www.mediafire.com Open in urlscan Pro
104.16.53.48 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cutt.ly/BQt22ol
Effective URL:
https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Submission: On August 21 via manual (August 21st 2023, 1:57:20 am UTC) from AU — Scanned from AU

Summary HTTP 182 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 60 IPs in 9 countries across 58 domains to perform 182 HTTP transactions. The main IP is 104.16.53.48, located in and belongs to CLOUDFLARENET, US. The main domain is www.mediafire.com. The Cisco Umbrella rank of the primary domain is 33331.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 30th 2022. Valid for: a year.

This is the only time www.mediafire.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.22.0.232 104.22.0.232	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 18	104.16.53.48 104.16.53.48	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.21.28.48 104.21.28.48	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.251.12.97 142.251.12.97	15169 (GOOGLE) (GOOGLE)
1	172.67.70.134 172.67.70.134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.21.93.25 104.21.93.25	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	64.233.170.113 64.233.170.113	15169 (GOOGLE) (GOOGLE)
1	104.16.57.101 104.16.57.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.144.62 172.67.144.62	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.84.136.212 52.84.136.212	16509 (AMAZON-02) (AMAZON-02)
2	104.19.215.37 104.19.215.37	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	157.240.235.35 157.240.235.35	32934 (FACEBOOK) (FACEBOOK)
2	142.251.12.113 142.251.12.113	15169 (GOOGLE) (GOOGLE)
3	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
2	104.26.3.70 104.26.3.70	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.253.118.148 172.253.118.148	15169 (GOOGLE) (GOOGLE)
2	54.151.156.30 54.151.156.30	16509 (AMAZON-02) (AMAZON-02)
10	172.64.136.23 172.64.136.23	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	157.240.235.1 157.240.235.1	32934 (FACEBOOK) (FACEBOOK)
20	74.125.200.156 74.125.200.156	15169 (GOOGLE) (GOOGLE)
3	172.253.118.94 172.253.118.94	15169 (GOOGLE) (GOOGLE)
3	172.217.194.95 172.217.194.95	15169 (GOOGLE) (GOOGLE)
1	52.35.197.209 52.35.197.209	16509 (AMAZON-02) (AMAZON-02)
2	142.251.12.138 142.251.12.138	15169 (GOOGLE) (GOOGLE)
2	64.233.170.94 64.233.170.94	15169 (GOOGLE) (GOOGLE)
2	142.251.12.105 142.251.12.105	15169 (GOOGLE) (GOOGLE)
1	184.87.193.161 184.87.193.161	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	142.250.4.94 142.250.4.94	15169 (GOOGLE) (GOOGLE)
1	151.101.129.229 151.101.129.229	54113 (FASTLY) (FASTLY)
1	104.22.53.86 104.22.53.86	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	182.161.73.129 182.161.73.129	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	54.192.148.37 54.192.148.37	16509 (AMAZON-02) (AMAZON-02)
1	13.33.52.121 13.33.52.121	16509 (AMAZON-02) (AMAZON-02)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	74.125.68.132 74.125.68.132	15169 (GOOGLE) (GOOGLE)
15	64.233.170.132 64.233.170.132	15169 (GOOGLE) (GOOGLE)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	162.19.138.119 162.19.138.119	16276 (OVH) (OVH)
2	104.65.228.208 104.65.228.208	16625 (AKAMAI-AS) (AKAMAI-AS)
4	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	182.161.73.136 182.161.73.136	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
4 4	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1 1	124.146.215.51 124.146.215.51	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
2 2	54.230.10.10 54.230.10.10	16509 (AMAZON-02) (AMAZON-02)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5 6	74.125.130.157 74.125.130.157	15169 (GOOGLE) (GOOGLE)
2	67.199.150.81 67.199.150.81	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
9	142.250.4.155 142.250.4.155	15169 (GOOGLE) (GOOGLE)
1 1	103.229.10.247 103.229.10.247	16509 (AMAZON-02) (AMAZON-02)
6	207.65.33.82 207.65.33.82	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	18.138.18.111 18.138.18.111	16509 (AMAZON-02) (AMAZON-02)
10	67.199.150.86 67.199.150.86	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
2 2	103.43.90.114 103.43.90.114	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	54.255.205.37 54.255.205.37	16509 (AMAZON-02) (AMAZON-02)
1 2	119.9.108.211 119.9.108.211	45187 (RACKSPACE...) (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong)
1 1	34.83.125.63 34.83.125.63	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	52.220.27.144 52.220.27.144	16509 (AMAZON-02) (AMAZON-02)
3 3	35.213.12.39 35.213.12.39	15169 (GOOGLE) (GOOGLE)
1 1	51.255.68.171 51.255.68.171	16276 (OVH) (OVH)
2 2	13.228.126.19 13.228.126.19	16509 (AMAZON-02) (AMAZON-02)
3	207.65.33.76 207.65.33.76	62713 (AS-PUBMATIC) (AS-PUBMATIC)
6	64.233.170.102 64.233.170.102	15169 (GOOGLE) (GOOGLE)
3 4	185.84.60.30 185.84.60.30	198622 (ADFORM) (ADFORM)
1 1	182.161.73.146 182.161.73.146	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1 2	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1 1	54.159.29.152 54.159.29.152	14618 (AMAZON-AES) (AMAZON-AES)
1 1	35.186.154.107 35.186.154.107	15169 (GOOGLE) (GOOGLE)
1 2	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	82.145.213.8 82.145.213.8	39832 (NO-OPERA) (NO-OPERA)
2 3	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
2 2	107.178.254.65 107.178.254.65	15169 (GOOGLE) (GOOGLE)
1 1	34.98.67.3 34.98.67.3	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	50.116.239.135 50.116.239.135	6336 (TURN-US-ASN) (TURN-US-ASN)
2 2	89.207.22.76 89.207.22.76	399104 (CNVR-APAC) (CNVR-APAC)
1	18.142.35.211 18.142.35.211	16509 (AMAZON-02) (AMAZON-02)
182	60

1 104.22.0.232 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cutt.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 104.16.53.48 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.mediafire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.mediafire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.28.48 (None, )

ASN13335 (CLOUDFLARENET, US)

the.gatekeeperconsent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.12.97 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.70.134 (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.93.25 (None, )

ASN13335 (CLOUDFLARENET, US)

www.ezojs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 64.233.170.113 (United States)

ASN15169 (GOOGLE, US)
PTR: sg-in-f113.1e100.net

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.57.101 (None, )

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.144.62 (United States)

ASN13335 (CLOUDFLARENET, US)

privacy.gatekeeperconsent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.84.136.212 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-84-136-212.man50.r.cloudfront.net

cdn.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.215.37 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.otnolatrnup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
otnolatrnup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.235.35 (Singapore)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-04-sin6.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.12.113 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f113.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.3.70 (None, )

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.118.148 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f148.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.151.156.30 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-151-156-30.ap-southeast-1.compute.amazonaws.com

g.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.64.136.23 (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.235.1 (Singapore)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-04-sin6.fbcdn.net

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 74.125.200.156 (United States)

ASN15169 (GOOGLE, US)
PTR: sa-in-f156.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.118.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f94.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.194.95 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f95.1e100.net

translate.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.35.197.209 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-35-197-209.us-west-2.compute.amazonaws.com

api.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.12.138 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f138.1e100.net

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.233.170.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sg-in-f94.1e100.net

www.google.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.12.105 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f105.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.87.193.161 (Singapore)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-87-193-161.deploy.static.akamaitechnologies.com

qsearch-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.4.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.229 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.22.53.86 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.73.129 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.148.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-148-37.sin2.r.cloudfront.net

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.52.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-52-121.man50.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.68.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sc-in-f132.1e100.net

6fa3b6ed325ccde04565ab7446985573.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 64.233.170.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sg-in-f132.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.119 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533570.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.65.228.208 (Singapore)

ASN16625 (AKAMAI-AS, US)
PTR: a104-65-228-208.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jp-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 182.161.73.136 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.33.220.150 (Seattle, United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.51 (Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.230.10.10 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-54-230-10-10.man50.r.cloudfront.net

cr-p3.ladsp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

jp-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 74.125.130.157 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: sb-in-f157.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.199.150.81 (Singapore)

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.4.155 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f155.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.229.10.247 (Singapore) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 207.65.33.82 (United States)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.138.18.111 (Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-138-18-111.ap-southeast-1.compute.amazonaws.com

cm.ambientdsp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 67.199.150.86 (Singapore)

ASN3257 (GTT-BACKBONE GTT, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.43.90.114 (Singapore) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 602.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.255.205.37 (Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-255-205-37.ap-southeast-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 119.9.108.211 (Hong Kong) 1 redirects

ASN45187 (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong, HK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.83.125.63 (The Dalles, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 63.125.83.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.220.27.144 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-220-27-144.ap-southeast-1.compute.amazonaws.com

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.213.12.39 (Tokyo, Japan) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 39.12.213.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.255.68.171 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ns3028611.ip-51-255-68.eu

dsp.nrich.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.228.126.19 (Singapore) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-13-228-126-19.ap-southeast-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 207.65.33.76 (United States)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 64.233.170.102 (United States)

ASN15169 (GOOGLE, US)
PTR: sg-in-f102.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.84.60.30 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.73.146 (Singapore) 1 redirects

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.159.29.152 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-159-29-152.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.154.107 (Singapore) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 107.154.186.35.bc.googleusercontent.com

cm-supply-web.gammaplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

ipac.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.145.213.8 (Norway) 1 redirects

ASN39832 (NO-OPERA, NO)
PTR: n-sysadmin-jumpbox-03.feednews.opera.technology

t.adx.opera.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.60.146 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.254.65 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.3 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com

tags.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.116.239.135 (United States) 1 redirects

ASN6336 (TURN-US-ASN, US)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 89.207.22.76 (Singapore) 2 redirects

ASN399104 (CNVR-APAC, US)
PTR: sin01-nessy-float2.dotomi.com

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.142.35.211 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-142-35-211.ap-southeast-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	googlesyndication.com 6fa3b6ed325ccde04565ab7446985573.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 163 pagead2.googlesyndication.com — Cisco Umbrella Rank: 125	358 KB
23	pubmatic.com hbopenbid.pubmatic.com Failed ads.pubmatic.com — Cisco Umbrella Rank: 651 image6.pubmatic.com — Cisco Umbrella Rank: 989 image2.pubmatic.com — Cisco Umbrella Rank: 1137 simage2.pubmatic.com — Cisco Umbrella Rank: 982 image4.pubmatic.com — Cisco Umbrella Rank: 1409 simage4.pubmatic.com — Cisco Umbrella Rank: 1434	31 KB
23	doubleclick.net 5 redirects ad.doubleclick.net — Cisco Umbrella Rank: 187 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 228 stats.g.doubleclick.net — Cisco Umbrella Rank: 122 cm.g.doubleclick.net — Cisco Umbrella Rank: 261	251 KB
19	google.com translate.google.com — Cisco Umbrella Rank: 1480 analytics.google.com — Cisco Umbrella Rank: 195 www.google.com — Cisco Umbrella Rank: 3 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1693	97 KB
18	mediafire.com 1 redirects www.mediafire.com — Cisco Umbrella Rank: 33331 static.mediafire.com — Cisco Umbrella Rank: 56539	261 KB
10	ezodn.com go.ezodn.com — Cisco Umbrella Rank: 10379	17 KB
7	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1546 google-bidout-d.openx.net — Cisco Umbrella Rank: 1553 us-u.openx.net — Cisco Umbrella Rank: 605 jp-u.openx.net — Cisco Umbrella Rank: 11334	2 KB
4	adform.net 3 redirects c1.adform.net — Cisco Umbrella Rank: 720	3 KB
4	adsrvr.org 4 redirects match.adsrvr.org — Cisco Umbrella Rank: 396	2 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 225	226 KB
4	crwdcntrl.net 1 redirects tags.crwdcntrl.net — Cisco Umbrella Rank: 1073 sync.crwdcntrl.net — Cisco Umbrella Rank: 1028 bcp.crwdcntrl.net — Cisco Umbrella Rank: 1036	13 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	11 KB
4	btloader.com btloader.com — Cisco Umbrella Rank: 1213 api.btloader.com — Cisco Umbrella Rank: 1267	7 KB
3	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 462	898 B
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 372	2 KB
3	yahoo.com 2 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 545 ups.analytics.yahoo.com — Cisco Umbrella Rank: 356	1 KB
3	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 615	1 KB
3	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 442 dis.criteo.com — Cisco Umbrella Rank: 745	7 KB
3	googleapis.com translate.googleapis.com — Cisco Umbrella Rank: 1304	76 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 76	216 KB
2	dotomi.com 2 redirects pubmatic-match.dotomi.com — Cisco Umbrella Rank: 4377	744 B
2	pippio.com 2 redirects pippio.com — Cisco Umbrella Rank: 1005	879 B
2	ctnsnet.com 1 redirects ipac.ctnsnet.com — Cisco Umbrella Rank: 6848	673 B
2	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 964	768 B
2	semasio.net 1 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1400	1 KB
2	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 275	2 KB
2	ladsp.com 2 redirects cr-p3.ladsp.com — Cisco Umbrella Rank: 20129	1 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1013 id5-sync.com — Cisco Umbrella Rank: 440	26 KB
2	google.com.au www.google.com.au — Cisco Umbrella Rank: 21546	515 B
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 832	135 KB
2	ezoic.net g.ezoic.net — Cisco Umbrella Rank: 14952	5 KB
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 1297	1 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 62	21 KB
2	otnolatrnup.com cdn.otnolatrnup.com — Cisco Umbrella Rank: 60218 otnolatrnup.com — Cisco Umbrella Rank: 55423	56 KB
2	amplitude.com cdn.amplitude.com — Cisco Umbrella Rank: 3892 api.amplitude.com — Cisco Umbrella Rank: 1919	22 KB
2	gatekeeperconsent.com the.gatekeeperconsent.com — Cisco Umbrella Rank: 31789 privacy.gatekeeperconsent.com — Cisco Umbrella Rank: 38262	9 KB
1	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 1080	518 B
1	linksynergy.com 1 redirects tags.rd.linksynergy.com — Cisco Umbrella Rank: 5379	391 B
1	opera.com 1 redirects t.adx.opera.com — Cisco Umbrella Rank: 1719	556 B
1	gammaplatform.com 1 redirects cm-supply-web.gammaplatform.com — Cisco Umbrella Rank: 3672	643 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 976	1 KB
1	nrich.ai 1 redirects dsp.nrich.ai — Cisco Umbrella Rank: 3942	566 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 1009	656 B
1	ambientdsp.com 1 redirects cm.ambientdsp.com — Cisco Umbrella Rank: 20898	654 B
1	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 1015	592 B
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 1218	848 B
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 1611	1 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 1835	2 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 710	13 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1691	8 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 374	896 B
1	akamaihd.net qsearch-a.akamaihd.net — Cisco Umbrella Rank: 2686	296 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 109	15 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1212	7 KB
1	ezojs.com www.ezojs.com — Cisco Umbrella Rank: 32791	44 KB
1	cutt.ly 1 redirects cutt.ly — Cisco Umbrella Rank: 64301	435 B
0	sharethrough.com Failed btlr.sharethrough.com Failed
0	media.net Failed prebid.media.net Failed
182	58

	Domain	Requested by
15	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
14	fundingchoicesmessages.google.com	securepubads.g.doubleclick.net www.mediafire.com
14	securepubads.g.doubleclick.net	www.mediafire.com securepubads.g.doubleclick.net www.googletagservices.com
10	simage2.pubmatic.com	ads.pubmatic.com www.mediafire.com
10	go.ezodn.com	www.mediafire.com
10	static.mediafire.com	www.mediafire.com
9	pagead2.googlesyndication.com	www.googletagservices.com securepubads.g.doubleclick.net tpc.googlesyndication.com
8	www.mediafire.com	1 redirects www.mediafire.com static.cloudflareinsights.com
6	image2.pubmatic.com	ads.pubmatic.com www.mediafire.com
6	cm.g.doubleclick.net	5 redirects google-bidout-d.openx.net
4	c1.adform.net	3 redirects ads.pubmatic.com
4	match.adsrvr.org	4 redirects
4	www.googletagservices.com	securepubads.g.doubleclick.net
3	idsync.rlcdn.com	2 redirects
3	x.bidswitch.net	3 redirects
3	pixel.tapad.com	2 redirects www.mediafire.com
3	translate.googleapis.com
3	www.gstatic.com	www.mediafire.com www.gstatic.com
3	api.btloader.com	btloader.com
3	www.googletagmanager.com	www.mediafire.com www.googletagmanager.com
2	pubmatic-match.dotomi.com	2 redirects
2	pippio.com	2 redirects
2	ipac.ctnsnet.com	1 redirects ads.pubmatic.com
2	sync-tm.everesttech.net	1 redirects ads.pubmatic.com
2	simage4.pubmatic.com	ads.pubmatic.com
2	ups.analytics.yahoo.com	2 redirects
2	uipglob.semasio.net	1 redirects www.mediafire.com
2	sync.crwdcntrl.net	1 redirects www.mediafire.com
2	ib.adnxs.com	2 redirects
2	image6.pubmatic.com	ads.pubmatic.com
2	cr-p3.ladsp.com	2 redirects
2	jp-u.openx.net	google-bidout-d.openx.net
2	us-u.openx.net	google-bidout-d.openx.net
2	gum.criteo.com	static.criteo.net gum.criteo.com
2	ads.pubmatic.com	www.mediafire.com
2	oajs.openx.net	1 redirects www.mediafire.com
2	www.google.com	www.mediafire.com tpc.googlesyndication.com
2	www.google.com.au	www.mediafire.com
2	analytics.google.com	www.googletagmanager.com
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	static.xx.fbcdn.net	www.facebook.com
2	g.ezoic.net	www.ezojs.com go.ezodn.com
2	ad-delivery.net	www.mediafire.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	ad.turn.com	1 redirects
1	tags.rd.linksynergy.com	1 redirects
1	t.adx.opera.com	1 redirects
1	cm-supply-web.gammaplatform.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	dis.criteo.com	1 redirects
1	image4.pubmatic.com	www.mediafire.com
1	dsp.nrich.ai	1 redirects
1	pr-bh.ybp.yahoo.com	www.mediafire.com
1	um.simpli.fi	1 redirects
1	cm.ambientdsp.com	1 redirects
1	cms.quantserve.com	1 redirects
1	tg.socdm.com	1 redirects
1	google-bidout-d.openx.net	oa.openxcdn.net
1	id5-sync.com	cdn.id5-sync.com
1	6fa3b6ed325ccde04565ab7446985573.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	fonts.gstatic.com	www.mediafire.com
1	qsearch-a.akamaihd.net	www.mediafire.com
1	api.amplitude.com	cdn.amplitude.com
1	otnolatrnup.com	cdn.otnolatrnup.com
1	ad.doubleclick.net	www.mediafire.com
1	www.facebook.com	www.mediafire.com
1	cdn.otnolatrnup.com	www.mediafire.com
1	cdn.amplitude.com	www.mediafire.com
1	privacy.gatekeeperconsent.com	the.gatekeeperconsent.com
1	static.cloudflareinsights.com	www.mediafire.com
1	translate.google.com	www.mediafire.com
1	www.ezojs.com	www.mediafire.com
1	btloader.com	www.mediafire.com
1	the.gatekeeperconsent.com	www.mediafire.com
1	cutt.ly	1 redirects
0	btlr.sharethrough.com Failed	www.mediafire.com
0	prebid.media.net Failed	www.mediafire.com
0	hbopenbid.pubmatic.com Failed	www.mediafire.com
182	86

This site contains links to these domains. Also see Links.

