URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Submission: On January 12 via api from US — Scanned from NZ

Summary

This website contacted 24 IPs in 4 countries across 15 domains to perform 83 HTTP transactions. The main IP is 172.67.74.5, located in United States and belongs to CLOUDFLARENET, US. The main domain is starfiles.co.
TLS certificate: Issued by E6 on December 26th 2024. Valid for: 3 months.
This is the only time starfiles.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 21 172.67.74.5 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
6 172.217.167.98 15169 (GOOGLE)
2 2404:6800:400... 15169 (GOOGLE)
2 142.251.221.66 15169 (GOOGLE)
12 172.217.167.78 15169 (GOOGLE)
1 108.158.32.97 16509 (AMAZON-02)
1 104.18.126.118 13335 (CLOUDFLAR...)
1 192.243.59.20 39572 (ADVANCEDH...)
3 23.196.45.82 16625 (AKAMAI-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2404:6800:400... 15169 (GOOGLE)
2 142.250.204.2 15169 (GOOGLE)
2 104.18.186.31 13335 (CLOUDFLAR...)
6 192.243.61.225 39572 (ADVANCEDH...)
2 23.221.21.71 16625 (AKAMAI-AS)
1 2001:4860:480... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
1 142.251.221.67 15169 (GOOGLE)
3 2404:6800:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 142.250.71.68 15169 (GOOGLE)
83 24
Apex Domain
Subdomains
Transfer
21 starfiles.co
starfiles.co
cdn.starfiles.co
download.starfiles.co Failed
api2.starfiles.co Failed
api.starfiles.co Failed
94 KB
17 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 695
analytics.google.com — Cisco Umbrella Rank: 142
www.google.com — Cisco Umbrella Rank: 3
88 KB
6 topcreativeformat.com
www.topcreativeformat.com — Cisco Umbrella Rank: 114438
6 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
222 KB
5 adtrafficquality.google
ep1.adtrafficquality.google — Cisco Umbrella Rank: 389
ep2.adtrafficquality.google — Cisco Umbrella Rank: 403
33 KB
5 media.net
contextual.media.net — Cisco Umbrella Rank: 724
lg3.media.net — Cisco Umbrella Rank: 8016
38 KB
4 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
stats.g.doubleclick.net — Cisco Umbrella Rank: 135
td.doubleclick.net — Cisco Umbrella Rank: 182
551 B
3 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 617
cloudflareinsights.com — Cisco Umbrella Rank: 591
7 KB
3 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 318
8 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
134 KB
1 google.co.nz
www.google.co.nz — Cisco Umbrella Rank: 41106
63 B
1 profitablegatecpm.com
pl22439263.profitablegatecpm.com
1 producthunt.com
api.producthunt.com — Cisco Umbrella Rank: 46698
1 KB
1 trustpilot.net
cdn.trustpilot.net — Cisco Umbrella Rank: 59416
1 KB
0 hydrafiles.com Failed
hydrafiles.com Failed
83 15
Domain Requested by
14 fundingchoicesmessages.google.com starfiles.co
pagead2.googlesyndication.com
14 cdn.starfiles.co starfiles.co
7 starfiles.co 1 redirects starfiles.co
6 www.topcreativeformat.com starfiles.co
6 pagead2.googlesyndication.com starfiles.co
pagead2.googlesyndication.com
3 ep2.adtrafficquality.google pagead2.googlesyndication.com
ep2.adtrafficquality.google
3 contextual.media.net starfiles.co
contextual.media.net
3 cdn.jsdelivr.net starfiles.co
2 www.google.com ep2.adtrafficquality.google
2 cloudflareinsights.com static.cloudflareinsights.com
2 lg3.media.net
2 ep1.adtrafficquality.google pagead2.googlesyndication.com
2 www.googletagmanager.com starfiles.co
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
1 www.google.co.nz
1 td.doubleclick.net www.googletagmanager.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 analytics.google.com www.googletagmanager.com
1 static.cloudflareinsights.com starfiles.co
1 pl22439263.profitablegatecpm.com starfiles.co
1 api.producthunt.com starfiles.co
1 cdn.trustpilot.net starfiles.co
0 hydrafiles.com Failed starfiles.co
0 api.starfiles.co Failed starfiles.co
0 api2.starfiles.co Failed starfiles.co
0 download.starfiles.co Failed starfiles.co
83 26
Subject Issuer Validity Valid
starfiles.co
E6
2024-12-26 -
2025-03-26
3 months crt.sh
*.jsdelivr.net
Sectigo RSA Domain Validation Secure Server CA
2024-05-04 -
2025-05-04
a year crt.sh
*.g.doubleclick.net
WR2
2024-12-09 -
2025-03-03
3 months crt.sh
*.google.com
WR2
2024-12-09 -
2025-03-03
3 months crt.sh
*.trustpilot.net
Amazon RSA 2048 M03
2024-12-03 -
2026-01-01
a year crt.sh
producthunt.com
WE1
2024-11-24 -
2025-02-22
3 months crt.sh
profitablegatecpm.com
R11
2024-12-03 -
2025-03-03
3 months crt.sh
*.media.net
DigiCert TLS RSA SHA256 2020 CA1
2024-10-23 -
2025-10-22
a year crt.sh
cloudflareinsights.com
WE1
2024-12-30 -
2025-03-30
3 months crt.sh
*.google-analytics.com
WR2
2024-12-09 -
2025-03-03
3 months crt.sh
adtrafficquality.google
WR2
2024-12-09 -
2025-03-03
3 months crt.sh
topcreativeformat.com
R10
2024-11-16 -
2025-02-14
3 months crt.sh
*.doubleclick.net
WR2
2024-12-09 -
2025-03-03
3 months crt.sh
*.google.co.nz
WR2
2024-12-09 -
2025-03-03
3 months crt.sh

This page contains 11 frames:

Primary Page: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Frame ID: E602A012FEA75D0AE69AD9BAB159C68F
Requests: 70 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20250108/r20190131/zrt_lookup_fy2021.html
Frame ID: B20FD311683E3CF02BBBD416254E19A2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7198310321194757&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1736665355&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x810_l%7C500x810_r&format=0x0&url=https%3A%2F%2Fstarfiles.co%2Ffile%2F44d30b2631be%2Fziniteviadhoc-ipa&pra=5&wgl=1&aihb=0&aiof=3&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aiapm=0.3221&aiapmi=0.33938&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736665354955&bpp=859&bdt=2435&idt=860&shv=r20250108&mjsv=m202501070101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=1643198412051&frm=20&pv=2&u_tz=780&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95344787%2C95349404&oid=2&pvsid=3281490498479353&tmod=421105452&uas=0&nvt=1&fsapi=1&fc=1920&brdim=50%2C50%2C50%2C50%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=892
Frame ID: FD748B38CEA1C8CC2640FA8A625EDD55
Requests: 1 HTTP requests in this frame

Frame: https://starfiles.co/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js
Frame ID: D557CDD837796CE080C84DBDEA2FE2F1
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/sr/1017354394/SAFEFRAME.html?ule=408&&kkdd=Hh%7CH%7CA*9n&ox=yQBccc(BcbmyvW(mcWW&X4_9=b&Aj_s=b&~jq_=b&V4o=y2((&6jVu=CQ2v&Vx4=mZe*kndm5&V_V4=JzxCTN2BR1QwNm((aQvta1%3D%3D&V9x4=Bm(v((WBb&jxSu=QvmPWb&VV=pk&q66_j=y&9uzl9R=q66_j%3A%2F%2Fj6s9IxRujLV3%2FIxRu%2F224BbDvcByDu%2FSx8x6uoxs4q3V!x_s&8ju=(&lX4=2&x~=ycbb&AVI=cbvQv&_Xx4=_yvbycyB2BWb6vbv(byyvbQbv&_Xx4j=y&q6ARj9V=y&sflct=4662095&6VIiVA_=y&ure=1
Frame ID: 956E8ACAE725C0A29A94FE9251B431FF
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-5NQRXX08WX&gacid=1816581908.1736665361&gtm=45je5190v881073661za200&dma=0&gcs=G1--&gcd=13l3l3l3l5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&z=186553741
Frame ID: 83B462B019E2A362DBF5888B01A23EF1
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/sr/1017354394/SAFEFRAME.html?ule=410&&kkdd=Hu%7C3%7C*AH9n&nU=mVEyyyxEyrymySIEMxx&1fWc=r&4uWl=r&3u(W=r&gfn=mIxx&Rugd=!VIS&gUf=HKL0GbhHP&gWgf=27U!ZwIEkeV6wHxxDVSoDe%3D%3D&gcUf=SVSxSESyV&uUid=Err*Sxr&gg=TG&(RRWu=m&cd7Yck=(RRWu%3A%2F%2FuRlc9UkduBg8%2F9Ukd%2FIIfErXSyEmXd%2FiUOURdnUlf(8gjUWl&Oud=x&Y1f=I&U3=myrr&4g9=yrSVS&W1Uf=WmSrmymEIEMrRSrSxrmmSrVrS&W1Ufu=S&(R4kucg=m&sflct=3092663&Rg9~g4W=m&ure=1
Frame ID: 3C64573B646A124F056E16531E90BBD1
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: 04161232807E3B09242DFEF3A8555D7E
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 90E3B906689B1A39E11BD27E8E77565B
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: B37EC2E907F4775AD1E05901C710D9EF
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C9B6A452E266B01D81B8ECC243AE4026
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

zinitevi_adhoc.ipa - Starfiles

Detected technologies

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

83
Requests

89 %
HTTPS

39 %
IPv6

15
Domains

26
Subdomains

24
IPs

4
Countries

627 kB
Transfer

1711 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 22
  • https://cdn.starfiles.co/images/widget/44d30b2631be?type=file&cache=c3e27c0a5be1d9de20b3343d3b3be14b HTTP 301
  • https://api2.starfiles.co/widget/44d30b2631be
Request Chain 23
  • https://cdn.starfiles.co/qrcode?data=https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa&size=256 HTTP 301
  • https://api2.starfiles.co/qrcode/qrcode?data=https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa&size=256
Request Chain 46
  • https://starfiles.co/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://starfiles.co/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js

