascript	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/porpoiseant/jellyfish.js?a=a&cb=21&dcb=195-16&shcb=34 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash 1f0eaf56b1f181194ca996ec9d07da4e006dc9e1837dcc07f7bbc3a7a6d7b7c5 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow cache-control max-age=31536000, public content-encoding br date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding
GET H2	200	js Show response www.googletagmanager.com/gtag/	548 KB 178 KB	48ms 48ms	Script application/javascript	2a00:1450:4001:c15::61 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&cx=c&gtm=4e6570 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:c15::61 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software Google Tag Manager / Resource Hash 07b51082c03ff5980b04eebd70acdbd4cd309632be81b6fb77cc6a09de08b609 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 content-encoding zstd cross-origin-resource-policy cross-origin access-control-allow-credentials true expires Mon, 11 May 2026 16:30:35 GMT access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 181622 date Mon, 11 May 2026 16:30:35 GMT x-xss-protection 0 content-type application/javascript; charset=UTF-8 vary Accept-Encoding server Google Tag Manager access-control-allow-headers Cache-Control
GET H2	200	px.gif Show response ad-delivery.net/	43 B 162 B	12ms 12ms	Fetch image/gif	2606:4700:10::ac42:948c Cloudflare
General Check archive.org Show headers Download Go to Full URL https://ad-delivery.net/px.gif?ch=1&e=0.8204925094869403 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac42:948c -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-goog-metageneration 5 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 1029879 x-goog-stored-content-encoding identity expires Tue, 12 May 2026 16:30:35 GMT x-goog-stored-content-length 43 date Mon, 11 May 2026 16:30:35 GMT content-type image/gif last-modified Wed, 05 May 2021 19:25:32 GMT x-guploader-uploadid ABgVH88YWGJooP3RQypITTu4eUOoozimloKclx-VwjquNN2LVUHBg9UPfL6FjLVUgTCMD2_7 cache-control public, max-age=86400 x-goog-storage-class MULTI_REGIONAL cf-ray 9fa291aecf20dbfe-FRA accept-ranges bytes access-control-allow-origin * x-goog-generation 1620242732037093 content-length 43 server cloudflare
GET H3	200	gvl.json Show response the.gatekeeperconsent.com/cmp/	49 KB 10 KB	14ms 14ms	XHR application/json	172.67.199.186 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://the.gatekeeperconsent.com/cmp/gvl.json?v=11&lang=de Requested by Host: the.gatekeeperconsent.com URL: https://the.gatekeeperconsent.com/v2/cmp.js?v=469 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.199.186 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 7bf5afb76956b86a82d05bc8f6e3d796daf4d83c61fbe8b97e61a0cb4dc5508a Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status HIT age 301777 report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=JCFqPjQ%2FjrFx58YAsR0pgjxNmKdeE2RIGmTQyY8ouxlt1EPTqIQIhhDwFU2ntGRfFiT33xl4uLXOL6Np6SnN%2FmPtYU81rgXvK5bDqSus9oS5BQTQDhf75n4jl7vA83QARWu8Jzak4zjMnD76"}]} alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:35 GMT content-type application/json last-modified Fri, 08 May 2026 04:40:57 GMT vary Accept-Encoding priority u=1,i cache-control max-age=345600, public nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} cf-ray 9fa291af1f4618b5-FRA accept-ranges bytes access-control-allow-origin * server cloudflare
OPTIONS H3	200	main_modal_firstpage the.gatekeeperconsent.com/cmp/v2/ Frame	0 0	18ms 18ms	Preflight	172.67.199.186 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=de-DE&cb=469&changeLogId=2358709 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.199.186 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method GET Origin https://www.mediafire.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers content-type access-control-allow-methods GET, POST, PUT, OPTIONS access-control-allow-origin https://www.mediafire.com access-control-max-age 1728000 alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 9fa291af4f4718b5-FRA content-length 0 date Mon, 11 May 2026 16:30:35 GMT nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} priority u=1,i report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=dBubzx3UitZPkZykWJ0a5uylx2YxUOjdOiRqj14pX5r0hQlfMpMngufb2aZzM%2F56kxXdt%2BTLK3RvjERZxaXX0jkSHuxe879bzxgH10aNlkW9XdQ1iLLVO86KvDG33G8lYQ34c%2FwbnZ4b4LOp"}]} server cloudflare server-timing cfExtPri vary Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