Domain
download1638.mediafire.com
blog.mediafire.com
fast.io
mediafire.zendesk.com
translate.google.com
twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
*.mediafire.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-30` - `2023-09-30`	a year	crt.sh
gatekeeperconsent.com GTS CA 1P5	`2023-07-05` - `2023-10-03`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-06` - `2024-07-05`	a year	crt.sh
www.ezojs.com GTS CA 1P5	`2023-07-13` - `2023-10-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
cdn.amplitude.com Amazon RSA 2048 M01	`2023-01-12` - `2024-02-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-05-29` - `2023-08-27`	3 months	crt.sh
api.btloader.com GTS CA 1D4	`2023-08-11` - `2023-11-09`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
ezoic.net R3	`2023-07-19` - `2023-10-17`	3 months	crt.sh
ezodn.com E1	`2023-07-02` - `2023-09-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.amplitude.com COMODO RSA Domain Validation Secure Server CA	`2023-01-23` - `2024-02-14`	a year	crt.sh
*.google.com.au GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1	`2023-05-16` - `2024-05-15`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-07-27` - `2023-10-25`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-31`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-08-10` - `2023-11-08`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2022-11-07` - `2023-12-06`	a year	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-06-27` - `2023-09-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.id5-sync.com R3	`2023-07-04` - `2023-10-02`	3 months	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-19` - `2023-10-18`	3 months	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-04-04` - `2023-09-27`	6 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-08-11` - `2024-09-11`	a year	crt.sh
*.ctnsnet.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-04` - `2023-11-06`	10 months	crt.sh

This page contains 25 frames:

Primary Page: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Frame ID: 413C4BEBED4CFAD8711B4C26939EAA66
Requests: 103 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575
Frame ID: E866B964809FBF4C8C8BD46D63051D2C
Requests: 3 HTTP requests in this frame

Frame: https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/313d8a27/invisible.js
Frame ID: 4D4888A26F02E0D3B9D6135B83EE07B6
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 08FD8DAC118E2E0F5F05039487E430F3
Requests: 1 HTTP requests in this frame

Frame: https://6fa3b6ed325ccde04565ab7446985573.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: FD7AE167CA9E890B23F2C6AEBE5FAB67
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuWwyoWEojzK5TlH7AmLg4HBpplbXseoRb-CjlbVR2f-TRZjYn7MlnV_icxVdJl1W4bcJqaNzXHCYELbHb57Jt_II7Xztc88WiQpiBveT4xA6ZoEXyM5v3nm29GMKc88OC5PNMZfWsMsDBjJgkmDgefd7dJSLr7fZxOb7gJn490ZYijnVrHatoiiwoN_GAqjkKd2pNfuMI6mQ8omGsF064E08eYmSIbLuxUYJQk5PcT6phx14PDHMQucNdG7sllIL804hVre_raWhWCrufrpqsnvsqmNLTUaQ7iMhGkojwmNcbSpfRSixnuOr9TA0YAk-a4mNEhngyfvgo&sai=AMfl-YQaPLgw9CgbdfGnkZvFDiqFqh2y6U1j8sjQe-byjcUfA46c9A3zAB7uqwpcElyStp38WUOfS_atNqw9uGT49efaKOOvaWlhdVn9IwUaBuc&sig=Cg0ArKJSzChuCviW_s00EAE&uach_m=[UACH]&adurl=
Frame ID: BCFAD2713BC1B07754133A9E78916792
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss0DF_P29zpYh3ZUsuIMSHUfs1V8Wow9W69kXFI200uqivehmSDx1sRQFgjNZ6g-tRNzLQdOj_aYpLEVYMosVxwYu2xySOWWiod5TpDEWizQIIEv0SSjMgcSmuo-r0gbd-adWeBkyxqxjE9knkmoHKzr9vbuCYh2tOwqyZcltPYoEycLb2ot2hiAv9jU_7j7kNiov81-H2Az4T6DDlAbNtImPM-hijWL5D6Qe6BiGllpOU0x4m4AO4jMqw4bOR7KjVdPszOPtrOTOp0WaLxyC_ocauftJXcX6te_Pb4_dx-cUjYNYmfljSSX74c0fYm2bLcAGGIO4T1KR4&sai=AMfl-YTSCMqnFp_YQcCMCvV64_i6kVjT27mgDb9WmPpzqpp7RxrIMogzzZc8KsHFDVqtPOcRj-VMlzE8nSfgdkIaPUMXcFk_ImWrb_PLnxzDBxQh_RG5bLYCS3hnZN9tRklJswqmnXLm0HAsCPj_YEc&sig=Cg0ArKJSzAYsjIdYaAstEAE&uach_m=[UACH]&adurl=
Frame ID: 64963FF826D86566A4BAF4FE0032AE58
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstEnx0vCWHIxuRv6kD4_QcqLh6OsZelnPD2_4pDlcya6W0kQpk9Z92qyCGmX89kgzLz-D0YU9giaEcISqG6JPDZJvQFGUoPNerwYjPKqtcf8VMR-uzHdIsH3FG1Kf9kYbh7kAzYzoBxZL9SzXoAFnzyEth4WyUXpbiUm_Sks5z3Lxfz7_SOXR6LRHgC9yLFiUB8Tmu6fsddr7naUz_RoPtXH5RCihvN4bAaFDs8j65jKA9rn-dVXLKa8OCZ9bC9ui1uFTg7ntii7eUime1qzTRGsun2U5_jlw2Bcl8JcYjDzSs9ZyzP1T6R_vl5oYCIJadnZQBuYs2XewA&sai=AMfl-YTZECh-Lv9P8YhJ4UcfAJnlUcE1QM5wJQnoyW9BYATY968FYvj2c538vX61o9kF8OySIzLkXPPztHltnFGCKTTXgNUQUXJcPJQ7Kdtz9KvimuOglunhqmjB1rYzRv_XkMw4VFfuOC3Y4zxQWIt8&sig=Cg0ArKJSzJGXfk735yiqEAE&uach_m=[UACH]&adurl=
Frame ID: 0066232FE06E10E49E705A1B3F376D28
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsty73tIynSZEdPwa0mEsi96F-ZLnDrc6wk3kDqQZXXq0nsbeRgEoKyfz2kmQxpVjIeA0DzHgajgtqXQanoFKLSML2Bt8ezaY-8wHAKCRhxBwHKKxFTbZqqrwr1riwF9nFPTmvRbZTqbdFFc-Z7nCKKqS6EHI7YSK3TK8e_gHY1pfljrTaG9SwQkfRExMcGD_3KNtNyogJA1MDM8BY38wuVGap3L4ImfJWz-BjzI_EpbdQyBXd0KxE60-6fiJDpkjvcjy8GQA2MOJV0rw3HlZSTak97bTwoZZvjEN_Eb89jv5_LkOdMn8eq49Pn3u3oDPZKPz8s-sGEcamM&sai=AMfl-YROOQHGiN9v3jxthZDU-NXGM5cGLggdqTa4PNPC18o69v4QVDOeRI4_ns_yCum_XGMRhXXFsP0NpD7767P5K9P-LHMHQBHRmH_TtPClL70BsiIV0hsAOKv7lmfzH7EcibEIhzreVuEbDA0YlYw&sig=Cg0ArKJSzCuZ14Ty_jldEAE&uach_m=[UACH]&adurl=
Frame ID: D170E70ED33747BCADE9FA53E37B8A09
Requests: 8 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Frame ID: AD422F904BB147847CC2F982A5E55386
Requests: 20 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 8BEE6B73FEF30D36BDFA71FC9FD8281D
Requests: 6 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=&us_privacy=1---
Frame ID: 0C654AD813727E3EBB7A011D8C1E1242
Requests: 2 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=Tqi09xuo5v1V_uKhTqT88h6l5vFVrbShSKtYTNNR
Frame ID: 1DC604493563B8D451C1573D7998750D
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=119y4hb62y6n
Frame ID: 7348A98C20172556FD3D4661BB871165
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5546508652416821950&gdpr=0&gdpr_consent=
Frame ID: 88EBB62B1552E28924E74DD2904F114C
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent=
Frame ID: ECE00F9CF63EB58F1EF27FF84ED5EFC0
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Frame ID: 2F7115B7ECA2CC9BD282E8D138906797
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZOLEegAG6nx-qgBV
Frame ID: D69BE1D0110ACAEE1103AC361E32DDAB
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=qTzXWe3yWENUjjeFST42Mtz9ai4&gdpr=0&gdpr_consent=
Frame ID: 0EC597392BC9E847284D02D4B050C957
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1lx0366xxj98
Frame ID: 12CBA2AEA9D46F0260F6736577515297
Requests: 1 HTTP requests in this frame

Frame: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Frame ID: C4A33F3C8145EB40D60FDB4E2BB2355D
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=a9b25e1e785141dbb5936f359784b115
Frame ID: 066BF8B79D116B0D2D893D19946E1CA5
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?piggybackCookie=OPU64b0451a16e44955b41f937774f57d0f&vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA%3D
Frame ID: 384071ECB569054FA02AE0F4AE52FC1E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9EDD415EDB26A717DEC02257295F3F7D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 30D5B77D3D9DF28240B36AB3EFA75536
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Installation

Page URL History Show full URLs

https://cutt.ly/BQt22ol HTTP 301
https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file Page URL

Detected technologies

Amplitude (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.amplitude\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

182
Requests

85 %
HTTPS

0 %
IPv6

58
Domains

86
Subdomains

60
IPs

9
Countries

1944 kB
Transfer

5270 kB
Size

125
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://download1638.mediafire.com/ai4fyrr8foqgIkR09pa9GK734GIDCpSGych6sAA5UDlJ7Lp8aVa08h8DxUzOmT6HMAX_pSl5KN3sQTPvH1VbxNLcEjpzzXk3yjZkngwnOzgVqxbsO0iSviuBbXKi1-HcCIKNqpO7bHOZIDXWO4V69km0HZLF_CbeQQpjTQnlzOmN/khdmflgb9ku5u6g/Installation.rar
Title: Download (563.97KB)

Search URL Search Domain Scan URL

URL: http://blog.mediafire.com/
Title: Company Blog

Search URL Search Domain Scan URL

URL: https://fast.io/
Title: Team File Sharing

Search URL Search Domain Scan URL

URL: https://mediafire.zendesk.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://translate.google.com/
Title: Translate

Search URL Search Domain Scan URL

URL: https://twitter.com/#!/mediafire

Search URL Search Domain Scan URL

URL: https://www.facebook.com/mediafire

Search URL Search Domain Scan URL

URL: https://twitter.com/mediafire
Title: Twitter Page

Search URL Search Domain Scan URL

URL: https://blog.mediafire.com/
Title: MediaFire Blog

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cutt.ly/BQt22ol HTTP 301
https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/313d8a27/invisible.js

Request Chain 111

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile&rid=esp&cc=1

Request Chain 122

https://match.adsrvr.org/track/cmf/openx?oxid=56ceff43-683a-7def-df38-a03d2b0155eb&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmb/openx?oxid=56ceff43-683a-7def-df38-a03d2b0155eb&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072971&val=97294dbb-a30f-4557-9d93-d937a29f019e&ttd_puid=56ceff43-683a-7def-df38-a03d2b0155eb&gdpr=0&gdpr_consent=

Request Chain 123

https://tg.socdm.com/rtb/sync_before?proto=openx HTTP 302
https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZOLEd8Co8YAAAGwz8BcAAAAA

Request Chain 124

https://cr-p3.ladsp.com/cookiesender/3 HTTP 302
https://cr-p3.ladsp.com/cookiesender/3?cr=true HTTP 302
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AZVHpdApLSwyks8AD7P3qrEdlc8AAAGKFc96ng

Request Chain 126

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEElFuxDctqX5GAH7QOqAV0o&google_cver=1

Request Chain 132

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=Tqi09xuo5v1V_uKhTqT88h6l5vFVrbShSKtYTNNR

Request Chain 133

https://cm.ambientdsp.com/cm/send?vc=pmj HTTP 301
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=119y4hb62y6n

Request Chain 134

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5546508652416821950&gdpr=0&gdpr_consent=

Request Chain 135

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=88lLF70sTbKu5nEo_lA5dA%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 136

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=F3C94B17-BD2C-4DB2-AEE6-7128FE503974 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=F3C94B17-BD2C-4DB2-AEE6-7128FE503974 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=5d0e65d5-3413-483c-91f8-3bf125e8beb9%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=97294dbb-a30f-4557-9d93-d937a29f019e&ttd_puid=5d0e65d5-3413-483c-91f8-3bf125e8beb9%2C%2C

Request Chain 137

https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent= HTTP 302
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent=&ct=y

Request Chain 138

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 139

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RjNDOTRCMTctQkQyQy00REIyLUFFRTYtNzEyOEZFNTAzOTc0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 140

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEHc86HBBUdz-nO2qivFxlYg&google_cver=1

Request Chain 141

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:943F61A413E54105BDD374585CB92B22

Request Chain 143

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=97294dbb-a30f-4557-9d93-d937a29f019e&gdpr=0&gdpr_consent=

Request Chain 144

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=69e8dae0-17dc-4fb9-a34c-dd0871773387&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy= HTTP 302
https://x.bidswitch.net/sync?dsp_id=283&user_id=2949bfbe-ab2c-4d77-83d5-b8b5f977ee70&expires=1&user_group=2&ssp=pubmatic&bsw_param=69e8dae0-17dc-4fb9-a34c-dd0871773387&gdpr=0&gdpr_consent=&gdpr_pd= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=69e8dae0-17dc-4fb9-a34c-dd0871773387&gdpr=0&gdpr_consent=&gdpr_pd=

Request Chain 145

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dXnl1E9E2uUn.J5BCMEIaxcfx3wogFY-~A&gdpr=0

Request Chain 154

https://c1.adform.net/serving/cookie/match?party=14&cid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent=

Request Chain 155

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

Request Chain 156

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZOLEegAG6nx-qgBV

Request Chain 157

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=qTzXWe3yWENUjjeFST42Mtz9ai4&gdpr=0&gdpr_consent=

Request Chain 158

https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1lx0366xxj98

Request Chain 160

https://ipac.ctnsnet.com/int/cm?exc=14&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA%3D%26piggybackCookie%3D%5Buser_id%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=a9b25e1e785141dbb5936f359784b115

Request Chain 161

https://t.adx.opera.com/pub/sync?pubid=pub8730968190912 HTTP 302
https://image2.pubmatic.com/AdServer/Pug?piggybackCookie=OPU64b0451a16e44955b41f937774f57d0f&vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA%3D

Request Chain 162

https://idsync.rlcdn.com/420486.gif?partner_uid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJEYzQzk0QjE3LUJEMkMtNERCMi1BRUU2LTcxMjhGRTUwMzk3NBAAGg0I-oiLpwYSBQjoBxAAQgBKAA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=0450385ff78f62bb30b83ef67bc41bb037bce39ae1b36303b0d5e85b97ee0bf0791426b5417dce21&_=2 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlAwNDUwMzg1ZmY3OGY2MmJiMzBiODNlZjY3YmM0MWJiMDM3YmNlMzlhZTFiMzYzMDNiMGQ1ZTg1Yjk3ZWUwYmYwNzkxNDI2YjU0MTdkY2UyMRAAGgwI-4iLpwYSBAgCEABCAEoA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlAwNDUwMzg1ZmY3OGY2MmJiMzBiODNlZjY3YmM0MWJiMDM3YmNlMzlhZTFiMzYzMDNiMGQ1ZTg1Yjk3ZWUwYmYwNzkxNDI2YjU0MTdkY2UyMRAAGgwI-4iLpwYSBAgCEABCAEoA&google_gid=CAESEBR_TZUPQj8Y7g1Y-5Mw1aI&google_cver=1 HTTP 307
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
https://idsync.rlcdn.com/458249.gif?partner_uid=06a36523-784b-4c13-a44b-a79eb80ab330

Request Chain 163

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=1716600904244727762

Request Chain 164

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9137423419759069818&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 165

https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent= HTTP 302
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=5227bc93d1da1b12&is_secure=true&networkId=17100&version=1&nuid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAJng5dGeqUhgNp0RU4AAAAAAA&expiration=1692669436&nuid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&is_secure=true&gdpr_consent=&gdpr=0

182 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request file Show response
www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/
Redirect Chain

https://cutt.ly/BQt22ol
https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

307 KB
81 KB

1707ms
1171ms

Document
text/html

104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf61260956f612e16d3fec5693ccb3e96c73d4bc8e06e28378a9b93be03cb09e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 7f9f43390cf7a96d-SYD
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 21 Aug 2023 01:56:59 GMT
expires: 0
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=0
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-robots-tag: noindex, nofollow

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7f9f432ea9dfa7f9-SYD
content-type: text/html; charset=UTF-8
date: Mon, 21 Aug 2023 01:56:57 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
pragma: no-cache
referrer-policy: same-origin
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 cmp.min.js Show response
the.gatekeeperconsent.com/ 21 KB
9 KB 1002ms
157ms Script
application/javascript 104.21.28.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the.gatekeeperconsent.com/cmp.min.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.28.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd13dc1324628bba618d818720467512006a2157c2e24058f09249e16b89435e

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 21 Aug 2023 01:53:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 57
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i5IUEePMmm%2FzWgXwtw%2BZs8tDfo8Fru4iOD3CSvFnVu5x%2FdBcdqJ0k9fRADHBAvacrKUkQqKfjcHwSO3Y5ihoPGUOOQQoWuNAROdmz0CF5ASIDLRfpQ7ShP6Ta9g8RjJXW9xVRExrBPLCGSl%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=14400
x-robots-tag: noindex
cf-ray: 7f9f43465edea97a-SYD
alt-svc: h3=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 165 KB
61 KB 1336ms
363ms Script
application/javascript 142.251.12.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-829541-1

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

0bb8733c821c864ec9a76bd6e305aed7a2ccf24b9f94dc7549fbc4305fe25563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62205
x-xss-protection: 0
last-modified: Mon, 21 Aug 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 21 Aug 2023 01:57:00 GMT

GET
H2 200 tag Show response
btloader.com/ 15 KB
7 KB 1009ms
162ms Script
application/javascript 172.67.70.134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.70.134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 055dafe5d715713d106c15306e2bb69ec70ef268aa604e934d7c57b0ba4b5b3d

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:01 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 21 Aug 2023 00:58:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3476
etag: W/"2019cf4e6401d4f44354fd76fca22bff"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D2L9Sm1wR%2FQTP%2BUzpn%2B0e2qD01N%2BsSzqwar9MxYj%2BHNlx4Hf1VfgKBOlkjJ7qzlL7jnxrXdRp%2BGLQh44bZ%2BACLnuCBhWF3hhauR7jkDZlpP6ZfWeF7VwsMgBpTomLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
cf-ray: 7f9f434cad3ea8a6-SYD

GET
H2 200 sa.min.js Show response
www.ezojs.com/ezoic/ 125 KB
44 KB 1035ms
189ms Script
application/javascript 104.21.93.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/ezoic/sa.min.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.93.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eab46b72b1ac5ef40b4cc0d994a61b67b01044e3188eab6d0788f54cef20c1e1

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:01 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 21 Aug 2023 00:52:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3875
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vDaY94xNIIzDDvb7MjoLm8TFL9gpDZF5punxWFHz6TCwxqyFkuCBXEPjuplwB7Y0WK2MD6s8ImyKNeMVslYM2NxjeeGlhiKmy5jx8AeoPxDPV%2FOUnWx4t0BcKuHEXbJv"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=86400
x-robots-tag: noindex
cf-ray: 7f9f434cdff26a5d-SYD
alt-svc: h3=":443"; ma=86400

GET
H2 200 element.js Show response
translate.google.com/translate_a/ 85 KB
30 KB 1236ms
252ms Script
text/javascript 64.233.170.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=googFooterTranslate

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f113.1e100.net

Software

ESF /

Resource Hash

22ce7a22470f934f12599520a80abbaac402bbcd205a8e56581891d057fe2883

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 v8b253dfea2ab4077af8c6f58422dfbfd1689876627854 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 1046ms
211ms Script
text/javascript 104.16.57.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.57.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c235f21017bcc11fcaa31d7dfd9855aaebcbf5f6d7ee9bf9f2e98a910907c391

Request headers

Referer: https://www.mediafire.com/
Origin: https://www.mediafire.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:01 GMT
content-encoding: gzip
last-modified: Thu, 20 Jul 2023 18:10:27 GMT
server: cloudflare
etag: W/"2023.7.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7f9f434caeeeaac9-SYD

GET
H2 200 consent_modules.json Show response
privacy.gatekeeperconsent.com/ 2 B
468 B 1019ms
169ms XHR
application/json 172.67.144.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://privacy.gatekeeperconsent.com/consent_modules.json
Requested by: Host: the.gatekeeperconsent.com
URL: https://the.gatekeeperconsent.com/cmp.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.144.62 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UgSPEkYLc2odI5pRsm%2FU7GHZS2Rtc5%2FVlRskBNCdp6UJBlISozbk1x4aelREdUEbojhI4jP00THEEKQEooGRmRCznOKlY6YfAzxwRdkIqn9HgN6J9w8CXH%2FzmcVnIiVWlgkvOyndWxq7qpy1vf4JBA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=15780000, public
cf-ray: 7f9f434cbd37aac3-SYD
alt-svc: h3=":443"; ma=86400
content-length: 2

GET
H2 200 amplitude-8.5.0-min.gz.js Show response
cdn.amplitude.com/libs/ 68 KB
22 KB 1606ms
529ms Script
application/javascript 52.84.136.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.136.212 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-136-212.man50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4