83 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request ziniteviadhoc-ipa
starfiles.co/file/44d30b2631be/
119 KB
31 KB
Document
General
Full URL
https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
059c7428fc9a74f9e5c06d6a982c06f5333eb71c7ba78d3d7fe5e5f2eeb2f285
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cdn-cache-control
no-cache, no-store, must-revalidate, private
cf-cache-status
BYPASS
cf-ray
900b47ee6a30d9a3-AKL
content-encoding
br
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
content-type
text/html; charset=UTF-8
date
Sun, 12 Jan 2025 07:02:32 GMT
expect-ct
max-age=86400, enforce
expires
Thu, 19 Nov 1981 08:52:00 GMT
i2p-location
http://vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/file/44d30b2631be/ziniteviadhoc-ipa
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
onion-location
http://starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/file/44d30b2631be/ziniteviadhoc-ipa
pragma
no-cache
priority
u=0,i
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yc%2FurLooMTU4mogHDY8Dq2nm73rpYVZbT9PHYUEWbrd5bE7TH3TqDKGNW5y3Cu5HxgUEhYthd6fP0fbzpFgf3ea5R4lYePMcFvoKGyRMNNXwCdoP1urorjC35epHSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=37813&min_rtt=34635&rtt_var=11734&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4160&recv_bytes=4510&delivery_rate=470&cwnd=12000&unsent_bytes=0&cid=b1ed9d19674cc973&ts=6233&x=1" cfExtPri cfHdrFlush;dur=0
sf-primary
primary-germany-1
sf-primary-cache-status
EXPIRED
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
mobile.min.css
cdn.jsdelivr.net/combine/gh/QuixThe2nd/Starfiles-JSDelivr@latest/css/main.min.css,gh/QuixThe2nd/Starfiles-JSDelivr@latest/css/
23 KB
6 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/combine/gh/QuixThe2nd/Starfiles-JSDelivr@latest/css/main.min.css,gh/QuixThe2nd/Starfiles-JSDelivr@latest/css/mobile.min.css
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c31301d903c49a1dab3a2714159746e5a09cdba1ce40247d46772115324f678
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-expose-headers
*
content-encoding
br
cf-cache-status
HIT
etag
W/"5dbb-fiOI6f/ImNV5VpgXmfTefGN7suE"
age
13865
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RDbnnXWcPP3EAfbW0tlUBYwp5uNtvsPLTBjs%2BrDmrfxKKCyZZ%2B0AqZVpkB6C5YsEOqQwQp7fsmMjHt3C%2FHw3Yi96azYENHc9taDq3KieUHHiGX%2BvlK5xIiYuDnFsolurR%2BEuqyB6vPYfknxH%2FA4%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
HIT, HIT
date
Sun, 12 Jan 2025 07:02:34 GMT
content-type
text/css; charset=utf-8
x-served-by
cache-fra-etou8220030-FRA, cache-lga21926-LGA
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
900b48217cd4d9a6-AKL
accept-ranges
bytes
access-control-allow-origin
*
content-length
5789
server
cloudflare
theme.css
cdn.starfiles.co/css/
1 KB
2 KB
Stylesheet
General
Full URL
https://cdn.starfiles.co/css/theme.css?theme=ocean
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
769406737de2760ebe901774c41536f730ac9757ee1244f8b17bda055a73558f
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location
http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/css/theme.css?theme=ocean
sf-primary
primary-germany-1
content-encoding
gzip
cf-cache-status
HIT
age
1115834
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=en5t7meF4qCpfIWrcTXXQtQe9zQqirsFwdgNodwCZeseuiPkI8OB9ZW9KOXIqruSLTBBNwHQ7Gc1WHuembS7U7Ni3wWjQm0yIZ6e3b94BHiAsaqhhR6vAAjsJfcCxA26KKM%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=34806&min_rtt=34802&rtt_var=13059&sent=10&recv=7&lost=0&retrans=0&sent_bytes=4141&recv_bytes=4295&delivery_rate=88482&cwnd=12000&unsent_bytes=0&cid=31646aeee4984d07&ts=52&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sun, 12 Jan 2025 07:02:34 GMT
content-type
text/css;charset=UTF-8
vary
Accept-Encoding
sf-primary-cache-status
MISS
access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
cache-control
public, max-age=31556926, immutable
cdn-cache-control
public, max-age=7776000
priority
u=0,i=?0
pragma
cache
last-modified
Mon, 30 Dec 2024 03:58:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
onion-location
http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/css/theme.css?theme=ocean
referrer-policy
same-origin
cf-ray
900b48219f8dd9b6-AKL
access-control-allow-origin
*
x-xss-protection
1; mode=block
server
cloudflare
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
157 KB
52 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7198310321194757
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s17-in-f2.1e100.net
Software
cafe /
Resource Hash
ff5b6dad91ffc5e2fb12b0d5ffc0f786b24bf4f52507f62c6a580a1dfc0aff04
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://starfiles.co
Referer

Response headers

content-encoding
br
etag
14901746497826445743
x-content-type-options
nosniff
expires
Sun, 12 Jan 2025 07:02:34 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sun, 12 Jan 2025 07:02:34 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
53568
x-xss-protection
0
server
cafe
pub-7198310321194757
fundingchoicesmessages.google.com/i/
26 KB
11 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/i/pub-7198310321194757?ers=1
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:80a::200e Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
21be04a7f70c2e17fee50f9d806a2bdb58ad36676f9ba99af583b272f3c0529a
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-2ShsaifwQrf-yyt_h6gXbw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:34 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmJw0JBikPj6kkkLiJ3SZ7CGAHHrzXOs04HYaO15VhcgTvp3nrUEiA0VLrE6A7Fj0SVWTyBW7bnEag7E99ddYn0OxB_qL7P-AOIZ5y-zLgDiIokrrC1AzPD1CisHEAvxcHRd6t3DJrBgXcN8ZiWNpPzC-OT8vJKizKTSkvyitOS01OLUorLUongjAyNTA0MDSz0Dw_gCQwBx_UT8"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-2ShsaifwQrf-yyt_h6gXbw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/
432 KB
144 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7198310321194757
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s17-in-f2.1e100.net
Software
cafe /
Resource Hash
3a4b9e9018d2c90286121ea7ccf547b3304fed1db2da602a1a53600f0f1304c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
etag
7592710081682814194
age
3166
x-content-type-options
nosniff
expires
Sun, 26 Jan 2025 06:09:49 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sun, 12 Jan 2025 06:09:49 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
147594
x-xss-protection
0
server
cafe
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=adsense_fc_has_namespace_but_no_iframes&publisherId=ca-pub-7198310321194757&eid=95344787%2C95349404
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s17-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sun, 12 Jan 2025 07:02:35 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20250108/r20190131/ Frame B20F
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20250108/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.221.66 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s31-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age
14363
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4144
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 12 Jan 2025 03:03:13 GMT
etag
7793694970870604198
expires
Sun, 26 Jan 2025 03:03:13 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame FD74
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7198310321194757&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1736665355&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x810_l%7C500x810_r&format=0x0&url=https%3A%2F%2Fstarfiles.co%2Ffile%2F44d30b2631be%2Fziniteviadhoc-ipa&pra=5&wgl=1&aihb=0&aiof=3&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aiapm=0.3221&aiapmi=0.33938&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736665354955&bpp=859&bdt=2435&idt=860&shv=r20250108&mjsv=m202501070101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=1643198412051&frm=20&pv=2&u_tz=780&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95344787%2C95349404&oid=2&pvsid=3281490498479353&tmod=421105452&uas=0&nvt=1&fsapi=1&fc=1920&brdim=50%2C50%2C50%2C50%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=892
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.221.66 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s31-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Browsing-Topics
();p=P0000000000000000000000000000000
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
5793
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 12 Jan 2025 07:02:37 GMT
expires
Sun, 12 Jan 2025 07:02:37 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
yCFBIfnJJl5p
download.starfiles.co/
0
0