GET H3	200	main_modal_firstpage Show response the.gatekeeperconsent.com/cmp/v2/	25 KB 6 KB	16ms 16ms	Fetch text/html	172.67.199.186 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=de-DE&cb=469&changeLogId=2358709 Requested by Host: the.gatekeeperconsent.com URL: https://the.gatekeeperconsent.com/v2/cmp.js?v=469 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.199.186 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash bb52559a27ae0277059b24970ce7595e0890a951c2f6d3cb8511f6c47611cb01 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" Content-Type application/json sec-ch-ua-mobile ?0 Response headers access-control-max-age 1728000 content-encoding zstd cf-cache-status HIT age 1530274 report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=zndmwaDYJvgcvUI3B7hFheIuCelmg%2FGmx%2FxwDLmIa5BOTuM1BB4ySdEfLY5Ydp82yIP5KeyucEkk6YLRIEUAoicrCRXq9n%2FbTn50m7Ow9%2BM3JVqQZ0VVFROc7FbV7yaxXxI2rPc6f4hP2c%2Fs"}]} access-control-allow-methods GET, POST, PUT, OPTIONS alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:35 GMT content-type text/html; charset=utf-8 vary Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers last-modified Thu, 23 Apr 2026 23:26:01 GMT access-control-allow-headers Content-Type priority u=1,i cache-control max-age=2592000, public nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} access-control-allow-credentials true cf-ray 9fa291af6f4a18b5-FRA access-control-allow-origin https://www.mediafire.com server cloudflare
POST H2	200	sa.go Show response g.ezoic.net/	208 KB 38 KB	84ms 78ms	XHR text/javascript	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/sa.go Requested by Host: www.ezojs.com URL: https://www.ezojs.com/ezoic/sa.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash cb0c41db13f5ae9358f9e62317170c0c66ebe8d8ee9b5335e74f3c28d248e0ac Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" Content-Type text/plain sec-ch-ua-mobile ?0 Response headers x-ezidgraph-candidates [{"id":"55ca64df1be1f499620131ab383647db","sim":0.9935302734375},{"id":"d12c60895c2ee72340364deb980df20c","sim":0.9900360107421875},{"id":"068176790868946894a28a703a429985","sim":0.9900360107421875},{"id":"c5455c99a0ee9700ad270ae3cc162265","sim":0.9900360107421875},{"id":"32d2fb455e01689c8370dc98b0b3b78e","sim":0.9900360107421875},{"id":"ed0f235061c1dc1ef5b13f69e1e2666c","sim":0.9900360107421875},{"id":"ad7f49e836f188943e88e59c995b9da3","sim":0.9898185729980469},{"id":"d7788525443c7591914d39d64fd73f2d","sim":0.9887943267822266},{"id":"71113bd32830552f5d675ccce338f035","sim":0.9885940551757812},{"id":"f2ee92d1604c5b36cca8c3b4ed72dad4","sim":0.9885940551757812}] access-control-max-age 1728000 x-ezidgraph-status ok x-ezidgraph-latency 1.733418ms x-ezidgraph-producererrors 0 content-encoding br x-robots-tag noindex x-ezidgraph-cluster 19f31158764019d7bdc0e8d3b4d867ba x-ezidgraph-producer true access-control-allow-methods GET, POST, PUT, OPTIONS expires Sun, 10 May 2026 16:30:35 GMT x-ezidgraph-signals 18 date Mon, 11 May 2026 16:30:35 GMT content-type text/javascript vary Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers access-control-allow-headers Content-Type cache-control private, max-age=0, must-revalidate, no-cache, no-store access-control-allow-credentials true x-ezidgraph-producerstream identity-graph-observations-eu-central-1-prod x-ezidgraph-confidence 0.00 access-control-allow-origin https://www.mediafire.com x-ezidgraph-diag dynamo miss: checked 0 signals; ann ok: 10 candidates x-ezidgraph-match new
GET H2	200	omaha.js Show response g.ezoic.net/detroitchicago/	2 KB 626 B	15ms 15ms	Script application/javascript	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/detroitchicago/omaha.js?gcb=195-16&cb=8f3688675f Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash 8952b91af1705fc7fddb2a9bcc53534d55f136755e48e957711d85b038287542 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow cache-control max-age=31536000, public content-encoding br content-length 595 date Mon, 11 May 2026 16:30:35 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding
POST H2	200	imp.gif g.ezoic.net/detroitchicago/	43 B 159 B	18ms 16ms	Ping image/gif	2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Amazon.com