Request headers

Referer: https://www.mediafire.com/
Origin: https://www.mediafire.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 14:08:05 GMT
content-encoding: gzip
via: 1.1 d2a80d1c866bab2d2e400b1b9daa5d78.cloudfront.net (CloudFront)
x-amz-version-id: NY8_7uBz3xoXYJBVsMSBAGHOz8ixMBS3
x-amz-cf-pop: MAN50-C3
age: 820138
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 22154
last-modified: Fri, 13 Aug 2021 22:37:42 GMT
server: AmazonS3
etag: "660c3b546f2a131de50b69b91f26c636"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: Yl3sdKzvyEeY6ceGxEDOrsDGP1Li9JIdkEAlgzRZnJ-2J07n5mkr2Q==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 241 KB
77 KB 243ms
242ms Script
application/javascript 142.251.12.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

8214c1f3ad9620bb788c909e7665cc51d3cd9d75b167cce298aee4fcd3cd4e1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78618
x-xss-protection: 0
last-modified: Mon, 21 Aug 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 21 Aug 2023 01:57:01 GMT

GET
H2 200 mf_logo_full_color.svg
static.mediafire.com/images/backgrounds/header/ 3 KB
2 KB 199ms
191ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:00 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 28 Oct 2016 22:22:42 GMT
server: cloudflare
age: 2628
etag: W/"5813cfb2-d1d"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f9f4347af23a96d-SYD

GET
H2 200 file-zip-v3.png
static.mediafire.com/images/filetype/ 2 KB
2 KB 273ms
265ms Image
image/png 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/filetype/file-zip-v3.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4448e430d3c53bad548a5d135e1c7e2f9593e806ba47892640d430ea752e979e

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:00 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 1279
etag: "62deda56-750"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7f9f4347af25a96d-SYD
content-length: 1872
expires: Tue, 19 Sep 2023 23:12:33 GMT

GET
H2 200 icons_sprite.svg
www.mediafire.com/images/icons/svg_light/ 36 KB
8 KB 177ms
176ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mediafire.com/images/icons/svg_light/icons_sprite.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:00 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 5078
etag: W/"62deda56-90ab"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f9f43478f03a96d-SYD

GET
H2 200 apps_list_sprite-v6.png
static.mediafire.com/images/backgrounds/download/ 8 KB
8 KB 270ms
263ms Image
image/png 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/apps_list_sprite-v6.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc54b817820f14ce6395ba2a037f37d4bb0af75d5b017336140793fbe2f7f738

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:00 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 5078
etag: "62deda56-1fd1"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7f9f4347af27a96d-SYD
content-length: 8145
expires: Tue, 19 Sep 2023 23:20:34 GMT

GET
H2 200 arrow_dropdown.svg
www.mediafire.com/images/icons/svg_dark/ 315 B
338 B 184ms
183ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:00 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 1372
etag: W/"62deda56-13b"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f9f43478f01a96d-SYD

GET
H2 200 check_circle_green.svg
static.mediafire.com/images/icons/svg_dark/ 444 B
375 B 272ms
264ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/icons/svg_dark/check_circle_green.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:00 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 13009
etag: W/"62deda56-1bc"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f9f4347af26a96d-SYD

GET
H2 200 fb_16x16.png
static.mediafire.com/images/backgrounds/download/social/ 181 B
283 B 273ms
265ms Image
image/png 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/social/fb_16x16.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 720671166ac43aba99e3952b0b9341ab4e0fee1fd891db54e2a07f05db653142

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:00 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 12428
etag: "62deda56-b5"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7f9f4347af22a96d-SYD
content-length: 181
expires: Tue, 19 Sep 2023 19:37:57 GMT

GET
H2 200 infinity.js.aspx Show response
cdn.otnolatrnup.com/Scripts/ 176 KB
53 KB 1019ms
177ms Script
application/x-javascript 104.19.215.37
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.215.37 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91a2ede9d7c5aefb0e0ed62a9b14b96c71a34c8c10dc382f20f4686b95398c46

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:02 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 21 Aug 2023 01:52:28 GMT
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: cloudflare
age: 71
vary: Accept-Encoding
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
content-type: application/x-javascript; charset=utf-8
cache-control: public, no-transform, max-age=900
cf-ray: 7f9f43534d3caaff-SYD
alt-svc: h3=":443"; ma=86400

GET
H2 200 footerIcons.png
static.mediafire.com/images/backgrounds/footer/social/ 583 B
708 B 164ms
164ms Image
image/png 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:01 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 2623
etag: "62deda56-247"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7f9f434ecfdba96d-SYD
content-length: 583
expires: Tue, 19 Sep 2023 23:40:51 GMT

GET
H2 200 like.php Show response
www.facebook.com/plugins/ Frame E866 44 KB
15 KB 1870ms
625ms Document
text/html 157.240.235.35
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.235.35 , Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-04-sin6.facebook.com

Software

Resource Hash

915764b0fbaadc5bb713a32b63d79c68fdfbd954887227830968319720d425e7

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 21 Aug 2023 01:57:02 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: s066wjcLY5ehEnKswA9uf5ObqpjVDAO4pHcHOLL6Q9ZN1oRomZMUEUZEJKSdMi16VPf3RlN1ulvu3aXFDU365w==
x-xss-protection: 0

GET
H2 200 world.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 143 KB
52 KB 282ms
281ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/world.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4342feac38021c4fe3069eba0edf1c2e1b4345e2b548b0afb7ab21b7369b3bc8

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:02 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 903
etag: W/"62deda56-23ce2"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f9f43536d6ca96d-SYD

GET
H2 200 continent-na.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 50 KB
19 KB 185ms
185ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/continent-na.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05cfe92d9794a54258a19bfec7ae0faa73f61b66416983136594b4f95bb114dd

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:02 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 12430
etag: W/"62deda56-c817"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f9f43536d70a96d-SYD

GET
H2 200 usa.svg
static.mediafire.com/images/flags_svg/ 1 KB
558 B 183ms
183ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/flags_svg/usa.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bacb685be7cec7f41a0270e694fa90c0fb448b2c0ded5f1734baf51050d695c

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:02 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 7271
etag: W/"62deda56-5c7"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f9f43536d73a96d-SYD

GET
H2 200 flag.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 234 B
291 B 190ms
189ms Image
image/svg+xml 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/flag.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f52a0c7d9fa7ae8e45916c491ae7193f9a1e289f128f05264122c53d8da970db

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:02 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 14136
etag: W/"62deda56-ea"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7f9f43546e9da96d-SYD

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 1370ms
370ms Script
text/javascript 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-829541-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 21 Aug 2023 00:04:12 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6771
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 21 Aug 2023 02:04:12 GMT

GET
H2 204 state Show response
api.btloader.com/mw/ 0
101 B 893ms
357ms Fetch 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/mw/state?bt_env=prod
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 21 Aug 2023 01:57:02 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 px.gif
ad-delivery.net/ 43 B
330 B 995ms
159ms Image
image/gif 104.26.3.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2195699
x-guploader-uploadid: ADPycdvVCPEJoBxjGWUtaui-7zF0kCwzagzkRBFQVQKo5zMFNhZ4pF0S-e6rjCpDhJ_KB-Ep2Yt7PfvEqiufqXC7H6h01Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BShNfzE9ByeOm4abgRCBWZBJ1V%2FrLYHSx4SoBnEx4BoJnQ5P7aypQXOI5YUW8xgnQ3bpG9nQlbQiLNk1M%2F7Lcf5dovoQ%2F7xLcT1Y4ru0uIQ8jPXdwxe%2Br5IHM%2FTrfd0Omg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7f9f435a4d28a8aa-SYD
expires: Wed, 26 Jul 2023 16:02:26 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
571 B 917ms
241ms Image
image/x-icon 172.253.118.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f148.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 15:24:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37946
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 21 Aug 2023 15:24:37 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
918 B 902ms
158ms Image
image/gif 104.26.3.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.7799907497036749
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2195699
x-guploader-uploadid: ADPycdvVCPEJoBxjGWUtaui-7zF0kCwzagzkRBFQVQKo5zMFNhZ4pF0S-e6rjCpDhJ_KB-Ep2Yt7PfvEqiufqXC7H6h01Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=laMjMewIExXvTzU%2FHX%2FbYZ0rMJ1xHlV5O3cBCNPt9EikMaAVw%2FdDfsyCivWazQSpgL216ivc8kSSEvSt1gkMlOFtQTFOTRezHmvashU7LQ%2Fv3rhxRnNtW7FI3kubJD1GNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7f9f435a4d29a8aa-SYD
expires: Wed, 26 Jul 2023 16:02:26 GMT

GET
H2

200

invisible.js Show response
www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/313d8a27/ Frame 4D48
Redirect Chain

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/invisible.js
https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/313d8a27/invisible.js

7 KB
4 KB

163ms
162ms

Script
application/javascript

104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/313d8a27/invisible.js

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Server

104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84911a805f4891cc811511525f3ccd331b058dded13462b3cada32a9fa5c7346

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7f9f43592c6da96d-SYD

Redirect headers

date: Mon, 21 Aug 2023 01:57:02 GMT
content-encoding: gzip
server: cloudflare
vary: accept-encoding
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/313d8a27/invisible.js
cache-control: max-age=300, public
cf-ray: 7f9f43559808a96d-SYD

POST
H2 200 saa.go Show response
g.ezoic.net/ 14 KB
5 KB 1605ms
369ms XHR
text/javascript 54.151.156.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/saa.go
Requested by: Host: www.ezojs.com
URL: https://www.ezojs.com/ezoic/sa.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.151.156.30 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-151-156-30.ap-southeast-1.compute.amazonaws.com
Software: Apache/2.4.39 (Ubuntu) /
Resource Hash: 7dd5debdcdebc83e78fea8102c6e49ad1325772e13e65b403aad1d0fcc70c498

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 21 Aug 2023 01:57:03 GMT
content-encoding: br
server: Apache/2.4.39 (Ubuntu)
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-robots-tag: noindex
access-control-allow-headers: Content-Type
expires: Sun, 20 Aug 2023 01:57:03 GMT

GET
H2 200 boise.js Show response
go.ezodn.com/detroitchicago/ 673 B
898 B 1018ms
166ms Script
application/javascript 172.64.136.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/boise.js?gcb=195-2&cb=2
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fa04d8b4b07ebd5ebb250e33b532615e80dd02d46afb5cc0654c3c128b1c427

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:04 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2023 15:05:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3272998
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H8gPOlbLM2%2FGow1DnnGQucEX7AzaPZedd2BknnC1lN%2FTBp40I6QVj3JE8M67ULNz2IKa0s8%2B2T05KpjCPyFFVZ9r5UpRknV0lYDy%2BWMPPE%2BJ7RJS%2BrAhW3pSg3PEa58%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f9f435e4f314ffc-MEL
alt-svc: h3=":443"; ma=86400

GET
H2 200 memphis.js Show response
go.ezodn.com/detroitchicago/ 6 KB
3 KB 1018ms
167ms Script
application/javascript 172.64.136.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/memphis.js?gcb=195-2&cb=27
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e0449433f5a829a39e7183a95731f17604a3eeca7127eee349f2ed56d19863b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:04 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 10 Aug 2023 22:36:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 876033
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vEVrbg4BMiVnHW8pTLZJm7nThEZa5mS%2Bl1nniO7T2g5FA8TQjNDDeXMv%2F8DLCDA1p3aOwihmFvVBMOyWI9uWBTsWeJews1a4UCFYxAl2YtN5KvGpS2Ru1xHf%2B204dZY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f9f435e4f324ffc-MEL
alt-svc: h3=":443"; ma=86400

GET
H2 200 minneapolis.js Show response
go.ezodn.com/detroitchicago/ 749 B
742 B 1019ms
168ms Script
application/javascript 172.64.136.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/minneapolis.js?gcb=195-2&cb=4
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 753fa7b04751066160f1f5b44c4d518e839277591836a51da5d0fd614e63c863

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:04 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Jul 2023 02:07:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2834132
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6qGeP3z%2B92ncbNobvk2YV1r7DUhrX%2BZDE6OvmIZFRD%2BFXINwG7kirmdsTwCiPtBgOrk5LOB5LpC7Oqnz5XIo7HLSH4lU8HaiStL4VzLl41l4bsgeMT1FTUPmxdhvv7I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f9f435e4f354ffc-MEL
alt-svc: h3=":443"; ma=86400

GET
H2 200 et.js Show response
go.ezodn.com/porpoiseant/ 850 B
765 B 165ms
164ms Script
application/javascript 172.64.136.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/porpoiseant/et.js?gcb=195-2&cb=1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b59fb884e042986638877395f3d08978aa6a7b31458f1d53d188799e4d677a28

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:04 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Aug 2023 23:33:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1650233
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pyDToCD2jwUVfZpBLCvJOAaIo9X3%2FwArZZGzG0FFBCAJI9scLFPvOB8yIxkBkemZ5xFU%2B2B%2BTwLIbdLuWw2yG78R339BHS0n1LAbFjqKfF6otLhwyJ50MCJ6nEXoQoE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f9f436029dc4ffc-MEL
alt-svc: h3=":443"; ma=86400

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame E866 299 B
871 B 1689ms
402ms Image
image/png 157.240.235.1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.235.1 , Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-04-sin6.fbcdn.net

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:04 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
x-fb-debug: neboMOczTAWeYteSai+BdJQgLyVjfSITUiKCgpLPcy9G0uCcm1w/tgsNIcc3LRkk2iUyDadhrZ6F9qK+hzCSKg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Fri, 16 Aug 2024 19:12:04 GMT

GET
H2 200 prebid5.17.0.js Show response
www.mediafire.com/js/ 263 KB
82 KB 175ms
174ms Script
application/x-javascript 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mediafire.com/js/prebid5.17.0.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6dc7917529ca101209b15752c61816375bbbb8b7b9809efb540ccacf45748d09

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:04 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
cf-bgj: minify
server: cloudflare
age: 1532
etag: W/"62deda56-41aec"
cf-polished: origSize=269036
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 7f9f43602cbea96d-SYD
expires: Wed, 20 Sep 2023 01:00:25 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 98 KB
29 KB 1365ms
377ms Script
text/javascript 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

cafe /

Resource Hash

19c8ec6911cd41cc76409ea98570d151aa8c2585baf63597d26f9edadf7efea9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28846
x-xss-protection: 0
server: cafe
etag: 230 / 19590 / m202308150101 / config-hash: 4570674370816517536
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 21 Aug 2023 01:57:05 GMT

GET
H2 200 ZbmmFWsH-NS.js Show response
static.xx.fbcdn.net/rsrc.php/v3i7244/yd/l/en_GB/ Frame E866 520 KB
135 KB 1687ms
410ms XHR
application/x-javascript 157.240.235.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3i7244/yd/l/en_GB/ZbmmFWsH-NS.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.235.1 , Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-04-sin6.fbcdn.net

Software

Resource Hash

b24298549c011bf05619ec71368fe41b468309bbac18ed903cf8caa035a2e6f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:05 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: vMM2HN9rsDWT/XT7fqi6rQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137090
x-fb-debug: 8RlFEprvPVa+7fiS3dkaLzgcLGlFIBdl9kx3AmO0SKl93lD3D7XFc/QlcpwtN4tN5OY3444td1TLbl9LGqW+FQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 17 Aug 2024 16:59:22 GMT

GET
H2 200 m=el_main_css
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/ 22 KB
5 KB 1232ms
245ms Stylesheet
text/css 172.253.118.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/m=el_main_css

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_GB.BoOQIX0qKek.O/d=1/rs=AN8SPfrk3DX37zyp-jNUyQksz0ImCM-ArQ/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f94.1e100.net

Software

sffe /

Resource Hash

71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 06:35:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 242505
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4144
x-xss-protection: 0
last-modified: Sat, 15 Jul 2023 01:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 17 Aug 2024 06:35:19 GMT

GET
H2 200 m=el_main Show response
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.BoOQIX0qKek.O/d=1/exm=el_conf/ed=1/rs=AN8SPfrk3DX37zyp-jNUyQksz0ImCM-ArQ/ 214 KB
76 KB 1354ms
365ms Script
text/javascript 172.217.194.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.BoOQIX0qKek.O/d=1/exm=el_conf/ed=1/rs=AN8SPfrk3DX37zyp-jNUyQksz0ImCM-ArQ/m=el_main

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_GB.BoOQIX0qKek.O/d=1/rs=AN8SPfrk3DX37zyp-jNUyQksz0ImCM-ArQ/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f95.1e100.net

Software

sffe /

Resource Hash

b793f5d22ad718abf35ec4c17097402732ca94a52ccc691ba458e81b1a2f4526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 17:17:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 117568
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77340
x-xss-protection: 0
last-modified: Wed, 16 Aug 2023 03:14:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 18 Aug 2024 17:17:37 GMT

GET
H2 200 Tag.engine Show response
otnolatrnup.com/ 2 KB
2 KB 352ms
346ms Script
application/json 104.19.215.37
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://otnolatrnup.com/Tag.engine?time=-480&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=72509&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=480&fpe=1&bw=1600&bh=1200&res=1600x1200&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone
Requested by: Host: cdn.otnolatrnup.com
URL: https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.215.37 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e4d1218481295ab8c3d101bc64be7a1ee4d776cf5f459fcfef7b6273e29d046

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:05 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: cloudflare
vary: Accept-Encoding
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
content-type: application/json; charset=utf-8
cache-control: private, no-transform
cf-ray: 7f9f43610f63aaff-SYD
alt-svc: h3=":443"; ma=86400

POST
H2 200 / Show response
api.amplitude.com/ 7 B
205 B 1180ms
334ms XHR
text/html 52.35.197.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.amplitude.com/

Requested by

Host: cdn.amplitude.com
URL: https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.197.209 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-197-209.us-west-2.compute.amazonaws.com

Software

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 21 Aug 2023 01:57:04 GMT
strict-transport-security: max-age=15768000
trace-id: Root=1-64e2c470-449c434e28d0ebca30b4125b
content-length: 7
access-control-allow-methods: GET, POST
content-type: text/html;charset=utf-8

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 225 KB
78 KB 259ms
259ms Script
application/javascript 142.251.12.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

8814e2b4ee6d79159c9bcd9b9f8daba5eb480ec6cefe9e70f6344e6e5bcbe114

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80147
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 21 Aug 2023 01:57:04 GMT

POST
H2 200 7f9f43390cf7a96d Show response
www.mediafire.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 4D48 0
253 B 262ms
262ms XHR
text/plain 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/cv/result/7f9f43390cf7a96d
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 21 Aug 2023 01:57:03 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 7f9f435ade93a96d-SYD
content-type: text/plain; charset=UTF-8

GET
H2 200 country Show response
api.btloader.com/ 16 B
141 B 327ms
326ms Fetch
application/json 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/country
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: fa1f876cb70f7a711191b9dab191d9cc1c037ae4f5f5ea032dfe742f51c07f65

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:03 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16

GET
H2 204 pv Show response
api.btloader.com/ 0
66 B 325ms
325ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=WalWX35z7m&w=5115845767331840&o=5678961798414336&cv=2.1.17-2-g0b33bd3&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile&sid=xngi3nyn&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 21 Aug 2023 01:57:03 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
208 B 359ms
358ms XHR
text/plain 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1390997149&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile&ul=en-us&de=UTF-8&dt=Installation&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=276543435&gjid=1126940675&cid=871168537.1692583024&tid=UA-829541-1&_gid=801097875.1692583024&_r=1&gtm=457e38g0&cd1=unregistered&cd7=legacy&cd3=archive&cd4=51&cd5=rar&cd8=%2F100%2F&jsscut=1&z=1632255286

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 raleigh.js Show response
go.ezodn.com/detroitchicago/ 1 KB
1002 B 168ms
167ms Script
application/javascript 172.64.136.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/raleigh.js?gcb=195-2&cb=6
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30887d75ca7268ceabc93067bca019f8ffe07189630a759407b236736e1f15af

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:05 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Dec 2022 14:21:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 20950535
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ohpPQdcfsLTB%2BrmqEpxf27H2yHl5HDHpelWaHLyxWHljAjpO26TOo%2BgpcrhZ1QhbPKELMbbH%2BBkHwWkgg%2BNLuTeqwi0HoC1qFq4pwYKMqObZDwnOoeubZoCNImVXjo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f9f43627d2e4ffc-MEL
alt-svc: h3=":443"; ma=86400

GET
H2 200 vista.js Show response
go.ezodn.com/detroitchicago/ 547 B
631 B 169ms
167ms Script
application/javascript 172.64.136.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/vista.js?gcb=195-2&cb=4
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7471d5963a40a4971b402353e3719cc69c51f0b415126f861d72d9bd6f2c3cf5

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:06 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Aug 2023 16:00:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 381423
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mw7cjN3oaB4JeJcRXxSAlAxwBMtPAwOUyH8fIqxFOJrFTmou9HRpy27LmcDNChOhM9GZzBV1LVP4YC6pqC0DqqmPYbL95TNmszhL7dg0xHAZ8zEsRxNvDCbH5JPbB7A%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f9f4368de6f4ffc-MEL
alt-svc: h3=":443"; ma=86400