signtunes-64.png
cdn.starfiles.co/images/
2 KB
3 KB
Image
General
Full URL
https://cdn.starfiles.co/images/signtunes-64.png
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
528db3367adad2cc4d26d3d64bfcd2ec12a38b30f2bc34dbd964e6b3f9781fd7
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location
http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/signtunes-64.png
sf-primary
primary-germany-1
cf-cache-status
HIT
age
125270
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8evEnU%2FCbLCIdjT7gAFWwOEMQHl%2FSH8ed1nKbWCQY8c4o8M7xOM8wG%2B%2FGWYZmiyKbUZcVYExDHljSXMfm2DpvnZtJyOYxsIfvpJJMGay04%2B0JDSNiBgE6aYRf7UnFlI8s0w%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=36130&min_rtt=34620&rtt_var=6570&sent=15&recv=18&lost=0&retrans=0&sent_bytes=5938&recv_bytes=6944&delivery_rate=29036&cwnd=12000&unsent_bytes=0&cid=31646aeee4984d07&ts=2702&x=1", cfExtPri, cfHdrFlush;dur=0
content-type
image/webp
content-disposition
inline; filename="signtunes-64.webp"
priority
u=3,i
last-modified
Mon, 30 Dec 2024 03:54:12 GMT
cache-control
public, max-age=16070400
cdn-cache-control
public, max-age=7776000
pragma
cache
onion-location
http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/signtunes-64.png
referrer-policy
same-origin
x-xss-protection
1; mode=block
server
cloudflare
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
cf-polished
origFmt=png, origSize=2069
date
Sun, 12 Jan 2025 07:02:37 GMT
vary
Accept
sf-primary-cache-status
MISS
access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
900b48322887d9b6-AKL
access-control-allow-origin
*
appdb-64.png
cdn.starfiles.co/images/
3 KB
4 KB
Image
General
Full URL
https://cdn.starfiles.co/images/appdb-64.png
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
735b7f70ab83623127d52f82b9c6bce0311a2ed2f1a5fe4827517b5a5ce4d78f
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location
http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/appdb-64.png
sf-primary
primary-germany-1
cf-cache-status
HIT
age
1128289
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ptGV2EbIf1C9m9jv3L65W%2Bv8dphVLYLmSV3wioO2BlvKhx5nYG2wUCakdwk27xBxjGdReZXiQvZbz0M1koz0z9YKhonNipUmOcNKiD4Vp%2Brl%2F74Vq3QhtWK8plVncUl30E%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=36130&min_rtt=34620&rtt_var=6570&sent=18&recv=18&lost=0&retrans=0&sent_bytes=8943&recv_bytes=6944&delivery_rate=29036&cwnd=12000&unsent_bytes=0&cid=31646aeee4984d07&ts=2702&x=1", cfExtPri, cfHdrFlush;dur=0
content-type
image/png
last-modified
Mon, 30 Dec 2024 03:54:12 GMT
priority
u=3,i
cache-control
public, max-age=16070400
cdn-cache-control
public, max-age=7776000
pragma
cache
onion-location
http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/appdb-64.png
referrer-policy
same-origin
x-xss-protection
1; mode=block
server
cloudflare
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
cf-polished
origSize=3806, status=webp_bigger
date
Sun, 12 Jan 2025 07:02:37 GMT
vary
Accept-Encoding
sf-primary-cache-status
MISS
access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
900b48322889d9b6-AKL
access-control-allow-origin
*
altstore-64.png
cdn.starfiles.co/images/
1 KB
3 KB
Image
General
Full URL
https://cdn.starfiles.co/images/altstore-64.png
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b4eee2ec19acb04d23c103ea264973702058758cd168608cb4b2051f085675ce
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location
http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/altstore-64.png
sf-primary
primary-germany-1
cf-cache-status
HIT
age
1128289
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vVbbzZYnlT6WzD%2F2hH5Z2OyuLYIYhSHtWRkEzH%2FNpe1XG0gAlVVoqymnbw1RuomdRcZVhwDHcs2hO22OpelZ1VoSlTCUt336iWSpa%2BP2zjIALz%2FUnZ9vIhLX%2BEIshxEBcBA%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=36130&min_rtt=34620&rtt_var=6570&sent=22&recv=18&lost=0&retrans=0&sent_bytes=13511&recv_bytes=6944&delivery_rate=29036&cwnd=12000&unsent_bytes=0&cid=31646aeee4984d07&ts=2704&x=1", cfExtPri, cfHdrFlush;dur=0
content-type
image/webp
content-disposition
inline; filename="altstore-64.webp"
priority
u=3,i
last-modified
Thu, 19 Dec 2024 19:33:32 GMT
cache-control
public, max-age=16070400
cdn-cache-control
public, max-age=7776000
pragma
cache
onion-location
http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/altstore-64.png
referrer-policy
same-origin
x-xss-protection
1; mode=block
server
cloudflare
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
cf-polished
origFmt=png, origSize=2487
date
Sun, 12 Jan 2025 07:02:37 GMT
vary
Accept
sf-primary-cache-status
MISS
access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
900b48323890d9b6-AKL
access-control-allow-origin
*
trollstore-64.png
cdn.starfiles.co/images/
3 KB
4 KB
Image
General
Full URL
https://cdn.starfiles.co/images/trollstore-64.png
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45810cdad805df84722b2c03391b8d1ce16f8ee5048b9be90c300bf929a6b3ee
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location
http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/trollstore-64.png
sf-primary
primary-germany-1
cf-cache-status
HIT
age
1128288
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zEQduxMT4jxSTi%2BY1PePBTLOufsHUPBnUSuqEmb1hodlByCaHDpjEuDhmN2ebnO3kkj4lGgDenN1JWNUTrxlaB6ge%2BD6E2Gy6RQrKjXXRdhWgEhR0zEeA%2BgDrfyuMLPAdQc%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=36130&min_rtt=34620&rtt_var=6570&sent=26&recv=19&lost=0&retrans=0&sent_bytes=16258&recv_bytes=7311&delivery_rate=29036&cwnd=12000&unsent_bytes=0&cid=31646aeee4984d07&ts=2707&x=1", cfExtPri, cfHdrFlush;dur=0
content-type
image/webp
content-disposition
inline; filename="trollstore-64.webp"
priority
u=3,i
last-modified
Thu, 19 Dec 2024 17:06:32 GMT
cache-control
public, max-age=16070400
cdn-cache-control
public, max-age=7776000
pragma
cache
onion-location
http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/trollstore-64.png
referrer-policy
same-origin
x-xss-protection
1; mode=block
server
cloudflare
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
cf-polished
origFmt=png, origSize=5889
date
Sun, 12 Jan 2025 07:02:37 GMT
vary
Accept
sf-primary-cache-status
HIT
access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
900b48323892d9b6-AKL
access-control-allow-origin
*
gbox-64.png
cdn.starfiles.co/images/
2 KB
3 KB
Image
General
Full URL
https://cdn.starfiles.co/images/gbox-64.png
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2eba21ae4c2a4af47caa1154d8711a6bdbf85d295b228426354ac42b4c430621
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location
http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/gbox-64.png
sf-primary
primary-germany-1
cf-cache-status
HIT
age
1128288
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rOGslwR83FV3FDNrx%2FMEPzAkrA73dhmL6nmGSzXx%2BB2icdPt9hC9e%2Bc8r36bVDDf8X9zIKvMFR6Yx64h169vQTfe1CvI%2B6ARfT8r7%2FmuVm%2BE0Eg%2B4DINsbdcrRCSZElhrkY%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=36130&min_rtt=34620&rtt_var=6570&sent=28&recv=19&lost=0&retrans=0&sent_bytes=17961&recv_bytes=7311&delivery_rate=29036&cwnd=12000&unsent_bytes=0&cid=31646aeee4984d07&ts=2709&x=1", cfExtPri, cfHdrFlush;dur=28
content-type
image/webp
content-disposition
inline; filename="gbox-64.webp"
priority
u=3,i
last-modified
Thu, 26 Dec 2024 06:59:55 GMT
cache-control
public, max-age=16070400
cdn-cache-control
public, max-age=7776000
pragma
cache
onion-location
http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/gbox-64.png
referrer-policy
same-origin
x-xss-protection
1; mode=block
server
cloudflare
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
cf-polished
origFmt=png, origSize=3408
date
Sun, 12 Jan 2025 07:02:37 GMT
vary
Accept
sf-primary-cache-status
HIT
access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
900b48323893d9b6-AKL
access-control-allow-origin
*
scarlet-64.png
cdn.starfiles.co/images/
3 KB
4 KB
Image
General
Full URL
https://cdn.starfiles.co/images/scarlet-64.png
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afad6a7ce2b8646c18508d67d8fb33ffdcb6c930b96a36e3b35a14aa8bfe0fbf
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location
http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/scarlet-64.png
sf-primary
primary-germany-1
cf-cache-status
HIT
age
2049059
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lWM4r9YjoPTlwSJYSivedmESdHcAotUvpEQZIpWTeXEK44q8u5eSjg6BxjmU5fj3ufK%2Ba5GdCV7WoQ6fJrMAayWNHT4wpwN9UQHEQbq%2Fic3jPsa3Ef3Zlw1HzMEJUwTZ19I%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=36130&min_rtt=34620&rtt_var=6570&sent=28&recv=19&lost=0&retrans=0&sent_bytes=17961&recv_bytes=7311&delivery_rate=29036&cwnd=12000&unsent_bytes=0&cid=31646aeee4984d07&ts=2707&x=1", cfExtPri, cfHdrFlush;dur=30
content-type
image/webp
content-disposition
inline; filename="scarlet-64.webp"
priority
u=3,i
last-modified
Fri, 13 Dec 2024 02:04:58 GMT
cache-control
public, max-age=16070400
cdn-cache-control
public, max-age=7776000
pragma
cache
onion-location
http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/scarlet-64.png
referrer-policy
same-origin
x-xss-protection
1; mode=block
server
cloudflare
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
cf-polished
origFmt=png, origSize=3917
date
Sun, 12 Jan 2025 07:02:37 GMT
vary
Accept
sf-primary-cache-status
MISS
access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
900b48323895d9b6-AKL
access-control-allow-origin
*
reprovision-64.png
cdn.starfiles.co/images/
2 KB
3 KB
Image
General
Full URL
https://cdn.starfiles.co/images/reprovision-64.png
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8a9c2d58a3ab6790cc912f9b046c35bd4e0a672569136c338907920e137cdcd
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location
http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/reprovision-64.png
sf-primary
primary-germany-1
cf-cache-status
HIT
age
1128288
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b227XsUEpDTW89SDnT%2Bg3%2B0KUzfrah%2Boh7A3P2Q3Pi7hQClvqF8ZacE2jb00oOX3yt3AUfvCsFzSJVSvFOGX5TTIq9HPFdP9ewAghKlgZWqn3pKrAbdqWRFlnM%2FfSgcsa2s%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=36130&min_rtt=34620&rtt_var=6570&sent=28&recv=19&lost=0&retrans=0&sent_bytes=17961&recv_bytes=7311&delivery_rate=29036&cwnd=12000&unsent_bytes=0&cid=31646aeee4984d07&ts=2708&x=1", cfExtPri, cfHdrFlush;dur=29
content-type
image/webp
content-disposition
inline; filename="reprovision-64.webp"
priority
u=3,i
last-modified
Wed, 18 Dec 2024 20:46:35 GMT
cache-control
public, max-age=16070400
cdn-cache-control
public, max-age=7776000
pragma
cache
onion-location
http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/reprovision-64.png
referrer-policy
same-origin
x-xss-protection
1; mode=block
server
cloudflare
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
cf-polished
origFmt=png, origSize=3059
date
Sun, 12 Jan 2025 07:02:37 GMT
vary
Accept
sf-primary-cache-status
MISS
access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
900b48323897d9b6-AKL
access-control-allow-origin
*
ca-pub-7198310321194757
fundingchoicesmessages.google.com/i/
193 KB
63 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/i/ca-pub-7198310321194757?href=https%3A%2F%2Fstarfiles.co%2Ffile%2F44d30b2631be%2Fziniteviadhoc-ipa&ers=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:80a::200e Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
68c757fbde1b0fa2b947d4e23b9dc59f604d547ab5258cff9e5528478e2521ea
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-MNX9q95vrg2BIMmW4h0tXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:37 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmJw0JBikPj6kkkLiJ3SZ7CGAHHrzXOs04HYaO15VhcgTvp3nrUEiA0VLrE6A7Fj0SVWTyBW7bnEag7E99ddYn0OxB_qL7P-AOIZ5y-zLgDiIokrrC1AzPD1CisHEAvxcPRe6t3DJnBj9_dtjEoaSfmF8cn5eSVFmUmlJflFaclpqcWpRWWpRfFGBkamBoYGlnoGhvEFhgCXw0XQ"
content-security-policy
script-src 'report-sample' 'nonce-MNX9q95vrg2BIMmW4h0tXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_auto_rs&sts=pfno&evt=place&vh=1200&eid=95344787%2C95349404&hl=en&pvc=3281490498479353
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s17-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sun, 12 Jan 2025 07:02:37 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
ping
pagead2.googlesyndication.com/pagead/
0
0
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s17-in-f2.1e100.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer