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/detroitchicago/imp.gif Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" Content-Type text/plain sec-ch-ua-mobile ?0 Response headers access-control-max-age 1728000, 1728000 cache-control private, max-age=0, must-revalidate, no-cache, no-store access-control-allow-credentials true access-control-allow-methods GET, POST, PUT, OPTIONS, HEAD, PUT, POST, GET, OPTIONS expires Sun, 10 May 2026 16:30:36 GMT access-control-allow-origin https://www.mediafire.com, https://www.mediafire.com content-length 43 date Mon, 11 May 2026 16:30:36 GMT x-middleton-display imp_sol content-type image/gif vary Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers access-control-allow-headers Content-Type, Content-Type
GET H2	404	0 Show response www.mediafiredls.com/onclick/	5 B 516 B	38ms 11ms	XHR text/plain	2606:4700:20::681a:3ad Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.mediafiredls.com/onclick/0 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:3ad -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash c6c094bc0054f9cbe34102ff49f86b3928b5ac09f3d2ac87e170d0500675921f Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=0lnTaEptz4LFg7QJlCYBYZhKJDHvWLXH7xmg0DwPzb8wMiiYySF9UrpNukbkzn5OqTwwvCuILq%2FMJ2sRCR68AkFAsctoqATdlwsa8j312s%2FMThYvcRappEuhJHB9s9TeDbQq6kAeJKPJfI8p97qsQ85z"}]} referrer-policy same-origin cf-ray 9fa291af9fe6dbec-FRA expires Thu, 01 Jan 1970 00:00:01 GMT access-control-allow-origin * content-length 5 date Mon, 11 May 2026 16:30:35 GMT content-type text/plain server cloudflare x-frame-options SAMEORIGIN
POST H2	204	collect region1.google-analytics.com/g/	0 0	51ms 20ms	Fetch text/plain	2001:4860:4802:32::36 Google LLC
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je6570v887485693z86304663za20gzb6304663zd6304663&_p=1778517034861&gcs=G100&gcd=13p3pPp2p5l1&npa=1&dma_cps=-&dma=1&tcfd=10001&_eu=AAAAAGAC&are=1&cid=289627698.1778517035&frm=0&pscdl=denied&rcb=19&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B148.0.0.0%7CGoogle%2520Chrome%3B148.0.0.0%7CNot-A.Brand%3B24.0.0.0&uam=&uamb=0&uap=Linux&uapv=&uaw=0&ul=de-de&gaf=2&_s=1&tag_exp=0~115938465~115938468~118463262&sid=1778517035&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F344v7q09fhhbkbf%2FGC5_V4.3.apk%2Ffile&dt=GC5_V4.3&en=page_view&_fv=1&_nsi=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2F344v7q09fhhbkbf%2FGC5_V4.3.apk%2Ffile&tfd=940 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&cx=c&gtm=4e6570 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software Golfe2 / Resource Hash Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:138:0 report-to {"group":"ascnsrsggc:138:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:138:0"}],} expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin https://www.mediafire.com cross-origin-opener-policy-report-only same-origin; report-to=ascnsrsggc:138:0 content-length 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Mon, 11 May 2026 16:30:35 GMT content-type text/plain server Golfe2
GET H2	200	px.gif Show response ad-delivery.net/	43 B 110 B	12ms 11ms	Fetch image/gif	2606:4700:10::ac42:948c Cloudflare
General Check archive.org Show headers Download Go to Full URL https://ad-delivery.net/px.gif?ch=2&e=0.30151344489887955 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac42:948c -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-goog-metageneration 5 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 1029879 x-goog-stored-content-encoding identity expires Tue, 12 May 2026 16:30:35 GMT x-goog-stored-content-length 43 date Mon, 11 May 2026 16:30:35 GMT content-type image/gif last-modified Wed, 05 May 2021 19:25:32 GMT x-guploader-uploadid ABgVH88YWGJooP3RQypITTu4eUOoozimloKclx-VwjquNN2LVUHBg9UPfL6FjLVUgTCMD2_7 cache-control public, max-age=86400 x-goog-storage-class MULTI_REGIONAL cf-ray 9fa291afda1edbfe-FRA accept-ranges bytes access-control-allow-origin * x-goog-generation 1620242732037093 content-length 43 server cloudflare
GET H3	200	24px.svg fonts.gstatic.com/s/i/productlogos/translate/v14/	6 KB 3 KB	84ms 38ms	Image image/svg+xml	142.251.13.94 Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.13.94 , United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS wt-in-f94.1e100.net Software sffe / Resource Hash ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip age 401209 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Fri, 07 May 2027 01:03:46 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 07 May 2026 01:03:46 GMT last-modified Wed, 20 Apr 2022 14:24:23 GMT content-type image/svg+xml vary Accept-Encoding cache-control public, max-age=31536000 cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 3340 x-xss-protection 0 server sffe