GET
H2 200 tampa.js Show response
go.ezodn.com/detroitchicago/ 723 B
705 B 168ms
167ms Script
application/javascript 172.64.136.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/tampa.js?gcb=195-2&cb=5
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e611f58b19c2ff6aba81588e7b0a148e523d8acbadc40092f8de5f50dca2f93c

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:06 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Jul 2023 02:07:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2698726
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oJiaqBZ3C54TGcdTn1mEsaCnzEbRrW2MhM6CJHIWYRt0R4ukmz9Q46yhZvLImkXRX71HbY3XcTGfEhq%2BhzfWgUpWn6w7m8Z8evaLWpK%2B1%2B16N%2BxcaIOXJMznH8IaGBI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f9f4368de714ffc-MEL
alt-svc: h3=":443"; ma=86400

GET
H2 200 rochester.js Show response
go.ezodn.com/detroitchicago/ 2 KB
1 KB 260ms
260ms Script
application/javascript 172.64.136.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/rochester.js?gcb=195-2&cb=17
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71ac1f412d544231441eabf3f0b2437b769aba569c637a3e9524e6421d781cc9

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:06 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 07 Aug 2023 19:20:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1147010
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4pVGrWXGoB3bgugJhtqMfcMNagNdMNGCdGNeaPdN%2F7Jx24ty3BvBDpT%2FZAKQ9BsNqQjpjMM4u3xesGRiHRr43UIMHOX8JoMK96UdInhrGCJfPjQFTobxFbWk1%2BPRxNk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f9f4368de724ffc-MEL
alt-svc: h3=":443"; ma=86400

GET
H2 200 edmonton.webp Show response
go.ezodn.com/detroitchicago/ 21 KB
6 KB 169ms
168ms Script
application/javascript 172.64.136.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/edmonton.webp?a=a&cb=195-2&shcb=34
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5d9c9f6bbfd42b7c3c63a20fb54ba49978b53f6b981fbabe4d56dd90b2b44ab

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:06 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Jul 2023 02:07:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2698726
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JjQIUoahk7gvD%2FjKgnA5nGGojzivbtRqDUTVFqTgKQClMvHMzyPLhXBHcCyz%2FJv9x8d2LW1W8VqCug5nyLuqx4Zxkm5PEy4JVgut%2FXgH01E5Ib%2BUN%2BjH2iBvWDmiA20%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f9f4368de754ffc-MEL
alt-svc: h3=":443"; ma=86400

GET
H2 200 vitals.js Show response
go.ezodn.com/tardisrocinante/ 5 KB
2 KB 169ms
168ms Script
application/javascript 172.64.136.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/tardisrocinante/vitals.js?gcb=195-2&cb=3
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.136.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d839b193eba1dd4578cc90dfe2fe6edea552e807f65af9e79780a58d0ad9b1bb

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:06 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Jul 2023 02:07:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2698726
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CukEf%2B%2FsRmMC5CkZXw7MHSct9Wy5%2FTmxY5jX421o1Uc%2BoJXRs8V0NA1r3pVtJ%2FUgbPhJ48qzd1ggJBXsNG%2FB3n6qws4xoXJOO6P6mZWrjYqOIMhasrmrE3YkLnNVCwY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 7f9f4368de774ffc-MEL
alt-svc: h3=":443"; ma=86400

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 8 B
354 B 1228ms
244ms XHR
text/plain 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-829541-1&cid=871168537.1692583024&jid=276543435&gjid=1126940675&_gid=801097875.1692583024&_u=YEBAAUAAAAAAACAAI~&z=1689253999

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

7817ee889e9c73351b96c97c740c9dd746ba87ebd6c6fcab3cd77cd021920ce7

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 21 Aug 2023 01:57:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST translator
hbopenbid.pubmatic.com/ 0
0

POST prebid
prebid.media.net/rtb/ 0
0

POST v1
btlr.sharethrough.com/universal/ 0
0

POST
H2 204 collect
analytics.google.com/g/ 0
255 B 1347ms
361ms Ping
text/plain 142.251.12.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je38g0&_p=1390997149&_gaz=1&cid=871168537.1692583024&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1692583025&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile&dt=Installation&en=page_view&_fv=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.12.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: se-in-f138.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 244ms
243ms Ping
text/plain 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K68XP6D85D&cid=871168537.1692583024&gtm=45je38g0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sa-in-f156.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com.au/ads/ 42 B
408 B 1242ms
252ms Image
image/gif 64.233.170.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.au/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=871168537.1692583024&gtm=45je38g0&aip=1&z=141163200

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 1234ms
250ms Image
image/gif 142.251.12.105
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-829541-1&cid=871168537.1692583024&jid=276543435&_u=YEBAAUAAAAAAACAAI~&z=256313169

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.105 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f105.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com.au/ads/ 42 B
107 B 1074ms
254ms Image
image/gif 64.233.170.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.au/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-829541-1&cid=871168537.1692583024&jid=276543435&_u=YEBAAUAAAAAAACAAI~&z=256313169

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK log
qsearch-a.akamaihd.net/ 35 B
296 B 1112ms
292ms Image
image/gif 184.87.193.161
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=projectevents&project=prebid&acid=53f66653-eec2-4fb3-befe-23964adb9e2e&cid=8CUO2689O&crid=557354025|330813575|183032171|640217438|284788225&adunit_count=5&dn=www.mediafire.com&requrl=https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file&istop=true&event=client_timeout&value=5&rd=1000
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.87.193.161 , Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-87-193-161.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Aug 2023 01:57:07 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Mon, 21 Aug 2023 01:57:07 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/ 402 KB
127 KB 342ms
341ms Script
text/javascript 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

cafe /

Resource Hash

a6eda84e469463424ebf458949c409a82ee31d042cf3c8e84978658832f634c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 15:15:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38516
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129634
x-xss-protection: 0
server: cafe
etag: 8962464231799197432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 19 Aug 2024 15:15:10 GMT

POST
H2 200 imp.gif
g.ezoic.net/detroitchicago/ 43 B
196 B 366ms
365ms Ping
image/gif 54.151.156.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/detroitchicago/imp.gif?ez_orig=1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/detroitchicago/memphis.js?gcb=195-2&cb=27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.151.156.30 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-151-156-30.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 21 Aug 2023 01:57:06 GMT
content-encoding: br
access-control-max-age: 1728000
access-control-allow-methods: HEAD, PUT, POST, GET, OPTIONS
content-type: image/gif
access-control-allow-origin: https://www.mediafire.com
x-middleton-display: imp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
vary: Accept-Encoding
access-control-allow-headers: Content-Type
content-length: 47
expires: Sun, 20 Aug 2023 01:57:06 GMT

GET
DATA 200
OK truncated Show response
/ Frame 08FD 1 KB
1 KB Document
text/html

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b7637a4cc7e15b52376c9dba975683af0b7987a44b3d05200747c035a6852274

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Content-Type: text/html;charset=UTF-8

GET
H2 200 24px.svg
fonts.gstatic.com/s/i/productlogos/translate/v14/ 6 KB
4 KB 1347ms
362ms Image
image/svg+xml 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Wed, 16 Aug 2023 15:26:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 383423
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3340
x-xss-protection: 0
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Aug 2024 15:26:44 GMT

GET
H2 200 googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 910 B
1 KB 244ms
244ms Image
image/png 172.253.118.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f94.1e100.net

Software

sffe /

Resource Hash

6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Wed, 16 Aug 2023 15:17:14 GMT
x-content-type-options: nosniff
age: 383992
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 910
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 15 Aug 2024 15:17:14 GMT

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 2 KB
2 KB 244ms
244ms Image
image/png 172.253.118.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/m=el_main_css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f94.1e100.net

Software

sffe /

Resource Hash

4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/d=0/rs=AN8SPfp0QXhhaDDdjg_LgcSqoZiPEzC1tw/m=el_main_css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Wed, 16 Aug 2023 15:07:07 GMT
x-content-type-options: nosniff
age: 384599
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1842
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 15 Aug 2024 15:07:07 GMT

GET
H2 200 183096492 Show response
fundingchoicesmessages.google.com/i/ 150 KB
50 KB 270ms
264ms Script
application/javascript 64.233.170.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/183096492?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f113.1e100.net

Software

ESF /

Resource Hash

980d92896bb47adf7f91d17acfa2a4181ce17137a52bd0c4535c8de098659e72

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Xa-Vfep_DqeDrTPgY73h9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:07 GMT
content-security-policy: script-src 'report-sample' 'nonce-Xa-Vfep_DqeDrTPgY73h9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxXThfUgltFn78NjeCD3FQn0pg64Sx61R2lnANS9g3zs_DUkSwMkoVy844tlTtQAHa1nVyjB9NG9wJdpmgWsA6Fso2yAg7CvD5nyHZUvzI9co8bUYG0GPzez4EAoWN7RQfayJ1DetA== Show response
fundingchoicesmessages.google.com/f/ 13 KB
6 KB 371ms
370ms Script
application/javascript 64.233.170.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXThfUgltFn78NjeCD3FQn0pg64Sx61R2lnANS9g3zs_DUkSwMkoVy844tlTtQAHa1nVyjB9NG9wJdpmgWsA6Fso2yAg7CvD5nyHZUvzI9co8bUYG0GPzez4EAoWN7RQfayJ1DetA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjkyNTgzMDI3LDM5MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2toZG1mbGdiOWt1NXU2Zy9JbnN0YWxsYXRpb24ucmFyL2ZpbGUiLG51bGwsW1s4LCJOZDd2bVkzUUQ3RSJdLFs5LCJlbi1HQiJdLFsxOSwiMiJdXV0

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.Nd7vmY3QD7E.es5.O/d=1/rs=AJlcJMz1uDDkPkIttQJcWgHtnSHJ0pCTYQ/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f113.1e100.net

Software

ESF /

Resource Hash

9c3e5174a99044d33bc0cc8df359288a2b634d19931873d3520d17a93866f27f

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-iMP8Vy2o3BjcpmWEl82P-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:07 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-iMP8Vy2o3BjcpmWEl82P-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
896 B 985ms
151ms Script
application/javascript 151.101.129.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 21 Aug 2023 01:57:08 GMT
x-content-type-options: nosniff
content-encoding: br
age: 9408
x-jsd-version: master
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 439
x-served-by: cache-fra-eddf8230042-FRA, cache-bne12529-BNE
x-jsd-version-type: branch
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 112 KB
26 KB 1020ms
165ms Script
text/javascript 104.22.53.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.53.86 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0c750b97759124bffe209a81cfb7a3aa05dd20ca1168314348cb865254f1ce2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:08 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 02 Aug 2023 11:32:19 GMT
server: cloudflare
x-amz-request-id: WCJQD11A6AW7JTZQ
age: 290
etag: W/"25c6f4638264ba52fb77e06351d38d61"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 7f9f43772fd8dfa7-SYD
x-amz-id-2: nO33SKjCuXKoPcc4wlKxUzYsqEty6rHBWYLP8GJLr91JChfJ9KpQ8Pkp3q3K9rR4dSPlFAXmwq8=

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 727ms
180ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 17:24:06 GMT
content-encoding: gzip
age: 2017982
x-guploader-uploadid: ADPycdsJpfkq5br9sLBg2UrU2kLZa_xJwCtecUlvnv6mejy7q64RSuGCpiYKStdCYi9xQfgXiOM_0louXUe4otB99X3Mbg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Sat, 27 Jul 2024 17:24:06 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 43 KB
13 KB 1711ms
544ms Script
text/javascript 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

14b4caf239342334bf7b8280605e60f67c33c589762047b8bd67c0552fdb80a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:08 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 03 Aug 2023 11:12:29 GMT
server: nginx
etag: W/"64cb8b9d-aa04"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 22 Aug 2023 01:57:08 GMT

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 2 KB
2 KB 1649ms
370ms Script
text/javascript 54.192.148.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.148.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-148-37.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-amz-version-id: null
Date: Mon, 21 Aug 2023 01:38:11 GMT
Via: 1.1 d8bc31f1690f46d533b518410accf19e.cloudfront.net (CloudFront)
Last-Modified: Thu, 04 May 2023 00:14:06 GMT
Server: AmazonS3
X-Amz-Cf-Pop: SIN2-C1
Age: 2150
x-amz-server-side-encryption: AES256
ETag: "4d5acbf33f4a0592ac0515db92fe88e6"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1858
X-Amz-Cf-Id: MHZWD_Y4bY4Q3o_w3X4QfoolIAfXKIWuwQG3bUsJsHwbdKZ4qTDkHw==

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 38 KB
12 KB 2414ms
1038ms Script
text/javascript 13.33.52.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.52.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-52-121.man50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c0c2ec1f2d626ab278d81abe34d30681f0007e8c79a890165f27e3e1550e99b7

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 11:35:11 GMT
content-encoding: gzip
via: 1.1 e63c071ca838fc63dd9d080ea4fe0c8a.cloudfront.net (CloudFront)
last-modified: Wed, 31 May 2023 20:34:33 GMT
server: AmazonS3
x-amz-cf-pop: MAN50-C1
age: 51723
x-amz-server-side-encryption: AES256
etag: W/"550ead3a95bd6cfcd917d45c5f8f4553"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: XdR8YhHFi5inSAa9J17NFCn6QivSFPPHLKCk0fKz6vy5t-YlNfoUtg==

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 1000ms
456ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:12 GMT
via: 1.1 google, 1.1 google
last-modified: Thu, 03 Aug 2023 03:28:51 GMT
server: Google Frontend
etag: fc4e6bfe266081c4873c6f08c8298e5c
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: 450fb2f94011b0c2405919493cce2eb4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 59 KB
23 KB 476ms
472ms XHR
text/plain 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4461048987202706&correlator=205924280358450&output=ldjh&gdfp_req=1&vrg=202308150101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=183096492%2CMediaFire-Zone4&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=1&didk=2372303816&sfv=1-0-40&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1692583027418&adxs=430&adys=1095&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=480&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile&vis=1&psz=960x1500&msz=728x90&fws=0&ohw=0&ga_vid=871168537.1692583024&ga_sid=1692583027&ga_hid=1390997149&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY08W9rqExSABSAghkEhkKCnB1YmNpZC5vcmcY0sW9rqExSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGNPFva6hMUgAUgIIZBIXCghydGJob3VzZRjTxb2uoTFIAFICCGQSFAoFb3BlbngY08W9rqExSABSAghkEhkKCnVpZGFwaS5jb20Y08W9rqExSABSAghkEhsKDGlkNS1zeW5jLmNvbRjTxb2uoTFIAFICCGQ.&dlt=1692583019501&idt=7309&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121913%26dladtemplate%3D51%26button_delay%3Ddisabled&adks=215913335&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

cafe /

Resource Hash

caa2095270962c7a40ad6076d820533997c6661d7a031b7f36a2a34b5aaed1b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23640
x-xss-protection: 0
google-lineitem-id: 5967615577
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138386588793
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 60 KB
23 KB 571ms
567ms XHR
text/plain 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4461048987202706&correlator=2487650812069824&output=ldjh&gdfp_req=1&vrg=202308150101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=183096492%2CMediaFire-Zone1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=2&didk=2298854458&sfv=1-0-40&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1692583027428&adxs=552&adys=10&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=480&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile&vis=1&psz=960x1500&msz=728x-1&fws=0&ohw=0&ga_vid=871168537.1692583024&ga_sid=1692583027&ga_hid=1390997149&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY08W9rqExSABSAghkEhkKCnB1YmNpZC5vcmcY0sW9rqExSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGNPFva6hMUgAUgIIZBIXCghydGJob3VzZRjTxb2uoTFIAFICCGQSFAoFb3BlbngY08W9rqExSABSAghkEhkKCnVpZGFwaS5jb20Y08W9rqExSABSAghkEhsKDGlkNS1zeW5jLmNvbRjTxb2uoTFIAFICCGQ.&dlt=1692583019501&idt=7309&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121913%26dladtemplate%3D51%26button_delay%3Ddisabled&adks=630197753&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

cafe /

Resource Hash

6d18e303b9b80d6270ff32553d4b915629dc817f67f82b075336c43e58a85988

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23581
x-xss-protection: 0
google-lineitem-id: 5967615577
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138386588793
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 60 KB
23 KB 667ms
663ms XHR
text/plain 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4461048987202706&correlator=3067631620875641&output=ldjh&gdfp_req=1&vrg=202308150101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=183096492%2CMediaFire-Zone2&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280%7C300x250&ifi=3&didk=2784911678&sfv=1-0-40&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1692583027432&adxs=320&adys=120&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=480&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile&vis=1&psz=960x1500&msz=336x-1&fws=0&ohw=0&ga_vid=871168537.1692583024&ga_sid=1692583027&ga_hid=1390997149&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY08W9rqExSABSAghkEhkKCnB1YmNpZC5vcmcY0sW9rqExSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGNPFva6hMUgAUgIIZBIXCghydGJob3VzZRjTxb2uoTFIAFICCGQSFAoFb3BlbngY08W9rqExSABSAghkEhkKCnVpZGFwaS5jb20Y08W9rqExSABSAghkEhsKDGlkNS1zeW5jLmNvbRjTxb2uoTFIAFICCGQ.&dlt=1692583019501&idt=7309&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121913%26dladtemplate%3D51%26button_delay%3Ddisabled&adks=3841872593&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

cafe /

Resource Hash

ce425109a03c7002bc683108e8099a337738f7a4ece040b0cde16621454440b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23585
x-xss-protection: 0
google-lineitem-id: 5967615577
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138387045472
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 60 KB
23 KB 637ms
634ms XHR
text/plain 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4461048987202706&correlator=4470005930662246&output=ldjh&gdfp_req=1&vrg=202308150101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=183096492%2CMediaFire-Zone3&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280%7C300x250&ifi=4&didk=3528871077&sfv=1-0-40&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1692583027435&adxs=320&adys=420&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=480&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile&vis=1&psz=960x1500&msz=336x-1&fws=0&ohw=0&ga_vid=871168537.1692583024&ga_sid=1692583027&ga_hid=1390997149&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY08W9rqExSABSAghkEhkKCnB1YmNpZC5vcmcY0sW9rqExSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGNPFva6hMUgAUgIIZBIXCghydGJob3VzZRjTxb2uoTFIAFICCGQSFAoFb3BlbngY08W9rqExSABSAghkEhkKCnVpZGFwaS5jb20Y08W9rqExSABSAghkEhsKDGlkNS1zeW5jLmNvbRjTxb2uoTFIAFICCGQ.&dlt=1692583019501&idt=7309&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121913%26dladtemplate%3D51%26button_delay%3Ddisabled&adks=1870779098&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

cafe /

Resource Hash

d8ac15e19dbabaeb6b0021a55be2510845aa063fc367cd4a07425301ec842598

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23502
x-xss-protection: 0
google-lineitem-id: 5967615577
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138387047020
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
6fa3b6ed325ccde04565ab7446985573.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FD7A 6 KB
3 KB 1504ms
370ms Document
text/html 74.125.68.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6fa3b6ed325ccde04565ab7446985573.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.68.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sc-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 21 Aug 2023 01:57:08 GMT
expires: Tue, 20 Aug 2024 01:57:08 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame BCFA 0
0 375ms
375ms Fetch
image/gif 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuWwyoWEojzK5TlH7AmLg4HBpplbXseoRb-CjlbVR2f-TRZjYn7MlnV_icxVdJl1W4bcJqaNzXHCYELbHb57Jt_II7Xztc88WiQpiBveT4xA6ZoEXyM5v3nm29GMKc88OC5PNMZfWsMsDBjJgkmDgefd7dJSLr7fZxOb7gJn490ZYijnVrHatoiiwoN_GAqjkKd2pNfuMI6mQ8omGsF064E08eYmSIbLuxUYJQk5PcT6phx14PDHMQucNdG7sllIL804hVre_raWhWCrufrpqsnvsqmNLTUaQ7iMhGkojwmNcbSpfRSixnuOr9TA0YAk-a4mNEhngyfvgo&sai=AMfl-YQaPLgw9CgbdfGnkZvFDiqFqh2y6U1j8sjQe-byjcUfA46c9A3zAB7uqwpcElyStp38WUOfS_atNqw9uGT49efaKOOvaWlhdVn9IwUaBuc&sig=Cg0ArKJSzChuCviW_s00EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 21 Aug 2023 01:57:08 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/ Frame BCFA 23 KB
9 KB 246ms
244ms Script
text/javascript 64.233.170.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f132.1e100.net

Software

cafe /

Resource Hash

821da8af52f9abd6ed4c5148caee6e2cf2188c9ca01a0008a5a1ce789ce7d99b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 10:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56338
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9092
x-xss-protection: 0
server: cafe
etag: 9312205082594545078
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Sep 2023 10:18:14 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame BCFA 3 KB
1 KB 250ms
247ms Script
text/javascript 64.233.170.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 23:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10482
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Sep 2023 23:02:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BCFA 180 KB
57 KB 1616ms
1612ms Script
text/javascript 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

sffe /

Resource Hash

78ae55fc0ceb8ac07f56b87f7886371e91a57dafb6ee5154f317b7bb11da12a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57620
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1692185840427238"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 21 Aug 2023 01:57:09 GMT