Response headers

AGSKWxVugrlDBd3surQLvzSXaTz-LxTyCn5KfLzScUmoTCdQuGq4gUtuJJ2p9lYe9ZmomyS9f53AD5qgMQpVItuQqWK-5xeeRHENFyRBM9pjpHCHVxt3XuYMB7aeWaj058FGKJb96w-w9w==
fundingchoicesmessages.google.com/f/
3 KB
1 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVugrlDBd3surQLvzSXaTz-LxTyCn5KfLzScUmoTCdQuGq4gUtuJJ2p9lYe9ZmomyS9f53AD5qgMQpVItuQqWK-5xeeRHENFyRBM9pjpHCHVxt3XuYMB7aeWaj058FGKJb96w-w9w==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM2NjY1MzU3LDY1MjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9zdGFyZmlsZXMuY28vZmlsZS80NGQzMGIyNjMxYmUvemluaXRldmlhZGhvYy1pcGEiLG51bGwsW1s4LCJWZl9BaUxoaFFTWSJdLFs5LCJlbi1HQiJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.Vf_AiLhhQSY.es5.O/am=BgM/d=1/rs=AJlcJMyZGta0LWIQoSgk-czkdEIrg-9tuA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s06-in-f14.1e100.net
Software
ESF /
Resource Hash
71bf0945a8fb04479b3b515b7de99c4f2e25d16fa380f4caaee0f5834f6179e7
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-GcL8-Gv17IrAPepD7OyrUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:37 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtHikmJw1JBiWMy_i0ni60smLSB2Sp_BGgLErTfPsU4HYqO151ldgDjp33nWEiA2VLjE6gzEjkWXWD2BWLXnEqs5EN9fd4n1ORB_qL_M-gOIZ5y_zLoAiIskrrC2ADHD1yusHEAsxMPRe6l3D5vAhA__njIpaSTlF8Yn5-eVFGUmlZbkF6Ulp6UWpxaVpRbFGxkYmRoYGljqGRjGFxgCAI8RR2c"
content-security-policy
script-src 'report-sample' 'nonce-GcL8-Gv17IrAPepD7OyrUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
AGSKWxUX5lvarttDNGr2kWctqyRGgCfLfg2_KTFsuZaIcUrsuCIYjXvWn5kO9WUpNXnGewYEXKbaH7JJz_t7WD9gDR4aWVCw5Ydrtba3jgWdbNsJGYvHBe4cmcn2O6Lt_nEzC9UCam0JmQ==
fundingchoicesmessages.google.com/f/
10 KB
4 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUX5lvarttDNGr2kWctqyRGgCfLfg2_KTFsuZaIcUrsuCIYjXvWn5kO9WUpNXnGewYEXKbaH7JJz_t7WD9gDR4aWVCw5Ydrtba3jgWdbNsJGYvHBe4cmcn2O6Lt_nEzC9UCam0JmQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM2NjY1MzU3LDg0MDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vc3RhcmZpbGVzLmNvL2ZpbGUvNDRkMzBiMjYzMWJlL3ppbml0ZXZpYWRob2MtaXBhIixudWxsLFtbOCwiVmZfQWlMaGhRU1kiXSxbOSwiZW4tR0IiXSxbMTksIjIiXSxbMTcsIlswXSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.Vf_AiLhhQSY.es5.O/am=BgM/d=1/rs=AJlcJMyZGta0LWIQoSgk-czkdEIrg-9tuA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s06-in-f14.1e100.net
Software
ESF /
Resource Hash
49a2b0e99041116c6006bddf57ec3e308e5564812f0f7280980c4cb36a216979
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-JeHZYqZFR-sRJZ--pNf_jQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:37 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjqtDikmJw1JBiOHHrNtMFIJb4-pJJC4id0mewhgBx681zrNOB2GjteVYXIE76d561BIgNFS6xOgOxY9ElVk8gVu25xGoOxPfXXWJ9DsQf6i-z_gDiGecvsy4A4iKJK6wtQMzw9QorBxAL8XD0XurdwyZw4WjXQWYljaT8wvjk_LySosyk0pL8orTktNTi1KKy1KJ4IwMjUwNDA0s9A8P4AkMA1IlKgQ"
content-security-policy
script-src 'report-sample' 'nonce-JeHZYqZFR-sRJZ--pNf_jQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
appinstallerios-64.png
cdn.starfiles.co/images/
3 KB
4 KB
Image
General
Full URL
https://cdn.starfiles.co/images/appinstallerios-64.png
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d8731b2fd3a584e177be6ee04b3f9a05be6e32fde2f97993921a8a3bad26e82
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location
http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/appinstallerios-64.png
sf-primary
primary-germany-1
cf-cache-status
HIT
age
2022706
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zluEnrAhVc14IX%2Br%2BAllyEuvADCfCZ4ZHB2Lm8jR7UzWkaGeNqDJOwXWzmKs%2FIRaqYcL%2FJipc8U0u2Vr4Ordv%2FpuBYjANv5YQo3N1VmedvUAvDaBqFYaU7UjWtGbf4jxpWA%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=36709&min_rtt=34505&rtt_var=2585&sent=50&recv=39&lost=0&retrans=0&sent_bytes=33106&recv_bytes=9196&delivery_rate=483&cwnd=21600&unsent_bytes=0&cid=31646aeee4984d07&ts=3978&x=1", cfExtPri, cfHdrFlush;dur=0
content-type
image/webp
content-disposition
inline; filename="appinstallerios-64.webp"
priority
u=3,i
last-modified
Thu, 19 Dec 2024 19:43:30 GMT
cache-control
public, max-age=16070400
cdn-cache-control
public, max-age=7776000
pragma
cache
onion-location
http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/appinstallerios-64.png
referrer-policy
same-origin
x-xss-protection
1; mode=block
server
cloudflare
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
cf-polished
origFmt=png, origSize=4199
date
Sun, 12 Jan 2025 07:02:38 GMT
vary
Accept
sf-primary-cache-status
MISS
access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
900b483a2f9dd9b6-AKL
access-control-allow-origin
*
44d30b2631be
api2.starfiles.co/widget/
Redirect Chain
  • https://cdn.starfiles.co/images/widget/44d30b2631be?type=file&cache=c3e27c0a5be1d9de20b3343d3b3be14b
  • https://api2.starfiles.co/widget/44d30b2631be
0
0

qrcode
api2.starfiles.co/qrcode/
Redirect Chain
  • https://cdn.starfiles.co/qrcode?data=https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa&size=256
  • https://api2.starfiles.co/qrcode/qrcode?data=https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa&size=256
0
0

defaultad.-ads.js
fundingchoicesmessages.google.com/f/AGSKWxVOU8rTY_w6UkaSz91BSACMMg7GSundXlPyfQ98DK5gwa64m1X2g2D-pgo8evqweqn_vdxO95KWfgoUNDVkEn-Cv0rZe46fPAbPyVxhQDYduXObVrqYln1oWTDCeVSpvMJ6WmJhzW-G601-zVsvgkZ8S3bJF...
54 B
109 B
Script
General
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVOU8rTY_w6UkaSz91BSACMMg7GSundXlPyfQ98DK5gwa64m1X2g2D-pgo8evqweqn_vdxO95KWfgoUNDVkEn-Cv0rZe46fPAbPyVxhQDYduXObVrqYln1oWTDCeVSpvMJ6WmJhzW-G601-zVsvgkZ8S3bJFxzcvDTaMwFStmzhH-eGod1N8U9L61W7/_/showad./defaultad.-ads.js?/frame_ads_/cjadsprite.
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.Vf_AiLhhQSY.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMyUXsfdAbPVgOXOPe43fWNEE7LamA/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s06-in-f14.1e100.net
Software
ESF /
Resource Hash
41c01fd251a3ec70da43ae7cf97214b602297a94fd0e9ab0b6f8af2f195744e4
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-fY45rknN0NfUDyppu1NXWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:38 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmLw0ZBikPj6kkkLiJ3SZ7CGAHHrzXOs04HYaO15VhcgTvp3nrUEiA0VLrE6A7Fj0SVWTyBW7bnEag7E99ddYn0OxB_qL7P-AOIZ5y-zLgDiIokrrC1AzPD1CisHEAvxcPRd6t3DJnDh7uoHTEoaSfmF8cn5eSVFmUmlJflFaclpqcWpRWWpRfFGBkamBoYGlnoGhvEFhgCeU0XW"
content-security-policy
script-src 'report-sample' 'nonce-fY45rknN0NfUDyppu1NXWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
rum.js
pagead2.googlesyndication.com/pagead/js/
71 KB
26 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.Vf_AiLhhQSY.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMyUXsfdAbPVgOXOPe43fWNEE7LamA/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s17-in-f2.1e100.net
Software
cafe /
Resource Hash
f76aaef0f3aa78729e6226f1f28613123bbc9089ae4358b8431a13016b473499
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
etag
3510596750839774787
age
1967
x-content-type-options
nosniff
expires
Sun, 12 Jan 2025 07:29:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sun, 12 Jan 2025 06:29:51 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
26280
x-xss-protection
0
server
cafe
AGSKWxVApnC5Rws8v_gKDxi-V-tC8ab_C0BIuJEVpPrT0gtGwaICLDT0GaKszmeLQGXv48oc_Ul_cMb1aJlEnjbm3yn0L81OrDss7iXt4F3AR7LL2oQ-tfOLhN55eCuqK2A0rOK0XCL12A==
fundingchoicesmessages.google.com/el/
0
28 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVApnC5Rws8v_gKDxi-V-tC8ab_C0BIuJEVpPrT0gtGwaICLDT0GaKszmeLQGXv48oc_Ul_cMb1aJlEnjbm3yn0L81OrDss7iXt4F3AR7LL2oQ-tfOLhN55eCuqK2A0rOK0XCL12A==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.Vf_AiLhhQSY.es5.O/am=BgM/d=1/rs=AJlcJMyZGta0LWIQoSgk-czkdEIrg-9tuA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s06-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-UDdfX0eDMDtaKKf6C7QtKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain
Referer

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:38 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw15BicEqfwRoExB_qL7P-AGKGr1dYOYBYiIej71LvHjaBG2cWrmdWcknKL4xPzs8rSc0r0U1MKdYFsYsyk0pL8otQ2KllIBU5-enpmXnp8UYGRqYGhgaWegbG8QWGAPheKtk"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-UDdfX0eDMDtaKKf6C7QtKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://starfiles.co
content-length
0
x-xss-protection
0
server
ESF
AGSKWxVApnC5Rws8v_gKDxi-V-tC8ab_C0BIuJEVpPrT0gtGwaICLDT0GaKszmeLQGXv48oc_Ul_cMb1aJlEnjbm3yn0L81OrDss7iXt4F3AR7LL2oQ-tfOLhN55eCuqK2A0rOK0XCL12A==
fundingchoicesmessages.google.com/el/
0
28 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVApnC5Rws8v_gKDxi-V-tC8ab_C0BIuJEVpPrT0gtGwaICLDT0GaKszmeLQGXv48oc_Ul_cMb1aJlEnjbm3yn0L81OrDss7iXt4F3AR7LL2oQ-tfOLhN55eCuqK2A0rOK0XCL12A==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.Vf_AiLhhQSY.es5.O/am=BgM/d=1/rs=AJlcJMyZGta0LWIQoSgk-czkdEIrg-9tuA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s06-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-jpyE65CG6I9y_YZ8med5KA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain
Referer

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:38 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw1JBicEqfwRoExB_qL7P-AGKGr1dYOYBYiIej71LvHjaBF---b2ZWcknKL4xPzs8rSc0r0U1MKdYFsYsyk0pL8otQ2KllIBU5-enpmXnp8UYGRqYGhgaWegbG8QWGAB33K18"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-jpyE65CG6I9y_YZ8med5KA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://starfiles.co
content-length
0
x-xss-protection
0
server
ESF
AGSKWxVApnC5Rws8v_gKDxi-V-tC8ab_C0BIuJEVpPrT0gtGwaICLDT0GaKszmeLQGXv48oc_Ul_cMb1aJlEnjbm3yn0L81OrDss7iXt4F3AR7LL2oQ-tfOLhN55eCuqK2A0rOK0XCL12A==
fundingchoicesmessages.google.com/el/
0
28 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVApnC5Rws8v_gKDxi-V-tC8ab_C0BIuJEVpPrT0gtGwaICLDT0GaKszmeLQGXv48oc_Ul_cMb1aJlEnjbm3yn0L81OrDss7iXt4F3AR7LL2oQ-tfOLhN55eCuqK2A0rOK0XCL12A==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.Vf_AiLhhQSY.es5.O/am=BgM/d=1/rs=AJlcJMyZGta0LWIQoSgk-czkdEIrg-9tuA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s06-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce--2Hv9tU3QpTXcVvqk9Gd4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain
Referer