GET H2	200	googlelogo_color_42x16dp.png www.gstatic.com/images/branding/googlelogo/1x/	910 B 1 KB	39ms 38ms	Image image/png	2a00:1450:4001:c15::5e Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:c15::5e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers age 233668 report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} x-content-type-options nosniff expires Sat, 08 May 2027 23:36:07 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 08 May 2026 23:36:07 GMT last-modified Thu, 02 Nov 2023 22:48:00 GMT content-type image/png vary Origin cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" content-length 910 x-xss-protection 0 server sffe
GET H2	200	translate_24dp.png www.gstatic.com/images/branding/product/2x/	2 KB 2 KB	38ms 38ms	Image image/png	2a00:1450:4001:c15::5e Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/images/branding/product/2x/translate_24dp.png Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.zZZZhVqDDCw.L.W.O/am=BBA4/d=0/rs=AN8SPfoccYc_h-zeKMQux1N0I7taUB-_tA/m=el_main_css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:c15::5e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.zZZZhVqDDCw.L.W.O/am=BBA4/d=0/rs=AN8SPfoccYc_h-zeKMQux1N0I7taUB-_tA/m=el_main_css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers age 175977 report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} x-content-type-options nosniff expires Sun, 09 May 2027 15:37:38 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Sat, 09 May 2026 15:37:38 GMT last-modified Thu, 14 Oct 2021 09:08:00 GMT content-type image/png vary Origin cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" content-length 1842 x-xss-protection 0 server sffe
GET H3	200	favicon.ico Show response ad.doubleclick.net/	1 KB 129 B	46ms 46ms	Fetch image/x-icon	142.251.20.149 Google LLC
General Check archive.org Show headers Download Go to Full URL https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.1862114812322494 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.20.149 , United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS bx-in-f149.1e100.net Software sffe / Resource Hash d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} x-content-type-options nosniff expires Tue, 12 May 2026 16:30:35 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Mon, 11 May 2026 16:30:35 GMT content-type image/x-icon vary Accept-Encoding last-modified Tue, 08 May 2012 13:08:06 GMT cache-control public, max-age=86400 cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" content-length 104 x-xss-protection 0 server sffe
GET H2	200	supportedLanguages Show response translate-pa.googleapis.com/v1/ Frame 98F2	31 KB 3 KB	169ms 64ms	Script text/javascript	2a00:1450:4001:c17::5f Google LLC
General Check archive.org Show headers Download Go to Full URL https://translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=de&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback Requested by Host: URL: about:srcdoc Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:1450:4001:c17::5f Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software ESF / Resource Hash fc790761edb79b954a5e6853774ed96db936a3729b78d4b72dad5e79ce395c54 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control private content-encoding gzip cross-origin-resource-policy cross-origin x-content-type-options nosniff expires Mon, 11 May 2026 16:30:35 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." content-length 2749 date Mon, 11 May 2026 16:30:35 GMT x-xss-protection 0 content-type text/javascript; charset=UTF-8 vary Origin, X-Origin, Referer server ESF x-frame-options SAMEORIGIN
POST H3	204	rum Show response www.mediafire.com/cdn-cgi/	0 197 B	11ms 10ms	XHR text/plain	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.mediafire.com/cdn-cgi/rum? Requested by Host: static.cloudflareinsights.com URL: https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516 Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" content-type application/json sec-ch-ua-mobile ?0 Response headers access-control-max-age 86400 access-control-allow-credentials true access-control-allow-methods POST,OPTIONS cf-ray 9fa291b099a9d232-FRA access-control-allow-origin https://www.mediafire.com alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:35 GMT content-type text/plain vary Origin, accept-encoding server cloudflare priority u=1,i