GET
H2 200 161916835193314050
tpc.googlesyndication.com/simgad/ Frame BCFA 59 KB
59 KB 1574ms
580ms Image
image/png 64.233.170.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/161916835193314050

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f132.1e100.net

Software

sffe /

Resource Hash

364938aa1109d593daa0c80127eb49a945e884869bc7022e0b068ba92ddf4e29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 22:44:31 GMT
x-content-type-options: nosniff
age: 97958
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60182
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 13:14:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 18 Aug 2024 22:44:31 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6496 0
0 358ms
358ms Fetch
image/gif 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss0DF_P29zpYh3ZUsuIMSHUfs1V8Wow9W69kXFI200uqivehmSDx1sRQFgjNZ6g-tRNzLQdOj_aYpLEVYMosVxwYu2xySOWWiod5TpDEWizQIIEv0SSjMgcSmuo-r0gbd-adWeBkyxqxjE9knkmoHKzr9vbuCYh2tOwqyZcltPYoEycLb2ot2hiAv9jU_7j7kNiov81-H2Az4T6DDlAbNtImPM-hijWL5D6Qe6BiGllpOU0x4m4AO4jMqw4bOR7KjVdPszOPtrOTOp0WaLxyC_ocauftJXcX6te_Pb4_dx-cUjYNYmfljSSX74c0fYm2bLcAGGIO4T1KR4&sai=AMfl-YTSCMqnFp_YQcCMCvV64_i6kVjT27mgDb9WmPpzqpp7RxrIMogzzZc8KsHFDVqtPOcRj-VMlzE8nSfgdkIaPUMXcFk_ImWrb_PLnxzDBxQh_RG5bLYCS3hnZN9tRklJswqmnXLm0HAsCPj_YEc&sig=Cg0ArKJSzAYsjIdYaAstEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 21 Aug 2023 01:57:08 GMT

GET
H2 200 161916835193314050
tpc.googlesyndication.com/simgad/ Frame 6496 59 KB
59 KB 1612ms
619ms Image
image/png 64.233.170.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/161916835193314050

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f132.1e100.net

Software

sffe /

Resource Hash

364938aa1109d593daa0c80127eb49a945e884869bc7022e0b068ba92ddf4e29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 22:44:31 GMT
x-content-type-options: nosniff
age: 97958
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60182
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 13:14:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 18 Aug 2024 22:44:31 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/ Frame 6496 23 KB
9 KB 344ms
342ms Script
text/javascript 64.233.170.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f132.1e100.net

Software

cafe /

Resource Hash

821da8af52f9abd6ed4c5148caee6e2cf2188c9ca01a0008a5a1ce789ce7d99b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 10:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56338
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9092
x-xss-protection: 0
server: cafe
etag: 9312205082594545078
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Sep 2023 10:18:14 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame 6496 3 KB
1 KB 250ms
248ms Script
text/javascript 64.233.170.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 23:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10482
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Sep 2023 23:02:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6496 180 KB
56 KB 1933ms
1933ms Script
text/javascript 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

sffe /

Resource Hash

78ae55fc0ceb8ac07f56b87f7886371e91a57dafb6ee5154f317b7bb11da12a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57620
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1692185840427238"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 21 Aug 2023 01:57:09 GMT

GET
DATA 200
OK truncated
/ Frame BCFA 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d898a15abf3da3d6feb421e03686f731025bce03f1a7f54c39a06b7af6577693

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6496 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a0ba3c972dd62d270848c042967fa8bc2fc351e72e87d800c221628f33ac7418

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0066 0
0 299ms
298ms Fetch
image/gif 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstEnx0vCWHIxuRv6kD4_QcqLh6OsZelnPD2_4pDlcya6W0kQpk9Z92qyCGmX89kgzLz-D0YU9giaEcISqG6JPDZJvQFGUoPNerwYjPKqtcf8VMR-uzHdIsH3FG1Kf9kYbh7kAzYzoBxZL9SzXoAFnzyEth4WyUXpbiUm_Sks5z3Lxfz7_SOXR6LRHgC9yLFiUB8Tmu6fsddr7naUz_RoPtXH5RCihvN4bAaFDs8j65jKA9rn-dVXLKa8OCZ9bC9ui1uFTg7ntii7eUime1qzTRGsun2U5_jlw2Bcl8JcYjDzSs9ZyzP1T6R_vl5oYCIJadnZQBuYs2XewA&sai=AMfl-YTZECh-Lv9P8YhJ4UcfAJnlUcE1QM5wJQnoyW9BYATY968FYvj2c538vX61o9kF8OySIzLkXPPztHltnFGCKTTXgNUQUXJcPJQ7Kdtz9KvimuOglunhqmjB1rYzRv_XkMw4VFfuOC3Y4zxQWIt8&sig=Cg0ArKJSzJGXfk735yiqEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 21 Aug 2023 01:57:08 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/ Frame 0066 23 KB
9 KB 251ms
249ms Script
text/javascript 64.233.170.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f132.1e100.net

Software

cafe /

Resource Hash

821da8af52f9abd6ed4c5148caee6e2cf2188c9ca01a0008a5a1ce789ce7d99b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 10:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56338
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9092
x-xss-protection: 0
server: cafe
etag: 9312205082594545078
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Sep 2023 10:18:14 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame 0066 3 KB
1 KB 364ms
363ms Script
text/javascript 64.233.170.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 23:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10482
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Sep 2023 23:02:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0066 180 KB
56 KB 1818ms
1817ms Script
text/javascript 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

sffe /

Resource Hash

78ae55fc0ceb8ac07f56b87f7886371e91a57dafb6ee5154f317b7bb11da12a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57620
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1692185840427238"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 21 Aug 2023 01:57:09 GMT

GET
H2 200 5295709221109236883
tpc.googlesyndication.com/simgad/ Frame 0066 60 KB
61 KB 1153ms
246ms Image
image/png 64.233.170.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5295709221109236883

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f132.1e100.net

Software

sffe /

Resource Hash

83b4150f43fc1362f85f40b1053a6b77ba9029d44cb696e227834fd8eafe7811

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 04:33:12 GMT
x-content-type-options: nosniff
age: 77037
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61940
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 12:56:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 19 Aug 2024 04:33:12 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame D170 0
0 399ms
399ms Fetch
image/gif 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsty73tIynSZEdPwa0mEsi96F-ZLnDrc6wk3kDqQZXXq0nsbeRgEoKyfz2kmQxpVjIeA0DzHgajgtqXQanoFKLSML2Bt8ezaY-8wHAKCRhxBwHKKxFTbZqqrwr1riwF9nFPTmvRbZTqbdFFc-Z7nCKKqS6EHI7YSK3TK8e_gHY1pfljrTaG9SwQkfRExMcGD_3KNtNyogJA1MDM8BY38wuVGap3L4ImfJWz-BjzI_EpbdQyBXd0KxE60-6fiJDpkjvcjy8GQA2MOJV0rw3HlZSTak97bTwoZZvjEN_Eb89jv5_LkOdMn8eq49Pn3u3oDPZKPz8s-sGEcamM&sai=AMfl-YROOQHGiN9v3jxthZDU-NXGM5cGLggdqTa4PNPC18o69v4QVDOeRI4_ns_yCum_XGMRhXXFsP0NpD7767P5K9P-LHMHQBHRmH_TtPClL70BsiIV0hsAOKv7lmfzH7EcibEIhzreVuEbDA0YlYw&sig=Cg0ArKJSzCuZ14Ty_jldEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 21 Aug 2023 01:57:08 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/ Frame D170 23 KB
9 KB 369ms
368ms Script
text/javascript 64.233.170.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f132.1e100.net

Software

cafe /

Resource Hash

821da8af52f9abd6ed4c5148caee6e2cf2188c9ca01a0008a5a1ce789ce7d99b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 10:18:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56338
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9092
x-xss-protection: 0
server: cafe
etag: 9312205082594545078
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Sep 2023 10:18:14 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame D170 3 KB
1 KB 366ms
366ms Script
text/javascript 64.233.170.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 23:02:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10482
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Sep 2023 23:02:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D170 180 KB
56 KB 1714ms
1713ms Script
text/javascript 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

sffe /

Resource Hash

78ae55fc0ceb8ac07f56b87f7886371e91a57dafb6ee5154f317b7bb11da12a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57620
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1692185840427238"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 21 Aug 2023 01:57:09 GMT

GET
H2 200 13913172449719718510
tpc.googlesyndication.com/simgad/ Frame D170 85 KB
85 KB 1345ms
439ms Image
image/png 64.233.170.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13913172449719718510

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f132.1e100.net

Software

sffe /

Resource Hash

eff30ddcd65ef8e1034b94d93fd1179456a3286e0d142304718ca7c77ec09a22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 17:14:05 GMT
x-content-type-options: nosniff
age: 31384
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86733
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 12:33:47 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 19 Aug 2024 17:14:05 GMT

GET
DATA 200
OK truncated
/ Frame 0066 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56d2813e3f6701f83da3ce4b2f4e14490ebc0bbf32594ef3fc899948bcd1a08f

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D170 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 463a50c874622632e7ee1e142eef03d3e7b4c54743e1f68a786fb4e7198766bb

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile&rid=esp&cc=1

85 B
202 B

352ms
352ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile&rid=esp&cc=1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 46a19e6afa7173785c4f660b8c399fad401c7a19bf6da5a7b734819668d3bc1c

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:09 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-HvL9hBy3nctpKVf2J3egbHypkQA"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Mon, 21 Aug 2023 01:57:08 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://www.mediafire.com
location: /esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
326 B 1562ms
456ms XHR
text/plain 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.mediafire.com
date: Mon, 21 Aug 2023 01:57:08 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
517 B 251ms
251ms Image
image/gif 64.233.170.113
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=3.9738058971417516

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f113.1e100.net

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-KoN9eeDWa6nhr2plcOJy_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:12 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-KoN9eeDWa6nhr2plcOJy_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
254 B 279ms
279ms Image
image/gif 64.233.170.113
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=8.60779472387341

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f113.1e100.net

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-RhM5Lj8HGwTuBjleaRUoqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:12 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-RhM5Lj8HGwTuBjleaRUoqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame AD42 15 KB
6 KB 1254ms
447ms Document
text/html 104.65.228.208
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.65.228.208 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-65-228-208.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=92372
content-encoding: gzip
content-length: 5606
content-type: text/html
date: Mon, 21 Aug 2023 01:57:10 GMT
expires: Tue, 22 Aug 2023 03:36:42 GMT
last-modified: Tue, 11 Jul 2023 09:39:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 8BEE 484 B
734 B 792ms
251ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: a78ab9f980b3f928148e24c6954db9a3421cc4e51d31d085d161376ae7fad63b

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 308
content-type: text/html
date: Mon, 21 Aug 2023 01:57:10 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame BCFA 0
0 1590ms
297ms Fetch
image/gif 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvi306jr4vvmFnInymbS0CJdIRZyTN96p2mtsSzQuQmPcJ6wETWqtb4yjAKNdcRiJEHKtEW6y_RNizGYSgb1-PvRjIV9NGpufFA6lZJa60xutvEc1BosK7o_vjDFPT8OqfP6z8HaJ38qzk_u1VZQ_XuxjnZcVDO8dLDlIKZRUOupLqvE6EJdWu4AdwYQvShMzQkRwZWJfCj71_OS3B_yJHNAG6GtYEgC-f96rKnPVadc_-xn-wJVzW0x-Hw_wY2f-c1NdHxX6L0idoeEavCIblzyiBHm8XQatXgAmcTY5wsUCxO4IYpflpU2TnDCXok1lK2s-Jc7SSVeDpDjg&sai=AMfl-YTRfKPfqFZSVbg6Bd9TPc2466mSI2rcfjzx69CZBunqWrJvt94f93tAaMNXkk-DEDhSQSiwS0_lnr4daHh03UP1NBC3rcqdsq6_3SKw0zg&sig=Cg0ArKJSzBrhAyL2JyT-EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 21 Aug 2023 01:57:11 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame D170 0
0 1518ms
302ms Fetch
image/gif 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssDaOFrsYTBw0OIpro2mip7C8mu9LzPqDe4DPKVeyMUtOQMsEUJdwx7ml_n2MbbJuYqqUhMSGskZFwHesUpKvm7mOA9AGW-mSN0cklR6pjnJA5236iBPfVQIxNqJliQ_zYEl_Eq4IDnbgUyAFcastUTylqkHNgPJiugGAuxc1Xqlu3BKtSq7UFomUvMKMvkC4c43XoGCAzwrADvvEJn7s_ztwuygNJRjSjZAHypJ17zb4U0MpVExb7XRzAlDVcKuqNHDtFsDZauXS_QKgxUTG_HiP_Ewy9A_kvlCocTIMFN3spYlFStWYfW1bIrnr709uPknaWzoEoBSHDm7A&sai=AMfl-YQnLKaOGHgWlEekq1MQ2IpAquuoRufienc46Sjgmn0Ilet01cJjTp_YxxK0ML9R9HMubzNQZdwVBV7czN3b26lsUIgHIiXop1_sEaA4qTxAv0XqKJhKtDegCrDMe1wlhqOQIRUr1Bg0U6CbW9M&sig=Cg0ArKJSzHnGaOmFWZF9EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 21 Aug 2023 01:57:11 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0066 0
0 1444ms
301ms Fetch
image/gif 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssIyip3oQ9mNuVrbntlSriDl8laXms90RURmZIPAXYMqAhGEkshGF6fZNjTSBH12MIIGv1U97OedcV0kSAAFiHGUjVP8VyQ7bJtzHFI5AmOA4asJ7jklFiQe1WK12j2q5StwBDXrveYopd-3KKSgqccfqCOSOT2x5bOH2994NOW-NOgEqvKLLnjySBDnnVYtNm6ChfAc20BIZMvYbkZptrzIliFjJGiHODXMb0GT3KmaFWl9fdNtYJ2Rj1i_ITwKIr_zydSUXd2TLun1rWPVQ9wReTPgsyeaX96F_1oyXebG7tZLXSMUwoMAX6XV45uUyj0MzBOIGFLSTi2QA&sai=AMfl-YS-sEvAf3U3RNV1ySIznSGKQJTrCEaQXDNjequxZD5HcY7sZaB2uAM--YprIIg7NHcQWhajkxwHAuhz2gKRfMI69MxtELItQdVAMLwRzAJ3D8H0F90YGqlDU4RhTNYiXzHyZR4gPGm4E55nfGIu&sig=Cg0ArKJSzJhOG9pXhAEYEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 21 Aug 2023 01:57:11 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6496 0
0 1409ms
298ms Fetch
image/gif 74.125.200.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstvTBmE13jnK7hFS8ZdmoZI19y7Gg2YEVDt7fVNb4xNaD4nBEHkpzY_VSuE8sxuhnhkSy0hz3i9AQiiyc46n6hrSCagDTPpbznC97RNlfp7ZRBNooUDvExFFVsEEUJ6lS5rEP4pOYTg6rrNCosJdggAUJVf-WV39sgtWp2raMzkwkYjjhkaqJH3OZHPnQAAGazrWIV8HjcMVMaXo0o5pp-vjiBbBh_S4iYY9DhPNDSWPBnzwKDN7SkijgDZe6V6KSJfx9RZFVOAUo3iVofNgGYKq5NK-LiFP5oC9GRBoT4wBqf83q21rYXkGNZ06MkOnmnn14dsP6o7DkgDog&sai=AMfl-YRCf2Ivh8nZFtBjjUZXW1X3qbQlR_zVHaBBjaY90oiX3X9YwjhGZPfXXkQuxz328DQnd-cbIfSQqP9uVhdLa9pRuU4-_4a0KgR0HvpXyqPdvl2az5MBE-rd0_NT0QsCqNldC8Ee4GpS9cPe9lU&sig=Cg0ArKJSzM8y_C9ux6D9EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sa-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 21 Aug 2023 01:57:11 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 0C65 15 KB
6 KB 1523ms
458ms Document
text/html 182.161.73.136
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=&us_privacy=1---

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.136 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

a6a542faa22889d6a38c8d2afc411f3779236afc8733c87d9e82428ecfb0928f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 21 Aug 2023 01:57:10 GMT
server: Kestrel
server-processing-duration-in-ticks: 273583
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 8BEE
Redirect Chain

https://match.adsrvr.org/track/cmf/openx?oxid=56ceff43-683a-7def-df38-a03d2b0155eb&gdpr=0
https://match.adsrvr.org/track/cmb/openx?oxid=56ceff43-683a-7def-df38-a03d2b0155eb&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072971&val=97294dbb-a30f-4557-9d93-d937a29f019e&ttd_puid=56ceff43-683a-7def-df38-a03d2b0155eb&gdpr=0&gdpr_consent=

43 B
323 B

251ms
247ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072971&val=97294dbb-a30f-4557-9d93-d937a29f019e&ttd_puid=56ceff43-683a-7def-df38-a03d2b0155eb&gdpr=0&gdpr_consent=
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:11 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:11 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072971&val=97294dbb-a30f-4557-9d93-d937a29f019e&ttd_puid=56ceff43-683a-7def-df38-a03d2b0155eb&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 335

GET
H2

200

sd
jp-u.openx.net/w/1.0/ Frame 8BEE
Redirect Chain

https://tg.socdm.com/rtb/sync_before?proto=openx
https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZOLEd8Co8YAAAGwz8BcAAAAA

43 B
106 B

266ms
255ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZOLEd8Co8YAAAGwz8BcAAAAA
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:11 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

X-SO-Cluster-ID: 0
Date: Mon, 21 Aug 2023 01:57:11 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/rtb\/sync_before?proto=openx","cluster_id":0,"gdpr":false,"ipv4":"220.253.106.46","key":"ZOLEd8Co8YAAAGwz8BcAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"m-ad99"}
X-SO-Key: ZOLEd8Co8YAAAGwz8BcAAAAA
Server: nginx
X-SO-Upstream-ID: m-ad99
P3P: CP="See also http://www.scaleout.jp/privacy/"
Location: https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZOLEd8Co8YAAAGwz8BcAAAAA
Cache-Control: private
X-SO-HostName: m-ad99.dc4p.scaleout.jp
Connection: keep-alive
X-SO-Ads-Time: 2
Content-Length: 0
X-SO-LB-Hostname: m-tgng28.dc4p.scaleout.jp
X-SO-IP: 220.253.106.46

GET
H3

200

sd
jp-u.openx.net/w/1.0/ Frame 8BEE
Redirect Chain

https://cr-p3.ladsp.com/cookiesender/3
https://cr-p3.ladsp.com/cookiesender/3?cr=true
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AZVHpdApLSwyks8AD7P3qrEdlc8AAAGKFc96ng

43 B
61 B

248ms
247ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AZVHpdApLSwyks8AD7P3qrEdlc8AAAGKFc96ng
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:13 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:13 GMT
via: 1.1 cda01a7bccd00dc65f8776e119b7ba4e.cloudfront.net (CloudFront)
server: Logicad
x-amz-cf-pop: MAN50-C3
x-cache: Miss from cloudfront
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
location: https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AZVHpdApLSwyks8AD7P3qrEdlc8AAAGKFc96ng
cache-control: no-cache
content-length: 0
x-amz-cf-id: ECo-ckEOIAtqSxMLEH3uJBXz_1riyiietvj4GcWZwiCgXWoVVZPKSA==
expires: -1

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 8BEE 170 B
409 B 1182ms
368ms Image
image/png 74.125.130.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=N2FhMTJjODktYTE0ZC0yMzRiLWNhZDgtZmE4NGUxZTM5Yjhi

Requested by

Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.130.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sb-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:11 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 8BEE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEElFuxDctqX5GAH7QOqAV0o&google_cver=1