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:38 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw0JBicEqfwRoExB_qL7P-AGKGr1dYOYBYiIej71LvHjaBCSum7GJWcknKL4xPzs8rSc0r0U1MKdYFsYsyk0pL8otQ2KllIBU5-enpmXnp8UYGRqYGhgaWegbG8QWGANGxKlw"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce--2Hv9tU3QpTXcVvqk9Gd4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://starfiles.co
content-length
0
x-xss-protection
0
server
ESF
AGSKWxVApnC5Rws8v_gKDxi-V-tC8ab_C0BIuJEVpPrT0gtGwaICLDT0GaKszmeLQGXv48oc_Ul_cMb1aJlEnjbm3yn0L81OrDss7iXt4F3AR7LL2oQ-tfOLhN55eCuqK2A0rOK0XCL12A==
fundingchoicesmessages.google.com/el/
0
28 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVApnC5Rws8v_gKDxi-V-tC8ab_C0BIuJEVpPrT0gtGwaICLDT0GaKszmeLQGXv48oc_Ul_cMb1aJlEnjbm3yn0L81OrDss7iXt4F3AR7LL2oQ-tfOLhN55eCuqK2A0rOK0XCL12A==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.Vf_AiLhhQSY.es5.O/am=BgM/d=1/rs=AJlcJMyZGta0LWIQoSgk-czkdEIrg-9tuA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s06-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-HqnmcjABeNd-KKmTz5LDoA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain
Referer

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:38 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmII1JBicEqfwRoExB_qL7P-AGKGr1dYOYBYiIej71LvHjaBFecebmdWcknKL4xPzs8rSc0r0U1MKdYFsYsyk0pL8otQ2KllIBU5-enpmXnp8UYGRqYGhgaWegbG8QWGAABRKvU"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-HqnmcjABeNd-KKmTz5LDoA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://starfiles.co
content-length
0
x-xss-protection
0
server
ESF
AGSKWxXktx_Vz1juxzNj7Kow4z1W2nqK6tc5NHoHK6j0VKWY5Fc7i2a6E_L4qVnQrpcFa7xcj-IluAKsxTTSpu20kYGYk_Fhw3iLr8ZjnAEooAWOHmbhRPgHQQd2ZfisjH3d_bkxUridbg==
fundingchoicesmessages.google.com/f/
3 KB
2 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXktx_Vz1juxzNj7Kow4z1W2nqK6tc5NHoHK6j0VKWY5Fc7i2a6E_L4qVnQrpcFa7xcj-IluAKsxTTSpu20kYGYk_Fhw3iLr8ZjnAEooAWOHmbhRPgHQQd2ZfisjH3d_bkxUridbg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM2NjY1MzU4LDgzMTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9zdGFyZmlsZXMuY28vZmlsZS80NGQzMGIyNjMxYmUvemluaXRldmlhZGhvYy1pcGEiLG51bGwsW1s4LCJWZl9BaUxoaFFTWSJdLFs5LCJlbi1HQiJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.Vf_AiLhhQSY.es5.O/am=BgM/d=1/rs=AJlcJMyZGta0LWIQoSgk-czkdEIrg-9tuA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s06-in-f14.1e100.net
Software
ESF /
Resource Hash
7fd580c13f2cd031671833d15cbbf4c8c50c9453f9637487d6c01e3b5e6c9a15
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-EHLBURyzaGi2CERpzCYldQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:38 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjqtDikmJw1ZBiOHnrNtNFIJb4-pJJC4id0mewhgBx681zrNOB2GjteVYXIE76d561BIgNFS6xOgOxY9ElVk8gVu25xGoOxPfXXWJ9DsQf6i-z_gDiGecvsy4A4iKJK6wtQMzw9QorBxAL8XD0XerdwyZw4PnZXcxKGkn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUXxRgZGpgaGBpZ6BobxBYYA5nlK1g"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-EHLBURyzaGi2CERpzCYldQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
AGSKWxWg-Vzdzn2fdAxDxj9Utx5XYny9Rclx48CQ5qjsCelAeIlrJrQdkx6VFZWeEYIGagxOmuYM6KQx8VhrgimW149tNLttDGf6lfM3Shsp7toDokisCzyBS_lKMUlTGJVtnwTdJdX8EQ==
fundingchoicesmessages.google.com/el/
0
28 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWg-Vzdzn2fdAxDxj9Utx5XYny9Rclx48CQ5qjsCelAeIlrJrQdkx6VFZWeEYIGagxOmuYM6KQx8VhrgimW149tNLttDGf6lfM3Shsp7toDokisCzyBS_lKMUlTGJVtnwTdJdX8EQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.Vf_AiLhhQSY.es5.O/am=BgM/d=1/rs=AJlcJMyZGta0LWIQoSgk-czkdEIrg-9tuA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s06-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-mNPoAPJPfAl1f9KUiM0YKA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain
Referer

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:39 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw1JBicEqfwRoExB_qL7P-AGKGr1dYOYBYiJuj_1LvHjaBBcvWmCm5JOUXxifn55Wk5pXoJqYU64LYRZlJpSX5RSjs1DKQipz89PTMvPR4IwMjUwNDA0s9A-P4AkMAqbcqBA"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-mNPoAPJPfAl1f9KUiM0YKA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://starfiles.co
content-length
0
x-xss-protection
0
server
ESF
AGSKWxVApnC5Rws8v_gKDxi-V-tC8ab_C0BIuJEVpPrT0gtGwaICLDT0GaKszmeLQGXv48oc_Ul_cMb1aJlEnjbm3yn0L81OrDss7iXt4F3AR7LL2oQ-tfOLhN55eCuqK2A0rOK0XCL12A==
fundingchoicesmessages.google.com/el/
0
28 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVApnC5Rws8v_gKDxi-V-tC8ab_C0BIuJEVpPrT0gtGwaICLDT0GaKszmeLQGXv48oc_Ul_cMb1aJlEnjbm3yn0L81OrDss7iXt4F3AR7LL2oQ-tfOLhN55eCuqK2A0rOK0XCL12A==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.Vf_AiLhhQSY.es5.O/am=BgM/d=1/rs=AJlcJMyZGta0LWIQoSgk-czkdEIrg-9tuA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s06-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-S_WYqkaQmulsqfanrEgQtg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain
Referer

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:39 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw0JBicEqfwRoExB_qL7P-AGKGr1dYOYBYiJuj_1LvHjaBA_vOWCm5JOUXxifn55Wk5pXoJqYU64LYRZlJpSX5RSjs1DKQipz89PTMvPR4IwMjUwNDA0s9A-P4AkMAw3wqXw"
content-security-policy
script-src 'report-sample' 'nonce-S_WYqkaQmulsqfanrEgQtg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://starfiles.co
content-length
0
x-xss-protection
0
server
ESF
stars-5.svg
cdn.trustpilot.net/brand-assets/4.1.0/stars/
2 KB
1 KB
Image
General
Full URL
https://cdn.trustpilot.net/brand-assets/4.1.0/stars/stars-5.svg
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.158.32.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-158-32-97.syd3.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
da694facc08b1b4e4639b29f607547b51743e29db6f87ee33852f4115b97f376