GET H3	200	favicon.ico www.mediafire.com/	11 KB 2 KB	23ms 22ms	Other image/x-icon	104.17.148.83 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.mediafire.com/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.148.83 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip cf-cache-status HIT etag W/"62deda56-2a46" age 189109 access-control-allow-methods OPTIONS, POST, GET expires Mon, 08 Jun 2026 11:58:46 GMT alt-svc h3=":443"; ma=86400 server-timing cfExtPri x-mf-env liveApi date Mon, 11 May 2026 16:30:35 GMT content-type image/x-icon last-modified Mon, 25 Jul 2022 18:00:54 GMT vary Accept-Encoding priority u=1,i cache-control max-age=2592000 cf-ray 9fa291b099b0d232-FRA x-mf-fe mf2 access-control-allow-origin * server cloudflare
GET H2	200	px.gif Show response ad-delivery.net/	43 B 162 B	12ms 11ms	Fetch image/gif	2606:4700:10::ac42:948c Cloudflare
General Check archive.org Show headers Download Go to Full URL https://ad-delivery.net/px.gif?ch=2&e=0.2714971655483903 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac42:948c -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-goog-metageneration 5 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 1029880 x-goog-stored-content-encoding identity expires Tue, 12 May 2026 16:30:36 GMT x-goog-stored-content-length 43 date Mon, 11 May 2026 16:30:36 GMT content-type image/gif last-modified Wed, 05 May 2021 19:25:32 GMT x-guploader-uploadid ABgVH88YWGJooP3RQypITTu4eUOoozimloKclx-VwjquNN2LVUHBg9UPfL6FjLVUgTCMD2_7 cache-control public, max-age=86400 x-goog-storage-class MULTI_REGIONAL cf-ray 9fa291b43e00dbfe-FRA accept-ranges bytes access-control-allow-origin * x-goog-generation 1620242732037093 content-length 43 server cloudflare
GET H3	200	favicon.ico Show response ad.doubleclick.net/	1 KB 129 B	47ms 47ms	Fetch image/x-icon	142.251.20.149 Google LLC
General Check archive.org Show headers Download Go to Full URL https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.5068221632834741 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.20.149 , United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS bx-in-f149.1e100.net Software sffe / Resource Hash d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} x-content-type-options nosniff expires Tue, 12 May 2026 16:30:36 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Mon, 11 May 2026 16:30:36 GMT content-type image/x-icon vary Accept-Encoding last-modified Tue, 08 May 2012 13:08:06 GMT cache-control public, max-age=86400 cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" content-length 104 x-xss-protection 0 server sffe
GET H2	200	px.gif Show response ad-delivery.net/	43 B 110 B	13ms 12ms	Fetch image/gif	2606:4700:10::ac42:948c Cloudflare
General Check archive.org Show headers Download Go to Full URL https://ad-delivery.net/px.gif?ch=1&e=0.5247142063827458 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac42:948c -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-goog-metageneration 5 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 1029880 x-goog-stored-content-encoding identity expires Tue, 12 May 2026 16:30:36 GMT x-goog-stored-content-length 43 date Mon, 11 May 2026 16:30:36 GMT content-type image/gif last-modified Wed, 05 May 2021 19:25:32 GMT x-guploader-uploadid ABgVH88YWGJooP3RQypITTu4eUOoozimloKclx-VwjquNN2LVUHBg9UPfL6FjLVUgTCMD2_7 cache-control public, max-age=86400 x-goog-storage-class MULTI_REGIONAL cf-ray 9fa291b43e02dbfe-FRA accept-ranges bytes access-control-allow-origin * x-goog-generation 1620242732037093 content-length 43 server cloudflare
GET H2	200	dns Show response ab.dns-finder.com/meta/	2 B 0	0ms 0ms	Fetch text/plain	34.36.200.111 Google LLC
General Check archive.org Show headers Download Go to Full URL https://ab.dns-finder.com/meta/dns Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.36.200.111 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US), Reverse DNS 111.200.36.34.bc.googleusercontent.com Software / Resource Hash 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control private, max-age=180, stale-if-error=180, stale-while-revalidate=180 access-control-expose-headers X-Resolver x-resolver default via 1.1 google access-control-allow-origin * alt-svc h3=":443"; ma=2592000 content-length 2 date Mon, 11 May 2026 16:30:35 GMT content-type text/plain; charset=utf-8 vary Origin
GET H2	200	px.gif Show response ad-delivery.net/	43 B 110 B	11ms 11ms	Fetch image/gif	2606:4700:10::ac42:948c Cloudflare