43 B
106 B

265ms
264ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEElFuxDctqX5GAH7QOqAV0o&google_cver=1
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:11 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:11 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEElFuxDctqX5GAH7QOqAV0o&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame AD42 2 KB
3 KB 1204ms
435ms Script
text/html 67.199.150.81
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=45097295&p=158936&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.81 , Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: fbd1975faea67b7c0671c257dab8194f3a8046e6fe66039d29f4e0788c3cb84b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Mon, 21 Aug 2023 01:57:11 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BCFA 42 B
108 B 1271ms
288ms Fetch
image/gif 142.250.4.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssh2_2jpWTakTV10oz3TcmGWs-2b4dLNQveUegL5hmdFqw4pGNF-nz49Lvw5CJJllkCZWD1MK18tHoJkY1VTC2XnSulujiE60PmQ7spmSy_sVDOuK0L&sig=Cg0ArKJSzAI1aWke4-bJEAE&id=lidar2&mcvt=1000&p=1095,430,1185,1158&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230816&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=215913335&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1692583028029&rpt=1863&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f155.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D170 42 B
404 B 1192ms
284ms Fetch
image/gif 142.250.4.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvNh4LLAQEJFcfoe-3LZ3jBNM94B7f4OMS0rcEhBpOb2Jbty3dz86i1eT-V65LanDbnE9HsUsGlHMmJrxSmQaFAyDI_aEk0hkTwndZz4-1XA-1XDVEM&sig=Cg0ArKJSzLdH7RMqVdO1EAE&id=lidar2&mcvt=1000&p=120,320,370,620&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230816&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=3841872593&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1692583028126&rpt=1845&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f155.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0066 42 B
108 B 1122ms
289ms Fetch
image/gif 142.250.4.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuilXbDb33qJGX_bqT362_2wTkJzUYs8-oRlRFr8K58erm83oxONCVFo5750LH8LrHJDgtfXrt8O1k31OXGafKYBK0QKcJkAXfx76koOERFTeDHKb51&sig=Cg0ArKJSzOXab2KYxyB0EAE&id=lidar2&mcvt=1000&p=420,320,670,620&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230816&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=1870779098&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1692583028110&rpt=1935&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f155.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6496 42 B
108 B 1086ms
285ms Fetch
image/gif 142.250.4.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuGv1mWf4UqpDR1wf9Zx7T8s8yB-U9z8KG4a23yCM9EaODaSMHn_4VAvq1tqkopZ1QPp4ZQZ_WvtkVzMAuR2JabVviAwS3Rhx_0zK_su1O0uqFCa2iD&sig=Cg0ArKJSzMoxpsZD0X4sEAE&id=lidar2&mcvt=1000&p=10,552,100,1280&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230816&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=630197753&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1692583028049&rpt=2027&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f155.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 1DC6
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=Tqi09xuo5v1V_uKhTqT88h6l5vFVrbShSKtYTNNR

42 B
418 B

390ms
390ms

Document
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=Tqi09xuo5v1V_uKhTqT88h6l5vFVrbShSKtYTNNR
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 21 Aug 2023 01:57:13 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
date: Mon, 21 Aug 2023 01:57:12 GMT
expires: Fri, 04 Aug 1978 12:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=Tqi09xuo5v1V_uKhTqT88h6l5vFVrbShSKtYTNNR
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
strict-transport-security: max-age=86400

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 7348
Redirect Chain

https://cm.ambientdsp.com/cm/send?vc=pmj
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=119y4hb62y6n

1 B
379 B

361ms
361ms

Document
text/html

67.199.150.86
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=119y4hb62y6n
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.86 , Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Mon, 21 Aug 2023 01:57:13 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-encoding: utf-8
cache-control: no-store
content-length: 0
date: Mon, 21 Aug 2023 01:57:12 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=119y4hb62y6n
lws: 127.0.0.1
strict-transport-security: max-age=31536000; includeSubDomains
time-ms: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 88EB
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5546508652416821950&gdpr=0&gdpr_consent=

42 B
218 B

389ms
388ms

Document
image/gif

67.199.150.86
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5546508652416821950&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.86 , Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 21 Aug 2023 01:57:13 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
access-control-allow-origin: *
an-x-request-uuid: 0bb62a20-186a-4aca-b977-1327eace0cac
cache-control: no-store, no-cache, private
content-length: 0
content-type: text/html; charset=utf-8
date: Mon, 21 Aug 2023 01:57:13 GMT
expires: Sat, 15 Nov 2008 16:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5546508652416821950&gdpr=0&gdpr_consent=
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
pragma: no-cache
server: nginx/1.21.3
x-proxy-origin: 220.253.106.46; 220.253.106.46; 602.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
x-xss-protection: 0

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame AD42
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=88lLF70sTbKu5nEo_lA5dA%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

15 KB
15 KB

287ms
286ms

Image
text/html

104.65.228.208
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Server: 104.65.228.208 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-65-228-208.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:11 GMT
content-encoding: gzip
last-modified: Tue, 11 Jul 2023 09:39:35 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=92371
accept-ranges: bytes
content-length: 5606
expires: Tue, 22 Aug 2023 03:36:42 GMT

Redirect headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:11 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

receive
pixel.tapad.com/idsync/ex/ Frame AD42
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=F3C94B17-BD2C-4DB2-AEE6-7128FE503974
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=F3C94B17-BD2C-4DB2-AEE6-7128FE503974
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=5d0e65d5-3413-483c-91f8-3bf125e8beb9%252C%252C&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=97294dbb-a30f-4557-9d93-d937a29f019e&ttd_puid=5d0e65d5-3413-483c-91f8-3bf125e8beb9%2C%2C

95 B
441 B

289ms
289ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=97294dbb-a30f-4557-9d93-d937a29f019e&ttd_puid=5d0e65d5-3413-483c-91f8-3bf125e8beb9%2C%2C

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:13 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:12 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=97294dbb-a30f-4557-9d93-d937a29f019e&ttd_puid=5d0e65d5-3413-483c-91f8-3bf125e8beb9%2C%2C
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 359

GET
H2

200

qmap
sync.crwdcntrl.net/ Frame AD42
Redirect Chain

https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent=
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent=&ct=y

49 B
543 B

538ms
538ms

Image
image/gif

54.255.205.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent=&ct=y
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Server: 54.255.205.37 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-255-205-37.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:13 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.42.0.99
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:12 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent=&ct=y
cache-control: no-cache
x-server: 10.42.0.99
content-length: 0
expires: 0

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame AD42
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&sInitiator=external&gdpr=0&gdpr_consent=

42 B
570 B

292ms
292ms

Image
image/gif

119.9.108.211
RACKSPACE-AP Rack...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: HTTP/1.1
Server: 119.9.108.211 , Hong Kong, ASN45187 (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong, HK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:56:41 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 42
routing-server-id: 1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:56:41 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: 1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame AD42
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RjNDOTRCMTctQkQyQy00REIyLUFFRTYtNzEyOEZFNTAzOTc0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
95 B

1173ms
418ms

Image
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 21 Aug 2023 01:57:12 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:11 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame AD42
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEHc86HBBUdz-nO2qivFxlYg&google_cver=1

42 B
496 B

1172ms
417ms

Image
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEHc86HBBUdz-nO2qivFxlYg&google_cver=1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 21 Aug 2023 01:48:01 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:11 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEHc86HBBUdz-nO2qivFxlYg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame AD42
Redirect Chain

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:943F61A413E54105BDD374585CB92B22

42 B
363 B

344ms
342ms

Image
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:943F61A413E54105BDD374585CB92B22
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 21 Aug 2023 01:57:12 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date: Mon, 21 Aug 2023 01:57:12 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:943F61A413E54105BDD374585CB92B22
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sun, 20 Aug 2023 01:57:12 GMT

GET
H2 200 F3C94B17-BD2C-4DB2-AEE6-7128FE503974
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame AD42 43 B
603 B 1616ms
371ms Image
image/gif 52.220.27.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/F3C94B17-BD2C-4DB2-AEE6-7128FE503974?gdpr=0&gdpr_consent=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.220.27.144 , Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-220-27-144.ap-southeast-1.compute.amazonaws.com

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:12 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame AD42
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=97294dbb-a30f-4557-9d93-d937a29f019e&gdpr=0&gdpr_consent=

42 B
299 B

1207ms
440ms

Image
image/gif

67.199.150.86
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=97294dbb-a30f-4557-9d93-d937a29f019e&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Server: 67.199.150.86 , Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 21 Aug 2023 01:57:13 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:12 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=97294dbb-a30f-4557-9d93-d937a29f019e&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 355

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame AD42
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=69e8dae0-17dc-4fb9-a34c-dd0871773387&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
https://x.bidswitch.net/sync?dsp_id=283&user_id=2949bfbe-ab2c-4d77-83d5-b8b5f977ee70&expires=1&user_group=2&ssp=pubmatic&bsw_param=69e8dae0-17dc-4fb9-a34c-dd0871773387&gdpr=0&gdpr_consent=&gdpr_pd=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=69e8dae0-17dc-4fb9-a34c-dd0871773387&gdpr=0&gdpr_consent=&gdpr_pd=

1 B
167 B

283ms
283ms

Image
text/html

67.199.150.86
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=69e8dae0-17dc-4fb9-a34c-dd0871773387&gdpr=0&gdpr_consent=&gdpr_pd=
Protocol: H2
Server: 67.199.150.86 , Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Mon, 21 Aug 2023 01:57:16 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=69e8dae0-17dc-4fb9-a34c-dd0871773387&gdpr=0&gdpr_consent=&gdpr_pd=
Date: Mon, 21 Aug 2023 01:57:16 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame AD42
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dXnl1E9E2uUn.J5BCMEIaxcfx3wogFY-~A&gdpr=0

0
128 B

277ms
272ms

Image
text/plain

207.65.33.76
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dXnl1E9E2uUn.J5BCMEIaxcfx3wogFY-~A&gdpr=0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Server: 207.65.33.76 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:15 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dXnl1E9E2uUn.J5BCMEIaxcfx3wogFY-~A&gdpr=0
date: Mon, 21 Aug 2023 01:57:14 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame 0C65 433 B
555 B 453ms
453ms Fetch
application/json 182.161.73.136
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=publishertagids&domain=mediafire.com&sn=ChromeSyncframe&so=0&topUrl=www.mediafire.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=&us_privacy=1---

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.136 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

c51fecf79be3a0b62474bd39943854fb10c2b0083a4491f88a5123d8d1b30bf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=&us_privacy=1---
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:11 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 3115144
expires: 0

POST
H2 204 AGSKWxWD2WIaMq0qPHXzcSFz06vmr8q2FP2lJKIYvRleT7ujL9tanluh6iiG20s4w9rX2qh5fCM4uRjdqObbCHNXYRkbOfiQtMbUVOX_EflYeOtRPtmk3jikaNMWe8KpdCXvIdCZijmgEA== Show response
fundingchoicesmessages.google.com/el/ 0
1 KB 1345ms
367ms XHR
text/html 64.233.170.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWD2WIaMq0qPHXzcSFz06vmr8q2FP2lJKIYvRleT7ujL9tanluh6iiG20s4w9rX2qh5fCM4uRjdqObbCHNXYRkbOfiQtMbUVOX_EflYeOtRPtmk3jikaNMWe8KpdCXvIdCZijmgEA==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f102.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-xOIEIDL_gdUlBfDiQxHH5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 21 Aug 2023 01:57:14 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-xOIEIDL_gdUlBfDiQxHH5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
54 B 244ms
243ms Ping
text/plain 142.251.12.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je38g0&_p=1390997149&cid=871168537.1692583024&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEI&sid=1692583025&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fkhdmflgb9ku5u6g%2FInstallation.rar%2Ffile&dt=Installation&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.12.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: se-in-f138.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame AD42 2 KB
2 KB 280ms
280ms Script
text/html 67.199.150.81
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=35960230&p=158936&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.81 , Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: cd41c7b28c43121513d6fbeb9ee363653c4785bc809f86a2703c43d237fe3bed

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Mon, 21 Aug 2023 01:57:13 GMT
content-length: 2018
content-type: text/html; charset=UTF-8

GET
H2 200 impop. Show response
fundingchoicesmessages.google.com/f/AGSKWxXZNXl29ULB_EfZl5y4KvDxOT_v0MijqOY5GXjeY9VbhY0leww_sT3PqlYORLLu8BiSbSxqofo1v1GWVyH92jXHN-Z7edv4Zk1IuFptVM2ObIOQ9Oey70w0kE4efVtzBIBAbldS7o2jALmVKDNzUB-epmA_y... 54 B
297 B 251ms
251ms Script
application/javascript 64.233.170.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXZNXl29ULB_EfZl5y4KvDxOT_v0MijqOY5GXjeY9VbhY0leww_sT3PqlYORLLu8BiSbSxqofo1v1GWVyH92jXHN-Z7edv4Zk1IuFptVM2ObIOQ9Oey70w0kE4efVtzBIBAbldS7o2jALmVKDNzUB-epmA_yDntzXQ7scjNRha8bBgnBKgMqi6vKIrM/_/doubleclicktag.-image-ad.&AdType=/siteadvert./impop.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.Nd7vmY3QD7E.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMz1uDDkPkIttQJcWgHtnSHJ0pCTYQ/m=ad_blocking_detection_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f113.1e100.net

Software

ESF /

Resource Hash

17bcef15306274946d1f80ac653c5f4735061d165ed4f8832123b76bf79dc4f1

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-fT42pzs7acOibyAusOJC4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:13 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-fT42pzs7acOibyAusOJC4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 show_companion_ad.js Show response
pagead2.googlesyndication.com/pagead/ 30 KB
11 KB 1537ms
247ms Script
text/javascript 142.250.4.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_companion_ad.js?fcd=true

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.Nd7vmY3QD7E.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMz1uDDkPkIttQJcWgHtnSHJ0pCTYQ/m=ad_blocking_detection_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f155.1e100.net

Software

cafe /

Resource Hash

94adb7d31d80d7ce71e3d37289859f8654941f841c9a49ec7efbbd1120f5a239

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:12:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2684
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11324
x-xss-protection: 0
server: cafe
etag: 17427297747669906104
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 21 Aug 2023 02:12:30 GMT

POST
H2 204 AGSKWxWD2WIaMq0qPHXzcSFz06vmr8q2FP2lJKIYvRleT7ujL9tanluh6iiG20s4w9rX2qh5fCM4uRjdqObbCHNXYRkbOfiQtMbUVOX_EflYeOtRPtmk3jikaNMWe8KpdCXvIdCZijmgEA== Show response
fundingchoicesmessages.google.com/el/ 0
200 B 752ms
375ms XHR
text/html 64.233.170.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWD2WIaMq0qPHXzcSFz06vmr8q2FP2lJKIYvRleT7ujL9tanluh6iiG20s4w9rX2qh5fCM4uRjdqObbCHNXYRkbOfiQtMbUVOX_EflYeOtRPtmk3jikaNMWe8KpdCXvIdCZijmgEA==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f102.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-TtKJYP0Qephem5wpzDAn2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 21 Aug 2023 01:57:14 GMT
content-security-policy: script-src 'report-sample' 'nonce-TtKJYP0Qephem5wpzDAn2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame AD42 0
260 B 1026ms
274ms Script
text/plain 207.65.33.76
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158936&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.76 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:14 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame ECE0
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent=

35 B
590 B

642ms
641ms

Document
image/gif

185.84.60.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.84.60.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
date: Mon, 21 Aug 2023 01:57:15 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
date: Mon, 21 Aug 2023 01:57:14 GMT
expires: -1
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent=
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 2F71
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

42 B
95 B

282ms
282ms

Document
image/gif

67.199.150.86
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.86 , Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 21 Aug 2023 01:57:15 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-cache
content-length: 0
cross-origin-resource-policy: cross-origin
date: Mon, 21 Aug 2023 01:57:14 GMT
expires: Mon, 21 Aug 2023 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 901232
strict-transport-security: max-age=31536000; preload;
x-errorlevel: 0

GET
H2

200

b9pj45k4 Show response
sync-tm.everesttech.net/ct/upi/pid/ Frame D69B
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_con...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_...

85 B
237 B

385ms
385ms

Document
image/png

151.101.2.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZOLEegAG6nx-qgBV
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: no-cache
content-length: 85
content-type: image/png
date: Mon, 21 Aug 2023 01:57:14 GMT
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
pragma: no-cache
server: Jetty(9.4.35.v20201120)
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-bne12521-BNE
x-timer: S1692583035.672571,VS0,VE232

Redirect headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: no-cache
content-length: 0
date: Mon, 21 Aug 2023 01:57:14 GMT
location: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZOLEegAG6nx-qgBV
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
pragma: no-cache
server: Jetty(9.4.35.v20201120)
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-bne12521-BNE
x-timer: S1692583034.285431,VS0,VE230

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 0EC5
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=qTzXWe3yWENUjjeFST42Mtz9ai4&gdpr=0&gdpr_consent=

42 B
300 B

283ms
282ms

Document
image/gif

67.199.150.86
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=qTzXWe3yWENUjjeFST42Mtz9ai4&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.86 , Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 21 Aug 2023 01:57:15 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 188
Content-Type: text/html; charset=utf-8
Date: Mon, 21 Aug 2023 01:57:15 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=qTzXWe3yWENUjjeFST42Mtz9ai4&gdpr=0&gdpr_consent=

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 12CB
Redirect Chain

https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1lx0366xxj98

42 B
310 B

272ms
271ms

Document
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1lx0366xxj98
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 20 Aug 2023 23:28:36 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-encoding: utf-8
cache-control: no-cache, no-store
content-length: 0
date: Mon, 21 Aug 2023 01:57:14 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1lx0366xxj98
lws: 125
strict-transport-security: max-age=31536000; includeSubDomains
time-ms: 0

GET
H2 200 cm Show response
ipac.ctnsnet.com/int/ Frame C4A3 43 B
369 B 815ms
281ms Document
image/gif 35.186.193.173
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.193.173 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 173.193.186.35.bc.googleusercontent.com
Software: Apache-Coyote/1.1 /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 43
content-type: image/gif
date: Mon, 21 Aug 2023 01:57:13 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="NOI DSP COR NID CUR OUR NOR"
pragma: no-cache
server: Apache-Coyote/1.1
via: 1.1 google

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 066B
Redirect Chain

https://ipac.ctnsnet.com/int/cm?exc=14&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA%3D%26piggybackCookie%3D%5Buser_id%5D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=a9b25e1e785141dbb5936f359784b115

42 B
383 B

296ms
295ms

Document
image/gif

67.199.150.86
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=a9b25e1e785141dbb5936f359784b115
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.199.150.86 , Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 21 Aug 2023 01:57:14 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html;charset=UTF-8
date: Mon, 21 Aug 2023 01:57:13 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=a9b25e1e785141dbb5936f359784b115
p3p: CP="NOI DSP COR NID CUR OUR NOR"
pragma: no-cache
server: Apache-Coyote/1.1
status: 302
via: 1.1 google
x-xss-protection: 1; mode=block

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 3840
Redirect Chain

https://t.adx.opera.com/pub/sync?pubid=pub8730968190912
https://image2.pubmatic.com/AdServer/Pug?piggybackCookie=OPU64b0451a16e44955b41f937774f57d0f&vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA%3D

42 B
95 B

270ms
269ms

Document
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?piggybackCookie=OPU64b0451a16e44955b41f937774f57d0f&vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA%3D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 21 Aug 2023 01:57:15 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
access-control-allow-methods: POST, GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 168
content-type: text/html; charset=utf-8
date: Mon, 21 Aug 2023 01:57:14 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?piggybackCookie=OPU64b0451a16e44955b41f937774f57d0f&vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA%3D
pragma: no-cache
server: Tengine

GET
H3

200

458249.gif
idsync.rlcdn.com/ Frame AD42
Redirect Chain

https://idsync.rlcdn.com/420486.gif?partner_uid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJEYzQzk0QjE3LUJEMkMtNERCMi1BRUU2LTcxMjhGRTUwMzk3NBAAGg0I-oiLpwYSBQjoBxAAQgBKAA
https://pippio.com/api/sync?pid=5324&it=1&iv=0450385ff78f62bb30b83ef67bc41bb037bce39ae1b36303b0d5e85b97ee0bf0791426b5417dce21&_=2
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlAwNDUwMzg1ZmY3OGY2MmJiMzBiODNlZjY3YmM0MWJiMDM3YmNlMzlhZTFiMzYzMDNiMGQ1ZTg1Yjk3ZWUwYmYwNzkxNDI2YjU...
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlAwNDUwMzg1ZmY3OGY2MmJiMzBiODNlZjY3YmM0MWJiMDM3YmNlMzlhZTFiMzYzMDNiMGQ1ZTg1Yjk3ZWUwYmYwNzkxNDI2YjU0MTdkY2UyMRAAGgwI-4iLpwYSBAgCEABCAEoA&goog...
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
https://idsync.rlcdn.com/458249.gif?partner_uid=06a36523-784b-4c13-a44b-a79eb80ab330

42 B
60 B

324ms
323ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/458249.gif?partner_uid=06a36523-784b-4c13-a44b-a79eb80ab330
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:17 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/458249.gif?partner_uid=06a36523-784b-4c13-a44b-a79eb80ab330
date: Mon, 21 Aug 2023 01:57:17 GMT
via: 1.1 google
x-samesite: secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111
content-type: text/html; charset=utf-8

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame AD42
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=1716600904244727762

42 B
242 B

283ms
283ms

Image
image/gif

67.199.150.86
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=1716600904244727762
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Server: 67.199.150.86 , Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 21 Aug 2023 01:57:15 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=1716600904244727762
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame AD42
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9137423419759069818&gdpr=0&gdpr_consent=&us_privacy=

1 B
255 B

284ms
282ms

Image
text/html

67.199.150.86
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9137423419759069818&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
Protocol: H2
Server: 67.199.150.86 , Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Mon, 21 Aug 2023 01:57:15 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9137423419759069818&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Mon, 21 Aug 2023 01:57:14 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame AD42
Redirect Chain

https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent=
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=5227bc93d1da1b12&is_secure=true&networkId=17100&version=1&nuid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAJng5dGeqUhgNp0RU4AAAAAAA&expiration=1692669436&nuid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&...