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-amz-cf-pop
SYD3-P2
vary
Accept-Encoding
cache-control
public, max-age=31536000
content-encoding
gzip
etag
W/"64883a012ca0adaa9d04c153ff3e6478"
age
22427027
via
1.1 35e7be28d84a15b9277bceb653af4b4c.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
oELZ5qsRuSjC9riIXg7hgUJOdYZc2_DnN38VRO8eYWHakqg4y-wGYg==
date
Sat, 27 Apr 2024 17:18:52 GMT
content-type
image/svg+xml
last-modified
Wed, 12 Jun 2019 14:13:13 GMT
x-amz-meta-cache-control
public, max-age=31536000
server
AmazonS3
x-amz-server-side-encryption
AES256
featured.svg
api.producthunt.com/widgets/embed-image/v1/
2 KB
1 KB
Image
General
Full URL
https://api.producthunt.com/widgets/embed-image/v1/featured.svg?post_id=281011&theme=dark
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.126.118 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
df8f16dbb4e42d0e1d4db01ced826e12f830f7d84b1ed43b4122e1aa3dd3a1fe
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-request-id
c8ba429f-4e1c-4aeb-a938-c39c37df3089
content-encoding
br
cf-cache-status
HIT
etag
W/"df8f16dbb4e42d0e1d4db01ced826e12"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Sun, 12 Jan 2025 11:02:40 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sun, 12 Jan 2025 07:02:40 GMT
content-type
image/svg+xml
vary
Accept-Encoding
x-runtime
0.013117
priority
u=3,i
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; includeSubDomains; preload
cache-control
public, max-age=14400
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
cf-ray
900b48400d6ad9a8-AKL
x-xss-protection
1; mode=block
server
cloudflare
patreon-64.png
cdn.starfiles.co/images/
938 B
2 KB
Image
General
Full URL
https://cdn.starfiles.co/images/patreon-64.png
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87bddb29802e457fdfc137657726384b3cc188ba19d4acdb6fd06e4b9135e0dd
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location
http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/patreon-64.png
sf-primary
primary-germany-1
cf-cache-status
HIT
age
1091109
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dTqRG3bEGtdulbI2MZY%2Fz%2FYiSUGdKYQDZvteckU0wOC08MU4SbYUpEi9Q3wJRxoOWrXgSnBad0Ooo4eq3RGypk36OI7bH41pFIj%2BxP6dI8jXORyU3kfVLoQoFpYH2ngA4kQ%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=38074&min_rtt=34505&rtt_var=4832&sent=67&recv=48&lost=0&retrans=0&sent_bytes=49936&recv_bytes=12760&delivery_rate=1822&cwnd=21600&unsent_bytes=0&cid=31646aeee4984d07&ts=4882&x=1", cfExtPri, cfHdrFlush;dur=0
content-type
image/webp
content-disposition
inline; filename="patreon-64.webp"
priority
u=3,i
last-modified
Mon, 30 Dec 2024 03:58:01 GMT
cache-control
public, max-age=16070400
cdn-cache-control
public, max-age=7776000
pragma
cache
onion-location
http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/patreon-64.png
referrer-policy
same-origin
x-xss-protection
1; mode=block
server
cloudflare
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
cf-polished
origFmt=png, origSize=1933
date
Sun, 12 Jan 2025 07:02:39 GMT
vary
Accept
sf-primary-cache-status
MISS
access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
900b483fcabbd9b6-AKL
access-control-allow-origin
*
doge-64.png
cdn.starfiles.co/images/
4 KB
5 KB
Image
General
Full URL
https://cdn.starfiles.co/images/doge-64.png
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ac33819488de47f25c6a3788e583d04964914c5aa09b83320bac6ffc8a1923e
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location
http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/doge-64.png
sf-primary
primary-germany-1
cf-cache-status
HIT
age
2004350
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ojrNd8iiGJS%2BE3ihQRmdLcuhoBvHuWq69%2Fy0v1HiNJ8i%2BSldAZ0tQM2QZMzJKZ1THx2a6Vz5Bqi5vHKbyZcqCa4O43Dya4kc%2BR2CEaSVrb1d%2BUcm%2FxnkzrnErBehrE%2BNjyA%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=38074&min_rtt=34505&rtt_var=4832&sent=58&recv=48&lost=0&retrans=0&sent_bytes=39677&recv_bytes=12760&delivery_rate=1822&cwnd=21600&unsent_bytes=0&cid=31646aeee4984d07&ts=4879&x=1", cfExtPri, cfHdrFlush;dur=0
content-type
image/webp
content-disposition
inline; filename="doge-64.webp"
priority
u=3,i
last-modified
Thu, 19 Dec 2024 01:18:03 GMT
cache-control
public, max-age=16070400
cdn-cache-control
public, max-age=7776000
pragma
cache
onion-location
http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/doge-64.png
referrer-policy
same-origin
x-xss-protection
1; mode=block
server
cloudflare
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
cf-polished
origFmt=png, origSize=5733
date
Sun, 12 Jan 2025 07:02:39 GMT
vary
Accept
sf-primary-cache-status
MISS
access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
900b483fcabed9b6-AKL
access-control-allow-origin
*
bitcoin-64.png
cdn.starfiles.co/images/
1 KB
2 KB
Image
General
Full URL
https://cdn.starfiles.co/images/bitcoin-64.png
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9640bf1795ad4d606d37bf3a223f72f7f089242f745c4182843820dcd73d55f
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location
http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/bitcoin-64.png
sf-primary
primary-germany-1
cf-cache-status
HIT
age
1091109
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IVx%2BnHfD35ZsEmHjplso7BJHKrjtA0UVmpUueut51fyvDAlIGwL9zpMogOwAPeBEnjNBA6CR619y%2FTpAIfFosTK6h%2BQh1c6X5RIAqXoAorK16zwXjbgftY2XTQVw4244TK0%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=38074&min_rtt=34505&rtt_var=4832&sent=65&recv=48&lost=0&retrans=0&sent_bytes=47540&recv_bytes=12760&delivery_rate=1822&cwnd=21600&unsent_bytes=0&cid=31646aeee4984d07&ts=4882&x=1", cfExtPri, cfHdrFlush;dur=0
content-type
image/webp
content-disposition
inline; filename="bitcoin-64.webp"
priority
u=3,i
last-modified
Wed, 18 Dec 2024 22:01:24 GMT
cache-control
public, max-age=16070400
cdn-cache-control
public, max-age=7776000
pragma
cache
onion-location
http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/bitcoin-64.png
referrer-policy
same-origin
x-xss-protection
1; mode=block
server
cloudflare
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
cf-polished
origFmt=png, origSize=2360
date
Sun, 12 Jan 2025 07:02:39 GMT
vary
Accept
sf-primary-cache-status
MISS
access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
900b483fcabfd9b6-AKL
access-control-allow-origin
*
bitcoincash-64.png
cdn.starfiles.co/images/
1006 B
2 KB
Image
General
Full URL
https://cdn.starfiles.co/images/bitcoincash-64.png
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13a5cf1b83d072d7532d4f3955015820c5ad18e936151fc820667f3b0102f5f9
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location
http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/bitcoincash-64.png
sf-primary
primary-germany-1
cf-cache-status
HIT
age
2004344
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KyMr1b3%2BIY5dpxCuoWfUKTOhP9IDOBaZgkv7O2sTbwNso0pQecX6phqjUjaT16MPyxCaqn1NISKTnmxmb47YDSg4ATpb2oE2%2BO6iqebDamRbBiUX7foi1tW6PiFZk3ZMIi0%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=38074&min_rtt=34505&rtt_var=4832&sent=69&recv=48&lost=0&retrans=0&sent_bytes=52218&recv_bytes=12760&delivery_rate=1822&cwnd=21600&unsent_bytes=0&cid=31646aeee4984d07&ts=4884&x=1", cfExtPri, cfHdrFlush;dur=0
content-type
image/webp
content-disposition
inline; filename="bitcoincash-64.webp"
priority
u=3,i
last-modified
Wed, 18 Dec 2024 22:01:24 GMT
cache-control
public, max-age=16070400
cdn-cache-control
public, max-age=7776000
pragma
cache
onion-location
http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/bitcoincash-64.png
referrer-policy
same-origin
x-xss-protection
1; mode=block
server
cloudflare
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
cf-polished
origFmt=png, origSize=2468
date
Sun, 12 Jan 2025 07:02:39 GMT
vary
Accept
sf-primary-cache-status
MISS
access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
900b483fcac0d9b6-AKL
access-control-allow-origin
*
ethereum-64.png
cdn.starfiles.co/images/
1 KB
2 KB
Image
General
Full URL
https://cdn.starfiles.co/images/ethereum-64.png
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14d8fcaf2ec89003fb9fbbe591428437aedc458544648d302bbcf2135fb707dc
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

i2p-location
http://cdn.vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/images/ethereum-64.png
sf-primary
primary-germany-1
cf-cache-status
HIT
age
107629
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wm5mLHf5wVX4Pohi54VJIJGtykXlNzLcwTp0pNGg3kV2sJdNbewjgx19Y3wtFx4dEo7SiD%2B8msSdMvhCL8FwpMQh7tywrGimIFK4%2F8ZoQ6SuapQEZDttSSUeQuS%2BGVHennY%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=38074&min_rtt=34505&rtt_var=4832&sent=63&recv=48&lost=0&retrans=0&sent_bytes=45151&recv_bytes=12760&delivery_rate=1822&cwnd=21600&unsent_bytes=0&cid=31646aeee4984d07&ts=4880&x=1", cfExtPri, cfHdrFlush;dur=0
content-type
image/webp
content-disposition
inline; filename="ethereum-64.webp"
priority
u=3,i
last-modified
Fri, 10 Jan 2025 00:56:54 GMT
cache-control
public, max-age=16070400
cdn-cache-control
public, max-age=7776000
pragma
cache
onion-location
http://cdn.starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/images/ethereum-64.png
referrer-policy
same-origin
x-xss-protection
1; mode=block
server
cloudflare
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
cf-polished
origFmt=png, origSize=2426
date
Sun, 12 Jan 2025 07:02:39 GMT
vary
Accept
sf-primary-cache-status
HIT
access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
900b483fcac1d9b6-AKL
access-control-allow-origin
*
invoke.js
pl22439263.profitablegatecpm.com/3ec188bf80670554461a35ea9780534a/
0
0
Script
General
Full URL
https://pl22439263.profitablegatecpm.com/3ec188bf80670554461a35ea9780534a/invoke.js
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.19.5 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date
Sun, 12 Jan 2025 07:02:40 GMT
Content-Type
application/javascript
Host
pl22439263.profitablegatecpm.com
Server
nginx/1.19.5
rocket-loader.min.js
starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/
12 KB
4 KB
Script
General
Full URL
https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa

Response headers

x-frame-options
DENY
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=172800, public
content-encoding
gzip
etag
W/"677d3aee-302c"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pEQQAI7uJPZLqQlkwr03oVeEWp7SWLCCkFKyuzc2XhRPeny1WlJJ6NgJstWnD%2BLN9K0qAXOU%2Fn%2Bkr3QYdx0l2f%2BAyQvowApPFltqCSFcac%2FGJAyZ2XhjBdZMmTN%2BXw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
900b4845f9cfd9a3-AKL
expires
Tue, 14 Jan 2025 07:02:40 GMT
date
Sun, 12 Jan 2025 07:02:40 GMT
content-type
application/javascript
last-modified
Tue, 07 Jan 2025 14:32:14 GMT
server
cloudflare
vary
Accept-Encoding
dmedianet.js
contextual.media.net/
101 KB
38 KB
Script
General
Full URL
https://contextual.media.net/dmedianet.js?cid=8CUOZHD8E
Requested by
Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.45.82 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-196-45-82.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c489fac02e6a1453bb831958af2b75652a4d9e1e2f3d8378ff9e8c5c267b070e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-mnt-h
22-7th2
strict-transport-security
max-age=31536000
x-mnt-w
22-7kjm
cache-control
max-age=300
timing-allow-origin
*
content-encoding
gzip
etag
"974308f231eceb67add16a2058b36c19"
expires
Sun, 12 Jan 2025 07:07:40 GMT
alt-svc
h3=":443"; ma=93600
content-length
38539
date
Sun, 12 Jan 2025 07:02:40 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
server
Apache
beacon.min.js
static.cloudflareinsights.com/
19 KB
7 KB
Script
General
Full URL
https://static.cloudflareinsights.com/beacon.min.js
Requested by
Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"2024.6.1"
cross-origin-resource-policy
cross-origin
cf-ray
900b4846bd67d9bf-AKL
access-control-allow-origin
*
date
Sun, 12 Jan 2025 07:02:40 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
vary
Accept-Encoding
server
cloudflare
starfilesreact.min.js
cdn.jsdelivr.net/combine/gh/QuixThe2nd/Starfiles-JSDelivr@latest/js/functions.min.js,gh/QuixThe2nd/Starfiles-JSDelivr@latest/js/head.min.js,npm/clipboard@2/dist/clipboard.min.js,gh/QuixThe2nd/Starf...
0
0

js
www.googletagmanager.com/gtag/
413 KB
134 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-5NQRXX08WX
Requested by
Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:814::2008 Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e89fe85eb6958f36390650daa5cf867710e49020540478da172ea3abcb2f2bab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Sun, 12 Jan 2025 07:02:40 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:40 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
136472
x-xss-protection
0
server
Google Tag Manager
main.js
starfiles.co/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/ Frame D557
Redirect Chain
  • https://starfiles.co/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://starfiles.co/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js?
8 KB
5 KB
Script
General
Full URL
https://starfiles.co/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js?
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3515519f508635c1952b3ad1fad13bd1d6ad99386dfccbf92ec3d54bfdedb268
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h0Ksm7KHQVSi4sk8dMAa6S7Hboae0ect11wFwNj%2F31Pl0ZjWJeTxnwV4APgHfzqIG4qx6uTZF0EDq8lzaPgT3F2a7vrUn4DrzbsAVTClO2oFlh%2FpHBKEecgyICSWgg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=36946&min_rtt=34635&rtt_var=2876&sent=54&recv=34&lost=0&retrans=0&sent_bytes=42536&recv_bytes=6866&delivery_rate=17905&cwnd=12000&unsent_bytes=0&cid=b1ed9d19674cc973&ts=14151&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sun, 12 Jan 2025 07:02:40 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
priority
u=3,i=?0
x-frame-options
SAMEORIGIN
cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
same-origin
cf-ray
900b48468b09d9a3-AKL
x-xss-protection
1; mode=block
server
cloudflare