General Check archive.org Show headers Download Go to Full URL https://ad-delivery.net/px.gif?ch=1&e=0.4646840661900453 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac42:948c -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-goog-metageneration 5 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 1029880 x-goog-stored-content-encoding identity expires Tue, 12 May 2026 16:30:36 GMT x-goog-stored-content-length 43 date Mon, 11 May 2026 16:30:36 GMT content-type image/gif last-modified Wed, 05 May 2021 19:25:32 GMT x-guploader-uploadid ABgVH88YWGJooP3RQypITTu4eUOoozimloKclx-VwjquNN2LVUHBg9UPfL6FjLVUgTCMD2_7 cache-control public, max-age=86400 x-goog-storage-class MULTI_REGIONAL cf-ray 9fa291b58a0cdbfe-FRA accept-ranges bytes access-control-allow-origin * x-goog-generation 1620242732037093 content-length 43 server cloudflare
GET H2	200	px.gif Show response ad-delivery.net/	43 B 110 B	10ms 10ms	Fetch image/gif	2606:4700:10::ac42:948c Cloudflare
General Check archive.org Show headers Download Go to Full URL https://ad-delivery.net/px.gif?ch=2&e=0.28025860664849833 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac42:948c -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-goog-metageneration 5 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 1029880 x-goog-stored-content-encoding identity expires Tue, 12 May 2026 16:30:36 GMT x-goog-stored-content-length 43 date Mon, 11 May 2026 16:30:36 GMT content-type image/gif last-modified Wed, 05 May 2021 19:25:32 GMT x-guploader-uploadid ABgVH88YWGJooP3RQypITTu4eUOoozimloKclx-VwjquNN2LVUHBg9UPfL6FjLVUgTCMD2_7 cache-control public, max-age=86400 x-goog-storage-class MULTI_REGIONAL cf-ray 9fa291b6cd72dbfe-FRA accept-ranges bytes access-control-allow-origin * x-goog-generation 1620242732037093 content-length 43 server cloudflare
GET H3	200	favicon.ico Show response ad.doubleclick.net/	1 KB 129 B	45ms 45ms	Fetch image/x-icon	142.251.20.149 Google LLC
General Check archive.org Show headers Download Go to Full URL https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.12057472109843892 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.20.149 , United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS bx-in-f149.1e100.net Software sffe / Resource Hash d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} x-content-type-options nosniff expires Tue, 12 May 2026 16:30:36 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Mon, 11 May 2026 16:30:36 GMT content-type image/x-icon vary Accept-Encoding last-modified Tue, 08 May 2012 13:08:06 GMT cache-control public, max-age=86400 cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" content-length 104 x-xss-protection 0 server sffe
GET H2	200	px.gif Show response ad-delivery.net/	43 B 162 B	11ms 11ms	Fetch image/gif	2606:4700:10::ac42:948c Cloudflare
General Check archive.org Show headers Download Go to Full URL https://ad-delivery.net/px.gif?ch=2&e=0.17034523725173545 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac42:948c -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-goog-metageneration 5 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 1029881 x-goog-stored-content-encoding identity expires Tue, 12 May 2026 16:30:37 GMT x-goog-stored-content-length 43 date Mon, 11 May 2026 16:30:37 GMT content-type image/gif last-modified Wed, 05 May 2021 19:25:32 GMT x-guploader-uploadid ABgVH88YWGJooP3RQypITTu4eUOoozimloKclx-VwjquNN2LVUHBg9UPfL6FjLVUgTCMD2_7 cache-control public, max-age=86400 x-goog-storage-class MULTI_REGIONAL cf-ray 9fa291b95be4dbfe-FRA accept-ranges bytes access-control-allow-origin * x-goog-generation 1620242732037093 content-length 43 server cloudflare
GET H3	200	favicon.ico Show response ad.doubleclick.net/	1 KB 129 B	46ms 46ms	Fetch image/x-icon	142.251.20.149 Google LLC
General Check archive.org Show headers Download Go to Full URL https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.3558321365529219 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.20.149 , United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS bx-in-f149.1e100.net Software sffe / Resource Hash d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} x-content-type-options nosniff expires Tue, 12 May 2026 16:30:37 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Mon, 11 May 2026 16:30:37 GMT content-type image/x-icon vary Accept-Encoding last-modified Tue, 08 May 2012 13:08:06 GMT cache-control public, max-age=86400 cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" content-length 104 x-xss-protection 0 server sffe