42 B
343 B

283ms
283ms

Image
image/gif

67.199.150.86
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAJng5dGeqUhgNp0RU4AAAAAAA&expiration=1692669436&nuid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&is_secure=true&gdpr_consent=&gdpr=0
Protocol: H2
Server: 67.199.150.86 , Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 21 Aug 2023 01:57:16 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:16 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAJng5dGeqUhgNp0RU4AAAAAAA&expiration=1692669436&nuid=F3C94B17-BD2C-4DB2-AEE6-7128FE503974&is_secure=true&gdpr_consent=&gdpr=0
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

POST
H2 204 AGSKWxWD2WIaMq0qPHXzcSFz06vmr8q2FP2lJKIYvRleT7ujL9tanluh6iiG20s4w9rX2qh5fCM4uRjdqObbCHNXYRkbOfiQtMbUVOX_EflYeOtRPtmk3jikaNMWe8KpdCXvIdCZijmgEA== Show response
fundingchoicesmessages.google.com/el/ 0
200 B 486ms
377ms XHR
text/html 64.233.170.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWD2WIaMq0qPHXzcSFz06vmr8q2FP2lJKIYvRleT7ujL9tanluh6iiG20s4w9rX2qh5fCM4uRjdqObbCHNXYRkbOfiQtMbUVOX_EflYeOtRPtmk3jikaNMWe8KpdCXvIdCZijmgEA==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f102.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-vdD4zju-fNQ5Ukzh9C3Fkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 21 Aug 2023 01:57:14 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-vdD4zju-fNQ5Ukzh9C3Fkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 235 B
614 B 1531ms
610ms XHR
application/json 18.142.35.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.142.35.211 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-142-35-211.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 29080e2a7d6d9f04ff79f4a30917ae09bea128f7a6db37b299705005e13c22c2

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 21 Aug 2023 01:57:15 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache
x-server: 10.42.27.187
access-control-allow-credentials: true
content-length: 235
expires: 0

POST
H2 204 AGSKWxWD2WIaMq0qPHXzcSFz06vmr8q2FP2lJKIYvRleT7ujL9tanluh6iiG20s4w9rX2qh5fCM4uRjdqObbCHNXYRkbOfiQtMbUVOX_EflYeOtRPtmk3jikaNMWe8KpdCXvIdCZijmgEA== Show response
fundingchoicesmessages.google.com/el/ 0
199 B 249ms
248ms XHR
text/html 64.233.170.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWD2WIaMq0qPHXzcSFz06vmr8q2FP2lJKIYvRleT7ujL9tanluh6iiG20s4w9rX2qh5fCM4uRjdqObbCHNXYRkbOfiQtMbUVOX_EflYeOtRPtmk3jikaNMWe8KpdCXvIdCZijmgEA==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f102.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0aWXm0a6d4jAWsSeC84E8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 21 Aug 2023 01:57:15 GMT
content-security-policy: script-src 'report-sample' 'nonce-0aWXm0a6d4jAWsSeC84E8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 AGSKWxWD2WIaMq0qPHXzcSFz06vmr8q2FP2lJKIYvRleT7ujL9tanluh6iiG20s4w9rX2qh5fCM4uRjdqObbCHNXYRkbOfiQtMbUVOX_EflYeOtRPtmk3jikaNMWe8KpdCXvIdCZijmgEA== Show response
fundingchoicesmessages.google.com/el/ 0
198 B 255ms
254ms XHR
text/html 64.233.170.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWD2WIaMq0qPHXzcSFz06vmr8q2FP2lJKIYvRleT7ujL9tanluh6iiG20s4w9rX2qh5fCM4uRjdqObbCHNXYRkbOfiQtMbUVOX_EflYeOtRPtmk3jikaNMWe8KpdCXvIdCZijmgEA==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f102.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vO7goe1_AheMAp54SehcnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 21 Aug 2023 01:57:15 GMT
content-security-policy: script-src 'report-sample' 'nonce-vO7goe1_AheMAp54SehcnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxV96pCKo_0mgiBnzQHmpxbb-P5RMnxzWJFRyZUVTltsC23nfFjD_b701Vg0OexxQLfa42-q2275JfeWdshO5IxL9lUwTaX1Qbz_X9a1nyQu8k43DtJ9JrTXRv9LfJ7oloSX1FG97A== Show response
fundingchoicesmessages.google.com/f/ 4 KB
2 KB 264ms
263ms Script
application/javascript 64.233.170.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxV96pCKo_0mgiBnzQHmpxbb-P5RMnxzWJFRyZUVTltsC23nfFjD_b701Vg0OexxQLfa42-q2275JfeWdshO5IxL9lUwTaX1Qbz_X9a1nyQu8k43DtJ9JrTXRv9LfJ7oloSX1FG97A==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjkyNTgzMDM0LDk2NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9raGRtZmxnYjlrdTV1NmcvSW5zdGFsbGF0aW9uLnJhci9maWxlIixudWxsLFtbOCwiTmQ3dm1ZM1FEN0UiXSxbOSwiZW4tR0IiXSxbMTksIjIiXV1d

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f113.1e100.net

Software

ESF /

Resource Hash

36bacfe94386dae63065040e86fe83a024b3a633f72cf53a1894a47faa3b03db

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-99bwVDjwLwLu0ngF05JW7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:15 GMT
content-security-policy: script-src 'report-sample' 'nonce-99bwVDjwLwLu0ngF05JW7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxWmUVLs2cabMu5GWkR8XOaLTFJyprtvYyZ-m_H6Az-AOTGrxkDZfS_1pk1E8PcYht-zQgHxx6-qbNSN0JvpzSW6alWNA8sUALbzBz2xgB1kLJ9y33z2DJcyY2USk1sWCdoPZIz1eg== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 378ms
377ms Script
application/javascript 64.233.170.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWmUVLs2cabMu5GWkR8XOaLTFJyprtvYyZ-m_H6Az-AOTGrxkDZfS_1pk1E8PcYht-zQgHxx6-qbNSN0JvpzSW6alWNA8sUALbzBz2xgB1kLJ9y33z2DJcyY2USk1sWCdoPZIz1eg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjkyNTgzMDM1LDQ4NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxMF0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9raGRtZmxnYjlrdTV1NmcvSW5zdGFsbGF0aW9uLnJhci9maWxlIixudWxsLFtbOCwiTmQ3dm1ZM1FEN0UiXSxbOSwiZW4tR0IiXSxbMTksIjIiXV1d

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f113.1e100.net

Software

ESF /

Resource Hash

82a607cb2a6b45a892439f07d331f62d3cce32b217a7d11869fb597de74526e9

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-7tx8G0Gtxzvcp8ID1f9faQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:15 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-7tx8G0Gtxzvcp8ID1f9faQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame AD42 0
48 B 274ms
272ms Script
text/plain 207.65.33.76
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158936&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.76 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:14 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 AGSKWxVFOCZgx5zqcOTEdB9H9lUb9gh5Av5HPWA60WH5FmnVsxrK86NYdk4FFodUs_uLvdRK4A93Vd_l4Bl-mQe0XZZqXnMV6PTJIxlEdKMYIO2tEH7lrufSLZIGB9g2-aOBO8GkD9UtOw== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 396ms
395ms Script
application/javascript 64.233.170.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVFOCZgx5zqcOTEdB9H9lUb9gh5Av5HPWA60WH5FmnVsxrK86NYdk4FFodUs_uLvdRK4A93Vd_l4Bl-mQe0XZZqXnMV6PTJIxlEdKMYIO2tEH7lrufSLZIGB9g2-aOBO8GkD9UtOw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjkyNTgzMDM1LDg3MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxMCw5XSxudWxsLDIsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2toZG1mbGdiOWt1NXU2Zy9JbnN0YWxsYXRpb24ucmFyL2ZpbGUiLG51bGwsW1s4LCJOZDd2bVkzUUQ3RSJdLFs5LCJlbi1HQiJdLFsxOSwiMiJdXV0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f113.1e100.net

Software

ESF /

Resource Hash

908ca103c389b3b3e0aec9f81afaad9fdfa6893089072d9544e8231992d496e8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-mQMN-iFf7JWdOnFxqGeDZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:16 GMT
content-security-policy: script-src 'report-sample' 'nonce-mQMN-iFf7JWdOnFxqGeDZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 AGSKWxUZY89NBQoTarT1aFRlBnnw-dWNpUu-Sl1bMFPoytQHkwcQjZ8B47YqGmAvzXD2veWTWdkok1pscHvvbfWVCI_OWccnZ5hzgjXf91nJN2VskkoBC0tgf8kAL7xxJ0XArzAf7X437A== Show response
fundingchoicesmessages.google.com/el/ 0
200 B 248ms
248ms XHR
text/html 64.233.170.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUZY89NBQoTarT1aFRlBnnw-dWNpUu-Sl1bMFPoytQHkwcQjZ8B47YqGmAvzXD2veWTWdkok1pscHvvbfWVCI_OWccnZ5hzgjXf91nJN2VskkoBC0tgf8kAL7xxJ0XArzAf7X437A==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f102.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qTObZu7CEMw6flPiF1LoOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 21 Aug 2023 01:57:16 GMT
content-security-policy: script-src 'report-sample' 'nonce-qTObZu7CEMw6flPiF1LoOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
12 KB 247ms
246ms XHR
application/json 142.250.4.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202308150101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f155.1e100.net

Software

cafe /

Resource Hash

5aee1d976fa6b61dc133d6b5251818cf0b31bfffbe1a3f345e4d720cbe944e9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11750
x-xss-protection: 0

POST
H2 204 rum Show response
www.mediafire.com/cdn-cgi/ 0
183 B 251ms
251ms XHR
text/plain 104.16.53.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.16.53.48 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
content-type: application/json

Response headers

date: Mon, 21 Aug 2023 01:57:16 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.mediafire.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 7f9f43a939eda96d-SYD

POST
H2 200 log Show response
translate.googleapis.com/element/ 131 B
252 B 294ms
293ms XHR
text/plain 172.217.194.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_GB.BoOQIX0qKek.O/d=1/rs=AN8SPfrk3DX37zyp-jNUyQksz0ImCM-ArQ/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f95.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Content-Encoding: gzip
Referer: https://www.mediafire.com/
X-Goog-AuthUser: 0
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: application/binary

Response headers

date: Mon, 21 Aug 2023 01:57:18 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 200 log
translate.googleapis.com/element/ Frame 0
0 1685ms
408ms Preflight
text/plain 172.217.194.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f95.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-encoding,content-type,x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://www.mediafire.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,content-encoding,content-type,x-goog-authuser,origin
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Mon, 21 Aug 2023 01:57:17 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 261ms
261ms Script
text/javascript 64.233.170.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f132.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 21 Aug 2023 01:57:16 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9EDD 13 KB
5 KB 355ms
351ms Document
text/html 64.233.170.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f132.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
age: 97071
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 19 Aug 2023 22:59:26 GMT
expires: Sun, 18 Aug 2024 22:59:26 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 30D5 829 B
991 B 248ms
247ms Document
text/html 142.251.12.105
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.105 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f105.1e100.net

Software

GSE /

Resource Hash

03009b6a50978c4904eed1e9488f9f3951cdf98a904cfc9afa0966eeae5e740a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5bXo0r3pjhrnbTjULioUag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 535
content-security-policy: script-src 'report-sample' 'nonce-5bXo0r3pjhrnbTjULioUag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 21 Aug 2023 01:57:16 GMT
expires: Mon, 21 Aug 2023 01:57:16 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 30D5 0
0 285ms
285ms Image
text/html 142.250.4.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202308150101&jk=4461048987202706&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.4.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sm-in-f155.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H2 200 aZrQl3reHFLrXxIU5jTX67bfpJTGr0dfi-1qyyEVSZQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 9EDD 37 KB
15 KB 258ms
258ms Script
text/javascript 142.250.4.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/aZrQl3reHFLrXxIU5jTX67bfpJTGr0dfi-1qyyEVSZQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f155.1e100.net

Software

sffe /

Resource Hash

699ad0977ade1c52eb5f1214e634d7ebb6dfa494c6af475f8bed6acb21154994

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 03:32:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 253501
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14741
x-xss-protection: 0
last-modified: Mon, 14 Aug 2023 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 17 Aug 2024 03:32:16 GMT

GET
H2 204 generate_204
tpc.googlesyndication.com/ Frame 9EDD 0
40 B 243ms
242ms Image
text/plain 64.233.170.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?E09y1Q
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 64.233.170.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sg-in-f132.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Mon, 21 Aug 2023 01:57:17 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 297ms
297ms Image
text/html 142.250.4.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202308150101&jk=4461048987202706&bg=!GRqlGk7NAAZGPLJIZjw7ADkAdvg8Wo7XlBlBUh7H2MzGNF2T-_HpabLiD_MzQCgtJkTAC0ZZH20S1lZC7JiuOjCQvQD8GX07YA0CAAAAdlIAAAAOaAEHCgADEHuvmQLLP3qDV5as_ZFMEPA_xtnLcqQh_dewqY1d8dkHGqdj0ZST0JNhQp8oRlGdvLyVPu6XNpHT0nu-NTrJkL1s_5pUXlYpzdD6QKMBpZMkBqz1HhwGf72AmTFSx66BaqGHboXG6EeWeTWvkyf4OuKPrSJSQuTJR9zuggueVQBhZxZtGQeGHTg4x48p1q3S2Dwvj7Pel2zsD0I6SPHwnfW5vuDPFiwjcFoAuzNw0YpzVJZUj2M65dOFb1dXrXRFe7vOIt_GaIXjUneNPL5k8KvX8nCbLw6fobE4py8Lodxj918tOiXBDazDYi5NUXF6-bI3mL2-kOAkIXrgNhRjgmsYoK1xUAQmSETNfFCg-DLPwbN0vAY55MeDrzLte7yJge0Cigrvv6_Sn6jUZ5iAuhps6GpRZgCC3oXfL9aj7zbI5ULcpdt5seqD1XX1Et4Giu1ZHtJo-iW7-JrLVkJt5ao7aa6AVx3Bi1zw1UX3y-duj4nzroKUum2iNXcRlGfM2LJJ-tvfdATVaMA88Otu_nrPloh7wtlCtywyTdd61b0lInT7b3UUqHZ8Rw5FusqBWmWSEzcZocS9QOWltmVvPUNcFxqfXjLHHlRHwiYmgtKrbOydw-jGcKf2woDQ9bXmAJ14GLgo_wZnzLuksF9T2j3yWvJF1385fuPLFfqbHYnDFGo2KybA-0iDYaVI8f7950zaXa39Dbf1RqziWhiVeZyF5rEYyAlRKw3NCvb9eIbTLS_jCYtNR1LcWDpN9y2fUsMBDX86zrQ4EdBALlt1cj70fkZLOcGt-h23NIRF_G1l0g0qtsGCTBa2vtsnJZP2BKP8Kvou96lnRO7Zf6Q76Js5H0GkWNImx4nSSVrzhs2Rb6k5LN741XqIztkGUzOZ_8Sp5ELYfy31UCHo4fAN4XHAgN0EMm4fRcavf7uyZI6AACEcNnyWFQxkTK6E0h-B7w
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.4.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sm-in-f155.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hbopenbid.pubmatic.com
URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client