Redirect headers

expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9UfGf9LuF6SLZFk8S7jlDavK7pSxvz9zhkn2vkWEDE69AjeTiCiV84Q%2Fym%2BFxUtTEKeMkCBbwRQ268SNl3WvptrMLns7ArVl%2FpWdFOz%2FPH4%2BTipzDLC44Ror7DaTqg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=36299&min_rtt=34635&rtt_var=2107&sent=52&recv=33&lost=0&retrans=0&sent_bytes=41732&recv_bytes=6392&delivery_rate=112081&cwnd=12000&unsent_bytes=0&cid=b1ed9d19674cc973&ts=14108&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sun, 12 Jan 2025 07:02:40 GMT
vary
Accept-Encoding
priority
u=3,i=?0
x-frame-options
SAMEORIGIN
cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js?
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
same-origin
cf-ray
900b48464a83d9a3-AKL
access-control-allow-origin
*
content-length
0
x-xss-protection
1; mode=block
server
cloudflare
sodar
ep1.adtrafficquality.google/getconfig/
17 KB
13 KB
XHR
General
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20250108&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.204.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s25-in-f2.1e100.net
Software
cafe /
Resource Hash
34e0312abc366790a078637477474a7046f591e3a8f77c3b5e453a42af372bf2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
13227
date
Sun, 12 Jan 2025 07:02:40 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
logo.svg
cdn.jsdelivr.net/gh/QuixThe2nd/Starfiles-JSDelivr@latest/images/
2 KB
1 KB
Other
General
Full URL
https://cdn.jsdelivr.net/gh/QuixThe2nd/Starfiles-JSDelivr@latest/images/logo.svg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.186.31 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f83261e1f4e0ea00c3bc3df4b4f02f8e1784629e22b588d6cc3b6af76d48da40
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-expose-headers
*
content-encoding
br
cf-cache-status
HIT
etag
W/"80c-q8ZnCOhJgocQuydOFm8zhM7UsWw"
age
13869
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JolCImBYOaBCfQVg4fDxdT2uOjeh18KsfrjhhO8uOCHIkBhRrgIFYFtw2pdWmrbJFNeTnKSmgzPGtP80S2UUBSP3KDO02dL13AbZwYxnA%2F%2FhN3FoO2L3yxc3zAUt5tMKv9E%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-jsd-version-type
branch
alt-svc
h3=":443"; ma=86400
x-cache
HIT, HIT
server-timing
cfExtPri
date
Sun, 12 Jan 2025 07:02:40 GMT
content-type
image/svg+xml
x-served-by
cache-fra-eddf8230021-FRA, cache-lga21922-LGA
vary
Accept-Encoding
priority
u=1,i
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
900b4846a812d993-AKL
accept-ranges
bytes
access-control-allow-origin
*
content-length
800
server
cloudflare
x-jsd-version
master
900b47ee6a30d9a3
starfiles.co/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame D557
0
1 KB
XHR
General
Full URL
https://starfiles.co/cdn-cgi/challenge-platform/h/b/jsd/r/900b47ee6a30d9a3
Requested by
Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9W4DDrg6MnuQrD64GfgvFwKWIXT32JJFqRWeY7PQ8y0ZYZq7AjZ4KUDibqfxxLev%2BhMFlDJCO%2FYN58YVex4ncbqgxb%2BUddhLhnwAWgvYx%2F5t15GXxaFliLuV5zjnIw%3D%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy
same-origin
x-content-type-options
nosniff
cf-ray
900b48474c79d9a3-AKL
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=38152&min_rtt=34635&rtt_var=3043&sent=66&recv=52&lost=0&retrans=0&sent_bytes=47600&recv_bytes=24349&delivery_rate=121093&cwnd=12000&unsent_bytes=0&cid=b1ed9d19674cc973&ts=14276&x=1", cfExtPri, cfHdrFlush;dur=0
content-length
0
date
Sun, 12 Jan 2025 07:02:40 GMT
x-xss-protection
1; mode=block
content-type
text/plain; charset=UTF-8
server
cloudflare
priority
u=1,i
x-frame-options
SAMEORIGIN
logo.svg
cdn.jsdelivr.net/gh/QuixThe2nd/Starfiles-JSDelivr@latest/images/
2 KB
0
Other
General
Full URL
https://cdn.jsdelivr.net/gh/QuixThe2nd/Starfiles-JSDelivr@latest/images/logo.svg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.186.31 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f83261e1f4e0ea00c3bc3df4b4f02f8e1784629e22b588d6cc3b6af76d48da40
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-expose-headers
*
content-encoding
br
cf-cache-status
HIT
etag
W/"80c-q8ZnCOhJgocQuydOFm8zhM7UsWw"
age
13869
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JolCImBYOaBCfQVg4fDxdT2uOjeh18KsfrjhhO8uOCHIkBhRrgIFYFtw2pdWmrbJFNeTnKSmgzPGtP80S2UUBSP3KDO02dL13AbZwYxnA%2F%2FhN3FoO2L3yxc3zAUt5tMKv9E%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-jsd-version-type
branch
alt-svc
h3=":443"; ma=86400
x-cache
HIT, HIT
server-timing
cfExtPri
date
Sun, 12 Jan 2025 07:02:40 GMT
content-type
image/svg+xml
x-served-by
cache-fra-eddf8230021-FRA, cache-lga21922-LGA
vary
Accept-Encoding
priority
u=1,i
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
900b4846a812d993-AKL
accept-ranges
bytes
access-control-allow-origin
*
content-length
800
server
cloudflare
x-jsd-version
master
favicon.ico
starfiles.co/
15 KB
6 KB
Other
General
Full URL
https://starfiles.co/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
61ed8b74b5914ab06737a2b39ac5d40e6b88befaf44238f0c677197ced1980f1
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa

Response headers

i2p-location
http://vnt23fy3n5qiwojrkcec2i3ac6w5gkacdyrf2gobid6xjnq53ffq.b32.i2p/favicon.ico
sf-primary
primary-germany-1
content-encoding
br
cf-cache-status
HIT
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6dPhTgXaxq0HkhW0sRmjAd65%2BcuznTKbELOV2iYhvV%2Bt0nQ1n1I1nc5JhimeofBLvaFlHBLAir4v5YqT6B8AZ9ccW%2FX%2Fg%2FJn9%2Fx7ipKvrkXgoCDJJje6grutaSr%2BhA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET,POST,OPTIONS,DELETE,PUT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=39644&min_rtt=34635&rtt_var=5266&sent=68&recv=54&lost=0&retrans=0&sent_bytes=48800&recv_bytes=24945&delivery_rate=15782&cwnd=12000&unsent_bytes=0&cid=b1ed9d19674cc973&ts=15175&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sun, 12 Jan 2025 07:02:41 GMT
content-type
image/vnd.microsoft.icon
last-modified
Sun, 12 Jan 2025 07:00:04 GMT
vary
Accept-Encoding
sf-primary-cache-status
MISS
access-control-allow-headers
Accept, Content-Type, Authorization, Origin, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Headers, Access-Control-Allow-Origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
cache-control
public, max-age=5356800
cdn-cache-control
public, max-age=300
priority
u=1,i
pragma
cache
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
onion-location
http://starfilesmj35tuw5bf7qaxfpf4d6tydvqjbftzw23t3ghtjreyx45id.onion/favicon.ico
referrer-policy
same-origin
cf-ray
900b48475c9fd9a3-AKL
access-control-allow-origin
*
x-xss-protection
1; mode=block
server
cloudflare
pub-7198310321194757
fundingchoicesmessages.google.com/b/
17 KB
7 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/b/pub-7198310321194757
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s06-in-f14.1e100.net
Software
ESF /
Resource Hash
65d433ec4fa4c9f5635d70645792944ac7af507be63bcbe1c2fafc1270069695
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-EFsgxihoRyIpNeJZeD1NCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:40 GMT
content-type
application/javascript; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjqtDikmII0pBiOHnrNtNFIJb4-pJJC4id0mewhgBx681zrNOB2GjteVYXIE76d561BIgNFS6xOgOxY9ElVk8gVu25xGoOxPfXXWJ9DsQf6i-z_gDiGecvsy4A4iKJK6wtQMzw9QorBxAL8XBMuNS7h03gxa63p5iVNJLyC-OT8_NKijKTSkvyi9KS01KLU4vKUovijQyMTA0MDSz1DAzjCwwB90FLEA"
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-EFsgxihoRyIpNeJZeD1NCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy
cross-origin
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection
0
server
ESF
invoke.js
www.topcreativeformat.com/8c1929f123f4bb7f86703573ff51e04d/
0
0
Script
General
Full URL
https://www.topcreativeformat.com/8c1929f123f4bb7f86703573ff51e04d/invoke.js
Requested by
Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.21.6 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date
Sun, 12 Jan 2025 07:02:41 GMT
Content-Type
application/javascript
Host
www.topcreativeformat.com
Server
nginx/1.21.6
SAFEFRAME.html
contextual.media.net/sr/1017354394/ Frame 956E
0
0
Document
General
Full URL
https://contextual.media.net/sr/1017354394/SAFEFRAME.html?ule=408&&kkdd=Hh%7CH%7CA*9n&ox=yQBccc(BcbmyvW(mcWW&X4_9=b&Aj_s=b&~jq_=b&V4o=y2((&6jVu=CQ2v&Vx4=mZe*kndm5&V_V4=JzxCTN2BR1QwNm((aQvta1%3D%3D&V9x4=Bm(v((WBb&jxSu=QvmPWb&VV=pk&q66_j=y&9uzl9R=q66_j%3A%2F%2Fj6s9IxRujLV3%2FIxRu%2F224BbDvcByDu%2FSx8x6uoxs4q3V!x_s&8ju=(&lX4=2&x~=ycbb&AVI=cbvQv&_Xx4=_yvbycyB2BWb6vbv(byyvbQbv&_Xx4j=y&q6ARj9V=y&sflct=4662095&6VIiVA_=y&ure=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CUOZHD8E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.45.82 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-196-45-82.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=93600
cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
content-length
320
content-type
text/html
date
Sun, 12 Jan 2025 07:02:41 GMT
expires
Sun, 12 Jan 2025 07:02:41 GMT
pragma
no-cache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-sc-h
21-pdts
bping.php
lg3.media.net/
35 B
368 B
Image
General
Full URL
https://lg3.media.net/bping.php?vgd_len=610&&vgd_cdv=1455&vgd_cage=5&vgd_tsce=L742&vgd_mcf=60272&gdpr=0&mspa=0&wshp=0&prid=8PRHGG6T9&cid=8CUOZHD8E&crid=385255930&vi=1736665360812958699&ugd=4&lf=6&cc=NZ&lper=100&wsip=170785068&r=1736665360888&requrl=https%3A%2F%2Fstarfiles.co%2Ffile%2F44d30b2631be%2Fziniteviadhoc-ipa&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=136557&vgd_rakh=1736665360180261728&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p12016134390t202501120702&vgd_pgids=1&vgd_wshp=0&vgd_uspa=0&vgda_l1btm=%5B%22URLDC%22%5D&hvsid=00001736665360884017329713648968&gdpr=0&mspa=0&wshp=0&vgd_l2type=scs_newfl&vgd_end=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.221.21.71 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-221-21-71.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Strict-Transport-Security
max-age=21600
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Connection
keep-alive
Expires
Sun, 12 Jan 2025 07:02:41 GMT
Access-Control-Allow-Origin
*
Alt-Svc
h3=":443"; ma=93600
Content-Length
35
Date
Sun, 12 Jan 2025 07:02:41 GMT
Content-Type
image/gif
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-5NQRXX08WX&gtm=45je5190v881073661za200&_p=1736665360404&_gaz=1&gcs=G1--&gcd=13l3l3l3l5l1&npa=0&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1816581908.1736665361&ul=en-nz&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1736665361&sct=1&seg=0&dl=https%3A%2F%2Fstarfiles.co%2Ffile%2F44d30b2631be%2Fziniteviadhoc-ipa&dt=zinitevi_adhoc.ipa%20-%20Starfiles&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=14852
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5NQRXX08WX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://starfiles.co
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:41 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/
0
551 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-5NQRXX08WX&cid=1816581908.1736665361&gtm=45je5190v881073661za200&aip=1&dma=0&gcs=G1--&gcd=13l3l3l3l5l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5NQRXX08WX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c0f::9d Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://starfiles.co
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:41 GMT
content-type
text/plain
server
Golfe2
rul
td.doubleclick.net/td/ga/ Frame 83B4
0
0
Document
General
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-5NQRXX08WX&gacid=1816581908.1736665361&gtm=45je5190v881073661za200&dma=0&gcs=G1--&gcd=13l3l3l3l5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&z=186553741
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5NQRXX08WX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:814::2002 Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 12 Jan 2025 07:02:41 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
td
www.googletagmanager.com/
0
341 B
Image
General
Full URL
https://www.googletagmanager.com/td?id=G-5NQRXX08WX&v=3&t=t&pid=1115176927&dl=starfiles.co%2Ffile%2F44d30b2631be%2Fziniteviadhoc-ipa&tdp=G-5NQRXX08WX;81073661;0;0;0&frm=0&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:814::2008 Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgtc:59:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgtc:59:0
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
date
Sun, 12 Jan 2025 07:02:41 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.co.nz/ads/
42 B
63 B
Image
General
Full URL
https://www.google.co.nz/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-5NQRXX08WX&cid=1816581908.1736665361&gtm=45je5190v881073661za200&aip=1&dma=0&gcs=G1--&gcd=13l3l3l3l5l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tag_exp=101925629~102067555~102067808~102081485~102198178&z=564026104
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.221.67 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s31-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sun, 12 Jan 2025 07:02:41 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
AGSKWxVr6A_hvjc5tj8fj0q0nm1qTf1sxJ8gdfep9-6YEh09Ro2YDOxqqKqyaPtpQMNtLdj7WZ130uDW0_orMm7PFEZ-dA==
fundingchoicesmessages.google.com/el/
0
28 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVr6A_hvjc5tj8fj0q0nm1qTf1sxJ8gdfep9-6YEh09Ro2YDOxqqKqyaPtpQMNtLdj7WZ130uDW0_orMm7PFEZ-dA==
Requested by
Host: starfiles.co
URL: https://starfiles.co/file/44d30b2631be/ziniteviadhoc-ipa
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s06-in-f14.1e100.net
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-b5DGc8pWp33j21cEqqwvBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:41 GMT
content-type
text/html; charset=utf-8
x-frame-options
SAMEORIGIN
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw1JBicEqfwRoExB_qL7P-AGKGr1dYOYBYiJtj4qXePWwCDc9Xhim5JOUXxifn55Wk5pXoJqYU64LYRZlJpSX5RSjs1DKQipz89PTMvPR4IwMjUwNDA0s9A-P4AkMAuDAqPA"
content-security-policy
script-src 'report-sample' 'nonce-b5DGc8pWp33j21cEqqwvBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy
same-origin
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin
https://starfiles.co
content-length
0
x-xss-protection
0
server
ESF
invoke.js
www.topcreativeformat.com/dfbe284c9d4e148be30ce00f61f0a5a7/
0
0
Script
General
Full URL
https://www.topcreativeformat.com/dfbe284c9d4e148be30ce00f61f0a5a7/invoke.js
Requested by
Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.21.6 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date
Sun, 12 Jan 2025 07:02:41 GMT
Content-Type
application/javascript
Host
www.topcreativeformat.com
Server
nginx/1.21.6
invoke.js
www.topcreativeformat.com/3429dd4c438cce6c27e962530d0d13fc/
0
0
Script
General
Full URL
https://www.topcreativeformat.com/3429dd4c438cce6c27e962530d0d13fc/invoke.js
Requested by
Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.21.6 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date
Sun, 12 Jan 2025 07:02:42 GMT
Content-Type
application/javascript
Host
www.topcreativeformat.com
Server
nginx/1.21.6
invoke.js
www.topcreativeformat.com/975d2d307064a6c9a68067a3d85b9f44/
0
0
Script
General
Full URL
https://www.topcreativeformat.com/975d2d307064a6c9a68067a3d85b9f44/invoke.js
Requested by
Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.21.6 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date
Sun, 12 Jan 2025 07:02:42 GMT
Content-Type
application/javascript
Host
www.topcreativeformat.com
Server
nginx/1.21.6
invoke.js
www.topcreativeformat.com/32bbe6651313c859b2a743375e1bea0f/
0
0
Script
General
Full URL
https://www.topcreativeformat.com/32bbe6651313c859b2a743375e1bea0f/invoke.js
Requested by
Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.21.6 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date
Sun, 12 Jan 2025 07:02:42 GMT
Content-Type
application/javascript
Host
www.topcreativeformat.com
Server
nginx/1.21.6
invoke.js
www.topcreativeformat.com/f17e6d03e865e747b36807cdeae32475/
0
0
Script
General
Full URL
https://www.topcreativeformat.com/f17e6d03e865e747b36807cdeae32475/invoke.js
Requested by
Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),
Reverse DNS
Software
nginx/1.21.6 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date
Sun, 12 Jan 2025 07:02:42 GMT
Content-Type
application/javascript
Host
www.topcreativeformat.com
Server
nginx/1.21.6
SAFEFRAME.html
contextual.media.net/sr/1017354394/ Frame 3C64
0
0
Document
General
Full URL
https://contextual.media.net/sr/1017354394/SAFEFRAME.html?ule=410&&kkdd=Hu%7C3%7C*AH9n&nU=mVEyyyxEyrymySIEMxx&1fWc=r&4uWl=r&3u(W=r&gfn=mIxx&Rugd=!VIS&gUf=HKL0GbhHP&gWgf=27U!ZwIEkeV6wHxxDVSoDe%3D%3D&gcUf=SVSxSESyV&uUid=Err*Sxr&gg=TG&(RRWu=m&cd7Yck=(RRWu%3A%2F%2FuRlc9UkduBg8%2F9Ukd%2FIIfErXSyEmXd%2FiUOURdnUlf(8gjUWl&Oud=x&Y1f=I&U3=myrr&4g9=yrSVS&W1Uf=WmSrmymEIEMrRSrSxrmmSrVrS&W1Ufu=S&(R4kucg=m&sflct=3092663&Rg9~g4W=m&ure=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CUOZHD8E
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.196.45.82 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-196-45-82.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=93600
cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
content-length
321
content-type
text/html
date
Sun, 12 Jan 2025 07:02:43 GMT
expires
Sun, 12 Jan 2025 07:02:43 GMT
pragma
no-cache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-sc-h
21-t9nw
44d30b2631be
api.starfiles.co/file/fileinfo/
0
0

bping.php
lg3.media.net/
35 B
55 B
Image
General
Full URL
https://lg3.media.net/bping.php?vgd_len=610&&vgd_cdv=1455&vgd_cage=5&vgd_tsce=L742&vgd_mcf=60272&gdpr=0&mspa=0&wshp=0&prid=8PRHGG6T9&cid=8CUOZHD8E&crid=272523267&vi=1736665360616243955&ugd=4&lf=6&cc=NZ&lper=100&wsip=170785068&r=1736665362880&requrl=https%3A%2F%2Fstarfiles.co%2Ffile%2F44d30b2631be%2Fziniteviadhoc-ipa&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=136557&vgd_rakh=1736665360180261728&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p12016134390t202501120702&vgd_pgids=2&vgd_wshp=0&vgd_uspa=0&vgda_l1btm=%5B%22URLDC%22%5D&hvsid=00001736665362879017329713643213&gdpr=0&mspa=0&wshp=0&vgd_l2type=scs_newfl&vgd_end=1
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.221.21.71 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-221-21-71.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=21600
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
quic-version
0x00000001
expires
Sun, 12 Jan 2025 07:02:43 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=93600
content-length
35
date
Sun, 12 Jan 2025 07:02:43 GMT
content-type
image/gif
sodar
ep1.adtrafficquality.google/getconfig/
17 KB
13 KB
XHR
General
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20250108&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.204.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s25-in-f2.1e100.net
Software
cafe /
Resource Hash
acf6a8d0475b250a449310411445e69e1955098b1282cb081f55e1ee060c39d2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
13207
date
Sun, 12 Jan 2025 07:02:42 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
sodar2.js
ep2.adtrafficquality.google/sodar/
18 KB
7 KB
Script
General
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501070101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:811::2001 Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Sun, 12 Jan 2025 07:02:43 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 12 Jan 2025 07:02:43 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
hydrafiles-web.esm.js
hydrafiles.com/
0
0

900b47ee6a30d9a3
starfiles.co/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame D557
0
1 KB
XHR
General
Full URL
https://starfiles.co/cdn-cgi/challenge-platform/h/b/jsd/r/900b47ee6a30d9a3
Requested by
Host: starfiles.co
URL: https://starfiles.co/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.74.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expect-ct
max-age=86400, enforce
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DpWzFStb%2F5ejHLZ4DeKL1wH0L3U5AiDhZfANWzfO5dlMWjCCofdEnUau%2F6vjUorfCSqOsh8sQwmUOVi5jT0UQkJwQ%2BDK0kaCElie%2FHF%2FHhxLk95dWChkXrsgHRzLxw%3D%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy
same-origin
x-content-type-options
nosniff
cf-ray
900b4856893ad9a3-AKL
alt-svc
h3=":443"; ma=86400