GET H2	200	px.gif Show response ad-delivery.net/	43 B 110 B	12ms 11ms	Fetch image/gif	2606:4700:10::ac42:948c Cloudflare
General Check archive.org Show headers Download Go to Full URL https://ad-delivery.net/px.gif?ch=2&e=0.8264162036867593 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac42:948c -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-goog-metageneration 5 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 1029881 x-goog-stored-content-encoding identity expires Tue, 12 May 2026 16:30:37 GMT x-goog-stored-content-length 43 date Mon, 11 May 2026 16:30:37 GMT content-type image/gif last-modified Wed, 05 May 2021 19:25:32 GMT x-guploader-uploadid ABgVH88YWGJooP3RQypITTu4eUOoozimloKclx-VwjquNN2LVUHBg9UPfL6FjLVUgTCMD2_7 cache-control public, max-age=86400 x-goog-storage-class MULTI_REGIONAL cf-ray 9fa291bbfaeedbfe-FRA accept-ranges bytes access-control-allow-origin * x-goog-generation 1620242732037093 content-length 43 server cloudflare
GET H3	200	favicon.ico Show response ad.doubleclick.net/	1 KB 129 B	47ms 46ms	Fetch image/x-icon	142.251.20.149 Google LLC
General Check archive.org Show headers Download Go to Full URL https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.10150299942351404 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.20.149 , United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS bx-in-f149.1e100.net Software sffe / Resource Hash d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} x-content-type-options nosniff expires Tue, 12 May 2026 16:30:37 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Mon, 11 May 2026 16:30:37 GMT content-type image/x-icon vary Accept-Encoding last-modified Tue, 08 May 2012 13:08:06 GMT cache-control public, max-age=86400 cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" content-length 104 x-xss-protection 0 server sffe
GET H2	200	px.gif Show response ad-delivery.net/	43 B 110 B	11ms 11ms	Fetch image/gif	2606:4700:10::ac42:948c Cloudflare
General Check archive.org Show headers Download Go to Full URL https://ad-delivery.net/px.gif?ch=2&e=0.581146457083493 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac42:948c -, , ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-goog-metageneration 5 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 1029881 x-goog-stored-content-encoding identity expires Tue, 12 May 2026 16:30:37 GMT x-goog-stored-content-length 43 date Mon, 11 May 2026 16:30:37 GMT content-type image/gif last-modified Wed, 05 May 2021 19:25:32 GMT x-guploader-uploadid ABgVH88YWGJooP3RQypITTu4eUOoozimloKclx-VwjquNN2LVUHBg9UPfL6FjLVUgTCMD2_7 cache-control public, max-age=86400 x-goog-storage-class MULTI_REGIONAL cf-ray 9fa291be89b4dbfe-FRA accept-ranges bytes access-control-allow-origin * x-goog-generation 1620242732037093 content-length 43 server cloudflare
GET H3	200	favicon.ico Show response ad.doubleclick.net/	1 KB 129 B	46ms 46ms	Fetch image/x-icon	142.251.20.149 Google LLC
General Check archive.org Show headers Download Go to Full URL https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.7512191191449435 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.20.149 , United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS bx-in-f149.1e100.net Software sffe / Resource Hash d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers content-encoding gzip report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} x-content-type-options nosniff expires Tue, 12 May 2026 16:30:37 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Mon, 11 May 2026 16:30:37 GMT content-type image/x-icon vary Accept-Encoding last-modified Tue, 08 May 2012 13:08:06 GMT cache-control public, max-age=86400 cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" content-length 104 x-xss-protection 0 server sffe
GET H2	200	country Show response api.btloader.com/	37 B 153 B	123ms 122ms	Fetch application/json	130.211.23.194 Google LLC
General Check archive.org Show headers Download Go to Full URL https://api.btloader.com/country?o=5678961798414336 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 130.211.23.194 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US), Reverse DNS 194.23.211.130.bc.googleusercontent.com Software / Resource Hash 04fcb3b36a8a7bdccb4d6d19f659416dbea46e4599303c362b95cc36b079c1ce Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control private, max-age=300, stale-while-revalidate=600, stale-if-error=600 via 1.1 google access-control-allow-origin * alt-svc h3=":443"; ma=2592000 content-length 37 date Mon, 11 May 2026 16:30:38 GMT content-type application/json vary Origin
POST H2	204	pv api.btloader.com/	0 0	124ms 123ms	Fetch	130.211.23.194 Google LLC
General Check archive.org Show headers Download Go to Full URL https://api.btloader.com/pv?nlf=false&tid=NH9lqh8C-uMupbpLvQ-9e17e047ad&sid=RNqGunoC-zQDAqn5EDU-9e17e047ad&cv=2.1.189-1-gf2b7278&upapi=true Requested by Host: btloader.com URL: https://btloader.com/tag?o=5678961798414336&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 130.211.23.194 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US), Reverse DNS 194.23.211.130.bc.googleusercontent.com Software / Resource Hash Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers via 1.1 google access-control-allow-origin * cache-control no-cache, no-store, must-revalidate alt-svc h3=":443"; ma=2592000 date Mon, 11 May 2026 16:30:38 GMT vary Origin
GET H3	200	audins.js Show response go.ezodn.com/detroitchicago/	516 B 775 B	16ms 16ms	Script application/javascript	188.114.97.3 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://go.ezodn.com/detroitchicago/audins.js?cb=3 Requested by Host: www.mediafire.com URL: https://www.mediafire.com/file/344v7q09fhhbkbf/GC5_V4.3.apk/file Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash bcf7993523efcd42f5599e1c210b6433e35a39de688c9e5ae90829741937df71 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers x-robots-tag noindex, follow content-encoding br cf-cache-status HIT age 2199851 report-to {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4sZ2f8kqHwBEcGpYjC0l6CsNTBry1MMb7IN55xuqIIcB5ySZcd2yN6UvkKl4SB22r%2BOzT5XAKzWUhvC5bcPxpIJeYq0Ejoxq0HFXmiESf9FVtxx9vHNXn%2BuA8G%2FS%2Ffk%3D"}]} alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Mon, 11 May 2026 16:30:40 GMT x-middleton-display sol-js content-type application/javascript vary Accept-Encoding last-modified Thu, 16 Apr 2026 05:26:29 GMT priority u=3,i=?0 cache-control public, max-age=31536000 nel {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} cf-ray 9fa291cfdaab1e59-FRA accept-ranges bytes content-length 275 server cloudflare
GET H2	200	quant.js Show response secure.quantserve.com/	33 KB 12 KB	65ms 11ms	Script application/javascript	2620:116:800d:21:de2e:c7b3:55c0:d5a0
General Check archive.org Show headers Download Go to Full URL https://secure.quantserve.com/quant.js Requested by Host: go.ezodn.com URL: https://go.ezodn.com/detroitchicago/audins.js?cb=3 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2620:116:800d:21:de2e:c7b3:55c0:d5a0 -, , ASN (), Reverse DNS Software / Resource Hash dab57fd1fa79022a4fc26533b9c0d5d2f59ae80d86a2a0d72ca53639b2f633c3 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers cache-control private, max-age=86400 content-encoding gzip etag "ynV3urHYPJfGyLW/1QBWiQ==" expires Tue, 12 May 2026 16:30:40 GMT accept-ranges bytes date Mon, 11 May 2026 16:30:40 GMT content-type application/javascript vary Accept-Encoding
GET H2	200	rules-p-31iz6hfFutd16.js Show response rules.quantcount.com/	160 B 632 B	39ms 9ms	Script application/javascript	2600:9000:223c:9800:6:44e3:f8c0:93a1
General Check archive.org Show headers Download Go to Full URL https://rules.quantcount.com/rules-p-31iz6hfFutd16.js Requested by Host: secure.quantserve.com URL: https://secure.quantserve.com/quant.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223c:9800:6:44e3:f8c0:93a1 -, , ASN (), Reverse DNS Software AmazonS3 / Resource Hash 4718dd9f68e969d1cb5e1b6172206b7150ad1d8cd5c5c1fe5812dd0e1646d426 Request headers sec-ch-ua-platform "Linux" Referer https://www.mediafire.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36 sec-ch-ua "Chromium";v="148", "Google Chrome";v="148", "Not-A.Brand";v="24" sec-ch-ua-mobile ?0 Response headers etag "af15ecfe46737cb2a37226fd060f23a6" age 1501 access-control-allow-methods GET x-cache Hit from cloudfront x-amz-cf-id cOC6h2Cb9-gsXQKPz4qdSvAt42aqRfFQ7pjHeKoJQ5kNMtnYc95Cdg== date Mon, 11 May 2026 16:05:40 GMT content-type application/javascript vary Accept-Encoding last-modified Fri, 14 Oct 2022 00:41:49 GMT cache-control max-age=3600 cross-origin-resource-policy cross-origin via 1.1 0baa339c02d06988c65d8623d1b3c6ec.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 160 x-amz-cf-pop FRA56-P2 server AmazonS3 x-amz-server-side-encryption AES256