Domain: prebid.media.net
URL: https://prebid.media.net/rtb/prebid?cid=8CUO2689O

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

Verdicts & Comments Add Verdict or Comment

346 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

125 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar	1969-12-31 23:59:59	Name: g36FastPopSessionRequestNumber Value: 1
cutt.ly/	1969-12-31 23:59:59	Name: PHPSESSID Value: m8b3evgve1qhjm9jqeqs4a0iba
.mediafire.com/	1970-01-20 23:45:43	Name: ukey Value: 0gzsj7ubjgglymsmjihz6e3ojwbg70nw
.mediafire.com/	1970-01-20 14:14:02	Name: khai Value: 1
.mediafire.com/	1970-01-20 14:09:44	Name: ad_count Value: 1
.mediafire.com/	1970-01-20 14:52:55	Name: conv_tracking_data-2 Value: %7B%22mf_source%22%3A%22regular_download-51%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FChrome%22%2C%22mf_campaign%22%3A%22khdmflgb9ku5u6g%22%2C%22mf_term%22%3A%22aea6e993c5b58f77cc1e1d5b85388b6e%22%7D
.mediafire.com/	1970-01-20 14:09:44	Name: __cf_bm Value: PH03HLMsJq9KouYetg2jiXck1qFftsPxvQS0TOSaUNE-1692583019-0-AULPGRPcWrBjRTjbHODH8oXQY+hEpA8kJacd5v1ajDimqotHsjUyIGufKno9vVjzoR0MJ9RATzrryHckJ+7zo40=
.mediafire.com/	1970-01-20 14:09:44	Name: ezoadgid_484470 Value: -1
.mediafire.com/	1970-01-20 14:09:50	Name: ezoref_484470 Value:
.mediafire.com/	1970-01-20 22:55:19	Name: ezosuibasgeneris-1 Value: 93569ffd-ff6d-4a9a-5d59-5ea304f0c4fa
.mediafire.com/	1970-01-20 14:09:50	Name: ezoab_484470 Value: mod66
.mediafire.com/	1970-01-20 14:09:44	Name: ezovid_484470 Value: 631768614
.mediafire.com/	1970-01-20 14:09:44	Name: lp_484470 Value: https://www.mediafire.com/file/khdmflgb9ku5u6g/Installation.rar/file
.mediafire.com/	1970-01-20 14:12:35	Name: ezovuuidtime_484470 Value: 1692583023
.mediafire.com/	1970-01-20 14:09:44	Name: ezovuuid_484470 Value: cc517666-cff0-4fdd-65c6-bc09dcd87472
.mediafire.com/	1970-01-20 14:12:35	Name: active_template::484470 Value: orig_site.1692583023
.mediafire.com/	1970-01-20 14:09:44	Name: ezopvc_484470 Value: 1
.mediafire.com/	1970-01-20 14:11:09	Name: ezepvv Value: 0
www.mediafire.com/	1970-01-20 14:12:35	Name: ezstandaloneuser Value: false
.mediafire.com/	1970-01-20 22:55:19	Name: amp_28916b Value: OgPlnj2ylrRajZwvqtyr5z...1h8asukt3.1h8asukt4.0.1.1
.mediafire.com/	1970-01-20 22:55:19	Name: cf_clearance Value: pUc.ap0kmHNxt5PsEL6ufLlC9DGEEHpABRTHt1hi6rg-1692583023-0-1-46dea083.a56dd244.11dfff63-0.2.1692583023
.mediafire.com/	1970-01-20 14:11:09	Name: _gid Value: GA1.2.801097875.1692583024
.mediafire.com/	1970-01-20 14:09:43	Name: _gat_gtag_UA_829541_1 Value: 1
otnolatrnup.com/	1969-12-31 23:59:59	Name: IKSR Value: {}
otnolatrnup.com/	1969-12-31 23:59:59	Name: INF_DFL8 Value: false
otnolatrnup.com/	1970-01-20 23:45:43	Name: IUID Value: 9d1af844-e233-4eee-b164-ce9940afae41
otnolatrnup.com/	1969-12-31 23:59:59	Name: ISSH Value: 6D6B51
otnolatrnup.com/	1969-12-31 23:59:59	Name: VMI Value:
otnolatrnup.com/	1970-01-20 23:45:43	Name: CHN Value: #[]
otnolatrnup.com/	1970-01-20 23:45:43	Name: MSSH Value: #{}
otnolatrnup.com/	1970-01-20 23:45:43	Name: MSRH Value: #{}
otnolatrnup.com/	1970-01-20 23:45:43	Name: ILP Value: null
otnolatrnup.com/	1970-01-20 23:45:43	Name: ILPLU Value: #1/1/0001 12:00:00 AM
otnolatrnup.com/	1970-01-20 23:45:43	Name: ILEALC Value: #1/1/0001 12:00:00 AM
otnolatrnup.com/	1970-01-20 14:09:57	Name: ILMPF Value: #False
otnolatrnup.com/	1970-01-20 23:45:43	Name: IPMPLU Value: #
otnolatrnup.com/	1970-01-20 23:45:43	Name: IPMUID Value: #
otnolatrnup.com/	1970-01-20 23:45:43	Name: BSWUID Value: #
otnolatrnup.com/	1970-01-20 23:45:43	Name: IBL Value: #[]
otnolatrnup.com/	1970-01-20 23:45:43	Name: ISH Value: #{"101":[{"SId":"6D6B51","D":"23/8/20T18:57:4"}]}
otnolatrnup.com/	1970-01-20 23:45:43	Name: ISH_Q Value: #[101]
.mediafire.com/	1970-01-20 23:45:43	Name: _ga Value: GA1.1.871168537.1692583024
.mediafire.com/	1970-01-20 23:31:19	Name: __gads Value: ID=0b8740102dbc8cac:T=1692583027:RT=1692583027:S=ALNI_MZbDoodbsUtScwBDJmEZcF_tMdT1A
.mediafire.com/	1970-01-20 23:31:19	Name: __gpi Value: UID=00000c3020d3b702:T=1692583027:RT=1692583027:S=ALNI_MYo1DLv0f0rD0hyDBnW5pCxRtOHtw
.mediafire.com/	1970-01-20 23:45:43	Name: _ga_K68XP6D85D Value: GS1.1.1692583025.1.0.1692583028.57.0.0
.doubleclick.net/	1970-01-20 23:45:43	Name: IDE Value: AHWqTUmy7euDjHZTbwkASkKcjUOuYOT6AAxecqhFVCZdEVBwEJQ5HU2bF6P1qzSeRSI
.openx.net/	1970-01-20 22:55:19	Name: i Value: 8562c01a-c1bd-4218-85ee-68d54f266616\|1692583028
.openx.net/	1970-01-20 14:31:19	Name: pd Value: v2\|1692583030\|jElYiuvOhI
.adsrvr.org/	1970-01-20 22:56:45	Name: TDID Value: 97294dbb-a30f-4557-9d93-d937a29f019e
.openx.net/	1970-01-20 14:31:19	Name: univ_id Value: 537072971\|97294dbb-a30f-4557-9d93-d937a29f019e\|1692583031270830
.socdm.com/	1970-01-20 23:45:43	Name: SOSYNC Value: anNvbjp7Im9wZW54IjoxNjkyNTgzMDMxfQ
.pubmatic.com/	1970-01-20 22:55:19	Name: KADUSERCOOKIE Value: F3C94B17-BD2C-4DB2-AEE6-7128FE503974
.criteo.com/	1970-01-20 23:31:19	Name: uid Value: aa37025c-fe35-4f4e-b3a0-6640ebd1e1cd
.mediafire.com/	1970-01-20 23:31:19	Name: cto_bundle Value: WQgNy19YYnVsbkhkUkJ3R3kyenRjamg0N2pVV2FMdmc3eCUyQm1TNkJyQjBUQWpLWmkwQ3AzU0ExZGQlMkJGVjB1RzlXeSUyRjlNNEdiaTVEVkM1WHJod3dXbFlHZ2JidGc3YkxEVWpuT0QybTdkaEZLc0RwQWRMVHF4bnpJN2toa2JFRkpVeE1mYXZpYlhUbEFxalR1eFFnRkpSJTJGRyUyQkNBJTNEJTNE
.tapad.com/	1970-01-20 15:36:07	Name: TapAd_TS Value: 1692583032247
.tapad.com/	1970-01-20 15:36:07	Name: TapAd_DID Value: 5d0e65d5-3413-483c-91f8-3bf125e8beb9
.adnxs.com/	1970-01-20 16:19:19	Name: uuid2 Value: 5546508652416821950
.ladsp.com/	1970-01-20 14:09:46	Name: cr Value: 1
.simpli.fi/	1970-01-20 22:56:45	Name: suid Value: 943F61A413E54105BDD374585CB92B22
.quantserve.com/	1970-01-20 16:19:19	Name: d Value: EIgBCwHhKfijAA
.quantserve.com/	1970-01-20 23:39:57	Name: mc Value: 64e2c478-b3d68-7f974-1ed07
.adsrvr.org/	1970-01-20 22:56:45	Name: TDCPM Value: CAESFwoIcHVibWF0aWMSCwiexrr9_vyQPBAFEhQKBXRhcGFkEgsI0ua5g__8kDwQBRgBIAEoAjILCNLevLCV_ZA8EAU4AVoFdGFwYWRgAg..
.pubmatic.com/	1970-01-20 16:19:19	Name: KRTBCOOKIE_80 Value: 22987-CAESEHc86HBBUdz-nO2qivFxlYg&KRTB&23025-CAESEHc86HBBUdz-nO2qivFxlYg&KRTB&23386-CAESEHc86HBBUdz-nO2qivFxlYg
.ambientdsp.com/	1970-01-20 14:11:09	Name: _aGeoIp Value: AU-Brisbane
.ambientdsp.com/	1970-01-20 23:45:43	Name: _aUID Value: 119y4hb62y6n
.pubmatic.com/	1970-01-20 14:52:55	Name: KRTBCOOKIE_148 Value: 19421-uid:943F61A413E54105BDD374585CB92B22&KRTB&23486-uid:943F61A413E54105BDD374585CB92B22&KRTB&23489-uid:943F61A413E54105BDD374585CB92B22
.tapad.com/	1970-01-20 15:36:07	Name: TapAd_3WAY_SYNCS Value: 1!5593
.pubmatic.com/	1970-01-20 16:19:19	Name: KRTBCOOKIE_153 Value: 1923-Tqi09xuo5v1V_uKhTqT88h6l5vFVrbShSKtYTNNR&KRTB&19420-Tqi09xuo5v1V_uKhTqT88h6l5vFVrbShSKtYTNNR&KRTB&22979-Tqi09xuo5v1V_uKhTqT88h6l5vFVrbShSKtYTNNR&KRTB&23403-Tqi09xuo5v1V_uKhTqT88h6l5vFVrbShSKtYTNNR
.pubmatic.com/	1970-01-20 14:52:55	Name: KRTBCOOKIE_1290 Value: 23368-119y4hb62y6n
.pubmatic.com/	1970-01-20 16:19:19	Name: KRTBCOOKIE_377 Value: 6810-97294dbb-a30f-4557-9d93-d937a29f019e&KRTB&22918-97294dbb-a30f-4557-9d93-d937a29f019e&KRTB&23031-97294dbb-a30f-4557-9d93-d937a29f019e
.pubmatic.com/	1970-01-20 16:19:19	Name: KRTBCOOKIE_57 Value: 22776-5546508652416821950&KRTB&23339-5546508652416821950
.crwdcntrl.net/	1970-01-20 20:38:27	Name: _cc_dc Value: 2
.crwdcntrl.net/	1970-01-20 20:38:27	Name: _cc_id Value: e165a832ef1f01978e9075cc539f9de8
.semasio.net/	1970-01-20 22:55:19	Name: SEUNCY Value: D1268B62BE2405F2
.pubmatic.com/	1970-01-20 16:19:19	Name: chkChromeAb67Sec Value: 2
.pubmatic.com/	1970-01-20 14:11:09	Name: pi Value: 158936:4
.pubmatic.com/	1970-01-20 16:19:19	Name: DPSync3 Value: 1693180800%3A164%7C1693785600%3A226_201_245_197%7C1692662400%3A248
.pubmatic.com/	1970-01-20 16:19:19	Name: SyncRTB3 Value: 1693785600%3A21_233_254_214_209_8_3_13_264_54_247_22_56_71_220%7C1693180800%3A223_2_15%7C1693440000%3A63%7C1693872000%3A35
.ladsp.com/	1970-01-20 23:45:43	Name: smn_uid Value: k7-H4SHaso5L4yXBEA8EwA-z96qxHZU
.ladsp.com/	1970-01-20 23:45:43	Name: lum Value: CJ71va6hMRIFCAMQ0AU
.bidswitch.net/	1970-01-20 22:55:19	Name: tuuid Value: 69e8dae0-17dc-4fb9-a34c-dd0871773387
.bidswitch.net/	1970-01-20 22:55:19	Name: c Value: 1692583034
.bidswitch.net/	1970-01-20 22:55:19	Name: tuuid_lu Value: 1692583034
.ctnsnet.com/	1970-01-20 22:55:19	Name: cid_0bf3b57a493c40f48abbda39c329bbeb Value: 1
.ctnsnet.com/	1970-01-20 22:55:19	Name: cid_a9b25e1e785141dbb5936f359784b115 Value: 1
.yahoo.com/	1970-01-20 22:55:40	Name: A3 Value: d=AQABBHrE4mQCEGg5q18UD9YsaRSyRJnWeV4FEgEBAQEV5GTsZA3-xiMA_eMAAA&S=AQAAAkIzD4_XlRtt-XKeloK96Oo
.everesttech.net/	1970-01-20 22:55:19	Name: everest_g_v2 Value: g_surferid~ZOLEegAG6nx-qgBV
.gammaplatform.com/	1970-01-20 14:11:09	Name: _aGeoIp Value: IL\|Tel_Aviv
.gammaplatform.com/	1970-01-20 23:45:43	Name: _aUID Value: 1lx0366xxj98
.pubmatic.com/	1970-01-20 14:29:52	Name: KRTBCOOKIE_1159 Value: 23138-a9b25e1e785141dbb5936f359784b115&KRTB&23328-a9b25e1e785141dbb5936f359784b115&KRTB&23427-a9b25e1e785141dbb5936f359784b115&KRTB&23445-a9b25e1e785141dbb5936f359784b115
.pubmatic.com/	1970-01-20 14:52:55	Name: KRTBCOOKIE_1310 Value: 23431-1lx0366xxj98&KRTB&23446-1lx0366xxj98&KRTB&23465-1lx0366xxj98
.rlcdn.com/	1970-01-20 15:36:07	Name: pxrc Value: CPqIi6cGEgUI6AcQABIFCOhHEAA=
.adform.net/	1970-01-20 14:54:21	Name: C Value: 1
.analytics.yahoo.com/	1970-01-20 22:55:19	Name: IDSYNC Value: 18z8~2dgp
.adx.opera.com/	1970-01-20 22:55:19	Name: UID Value: OPU64b0451a16e44955b41f937774f57d0f
.turn.com/	1970-01-20 18:28:55	Name: uid Value: 9137423419759069818
sync.srv.stackadapt.com/	1970-01-20 22:55:19	Name: sa-user-id Value: s%3A0-a93cd759-edf2-5843-548e-3785493e3632.UHT2wSjmB8MnXjPrfedzPyQTHDNhsFpIeBuI05hyRGM
.srv.stackadapt.com/	1970-01-20 22:55:19	Name: sa-user-id Value: s%3A0-a93cd759-edf2-5843-548e-3785493e3632.UHT2wSjmB8MnXjPrfedzPyQTHDNhsFpIeBuI05hyRGM
sync.srv.stackadapt.com/	1970-01-20 22:55:19	Name: sa-user-id-v2 Value: s%3AqTzXWe3yWENUjjeFST42Mtz9ai4.jnMulLBKCR7XYPcGMmuxUNSl%2Bt63fPFcUcffWAeoTjQ
.srv.stackadapt.com/	1970-01-20 22:55:19	Name: sa-user-id-v2 Value: s%3AqTzXWe3yWENUjjeFST42Mtz9ai4.jnMulLBKCR7XYPcGMmuxUNSl%2Bt63fPFcUcffWAeoTjQ
sync.srv.stackadapt.com/	1970-01-20 22:55:19	Name: sa-user-id-v3 Value: s%3AAQAKIH8qTmAyWHPB5JyuykJWp1qXqAvkmEqAkr2nG2j5i1M0EAEYAyD7iIunBjABOgTa3nmDQgSVU7J9.%2BbUCBOF75TQMCUQfPCWyRVOhbQFP1zY1LsFl3MDzQQU
.srv.stackadapt.com/	1970-01-20 22:55:19	Name: sa-user-id-v3 Value: s%3AAQAKIH8qTmAyWHPB5JyuykJWp1qXqAvkmEqAkr2nG2j5i1M0EAEYAyD7iIunBjABOgTa3nmDQgSVU7J9.%2BbUCBOF75TQMCUQfPCWyRVOhbQFP1zY1LsFl3MDzQQU
.pubmatic.com/	1970-01-20 14:52:55	Name: KRTBCOOKIE_22 Value: 14911-9137423419759069818&KRTB&23150-9137423419759069818
.adform.net/	1970-01-20 15:36:07	Name: uid Value: 9098701284311333722
.pubmatic.com/	1970-01-20 16:19:19	Name: KRTBCOOKIE_860 Value: 16335-qTzXWe3yWENUjjeFST42Mtz9ai4&KRTB&23334-qTzXWe3yWENUjjeFST42Mtz9ai4&KRTB&23417-qTzXWe3yWENUjjeFST42Mtz9ai4&KRTB&23426-qTzXWe3yWENUjjeFST42Mtz9ai4
.pippio.com/	1970-01-20 22:55:19	Name: did Value: RKK-NRIGoYQACC6w
.pippio.com/	1970-01-20 22:55:19	Name: didts Value: 1692583035
.pippio.com/	1970-01-20 15:36:07	Name: nnls Value:
.pubmatic.com/	1970-01-20 14:52:55	Name: SPugT Value: 1692583034
.dotomi.com/	1970-01-20 14:09:43	Name: DotomiTest Value: 5227bc93d1da1b12
.pubmatic.com/	1970-01-20 14:52:55	Name: KRTBCOOKIE_391 Value: 22924-1716600904244727762&KRTB&23263-1716600904244727762&KRTB&23481-1716600904244727762
.mediafire.com/	1970-01-20 20:38:31	Name: _cc_id Value: e165a832ef1f01978e9075cc539f9de8
.mediafire.com/	1970-01-20 14:19:47	Name: panoramaId_expiry Value: 1693187835879
.mediafire.com/	1970-01-20 14:19:47	Name: panoramaId Value: acfc9963b5131f1c369a5feba833bd9563ce8b151f1483f356b691df681a68f7
.mediafire.com/	1970-01-20 14:19:47	Name: panoramaIdType Value: panoIndiv
.mediafire.com/	1970-01-20 22:55:19	Name: FCNEC Value: %5B%5B%22AKsRol-IHFr_3YI8pJyOBFRs1WRJzeQLL6qRoG7BpZpWepQAdnR5TsIW2SO5LZ2vSJPJwKeoOeJhoEKQsUT7dvn1JugPxxzXW8SS7O9risPpFcaMYpfF809bzSqyIkSiufQfno15AwxN2X-tmnDHHwiAwXT0_-uLUA%3D%3D%22%5D%2Cnull%2C%5B%5D%5D
www.mediafire.com/	1970-01-20 22:55:19	Name: ezux_lpl_484470 Value: 1692583036273\|bde0370c-eac4-4aeb-7367-320c1bc88139\|false
.nrich.ai/	1970-01-20 23:45:43	Name: _nauid Value: 2949bfbe-ab2c-4d77-83d5-b8b5f977ee70
.pippio.com/	1970-01-20 15:36:07	Name: pxrc Value: CPyIi6cGEgQIAhAAEgYI7OsBEAA=
.pubmatic.com/	1970-01-20 16:19:19	Name: KRTBCOOKIE_32 Value: 11175-AAAJng5dGeqUhgNp0RU4AAAAAAA&KRTB&22713-AAAJng5dGeqUhgNp0RU4AAAAAAA&KRTB&22715-AAAJng5dGeqUhgNp0RU4AAAAAAA
.pubmatic.com/	1970-01-20 14:52:55	Name: PugT Value: 1692583036
.pubmatic.com/	1970-01-20 16:19:19	Name: KRTBCOOKIE_466 Value: 16530-69e8dae0-17dc-4fb9-a34c-dd0871773387
.linksynergy.com/	1970-01-20 22:55:19	Name: rmuid Value: 06a36523-784b-4c13-a44b-a79eb80ab330
.linksynergy.com/	1970-01-20 22:55:19	Name: icts Value: 2023-08-21T01:57:17Z
.rlcdn.com/	1970-01-20 22:55:19	Name: rlas3 Value: Nn0fM026wBgfGK6Wip3pk/IJYaWZKa7pYUMf3T5A7ls=

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6fa3b6ed325ccde04565ab7446985573.safeframe.googlesyndication.com
ad-delivery.net
ad.doubleclick.net
ad.turn.com
ads.pubmatic.com
analytics.google.com
api.amplitude.com
api.btloader.com
bcp.crwdcntrl.net
btloader.com
btlr.sharethrough.com
c1.adform.net
cdn.amplitude.com
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.otnolatrnup.com
cdn.prod.uidapi.com
cm-supply-web.gammaplatform.com
cm.ambientdsp.com
cm.g.doubleclick.net
cms.quantserve.com
cr-p3.ladsp.com
cutt.ly
dis.criteo.com
dsp.nrich.ai
fonts.gstatic.com
fundingchoicesmessages.google.com
g.ezoic.net
go.ezodn.com
google-bidout-d.openx.net
gum.criteo.com
hbopenbid.pubmatic.com
ib.adnxs.com
id5-sync.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
invstatic101.creativecdn.com
ipac.ctnsnet.com
jp-u.openx.net
match.adsrvr.org
oa.openxcdn.net
oajs.openx.net
otnolatrnup.com
pagead2.googlesyndication.com
pippio.com
pixel.tapad.com
pr-bh.ybp.yahoo.com
prebid.media.net
privacy.gatekeeperconsent.com
pubmatic-match.dotomi.com
qsearch-a.akamaihd.net
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
static.cloudflareinsights.com
static.criteo.net
static.mediafire.com
static.xx.fbcdn.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.crwdcntrl.net
sync.srv.stackadapt.com
t.adx.opera.com
tags.crwdcntrl.net
tags.rd.linksynergy.com
tg.socdm.com
the.gatekeeperconsent.com
tpc.googlesyndication.com
translate.google.com
translate.googleapis.com
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.ezojs.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.com.au
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.mediafire.com
x.bidswitch.net
btlr.sharethrough.com
hbopenbid.pubmatic.com
prebid.media.net
103.229.10.247
103.43.90.114
104.16.53.48
104.16.57.101
104.19.215.37
104.21.28.48
104.21.93.25
104.22.0.232
104.22.53.86
104.26.3.70
104.65.228.208
107.178.254.65
119.9.108.211
124.146.215.51
13.228.126.19
13.33.52.121
130.211.23.194
142.250.4.155
142.250.4.94
142.251.12.105
142.251.12.113
142.251.12.138
142.251.12.97
151.101.129.229
151.101.2.49
157.240.235.1
157.240.235.35
162.19.138.119
172.217.194.95
172.253.118.148
172.253.118.94
172.64.136.23
172.67.144.62
172.67.70.134
18.138.18.111
18.142.35.211
182.161.73.129
182.161.73.136
182.161.73.146
184.87.193.161
185.84.60.30
207.65.33.76
207.65.33.82
3.33.220.150
34.102.146.192
34.111.113.62
34.120.107.143
34.83.125.63
34.96.70.87
34.98.64.218
34.98.67.3
35.186.154.107
35.186.193.173
35.190.60.146
35.213.12.39
35.244.159.8
50.116.239.135
51.255.68.171
52.220.27.144
52.35.197.209
52.84.136.212
54.151.156.30
54.159.29.152
54.192.148.37
54.230.10.10
54.255.205.37
64.233.170.102
64.233.170.113
64.233.170.132
64.233.170.94
67.199.150.81
67.199.150.86
74.125.130.157
74.125.200.156
74.125.68.132
82.145.213.8
89.207.22.76
03009b6a50978c4904eed1e9488f9f3951cdf98a904cfc9afa0966eeae5e740a
03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599
055dafe5d715713d106c15306e2bb69ec70ef268aa604e934d7c57b0ba4b5b3d
05cfe92d9794a54258a19bfec7ae0faa73f61b66416983136594b4f95bb114dd
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bb8733c821c864ec9a76bd6e305aed7a2ccf24b9f94dc7549fbc4305fe25563
0e0449433f5a829a39e7183a95731f17604a3eeca7127eee349f2ed56d19863b
14b4caf239342334bf7b8280605e60f67c33c589762047b8bd67c0552fdb80a6
17bcef15306274946d1f80ac653c5f4735061d165ed4f8832123b76bf79dc4f1
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
19c8ec6911cd41cc76409ea98570d151aa8c2585baf63597d26f9edadf7efea9
22ce7a22470f934f12599520a80abbaac402bbcd205a8e56581891d057fe2883
2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4
29080e2a7d6d9f04ff79f4a30917ae09bea128f7a6db37b299705005e13c22c2
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30887d75ca7268ceabc93067bca019f8ffe07189630a759407b236736e1f15af
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
364938aa1109d593daa0c80127eb49a945e884869bc7022e0b068ba92ddf4e29
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
36bacfe94386dae63065040e86fe83a024b3a633f72cf53a1894a47faa3b03db
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
4342feac38021c4fe3069eba0edf1c2e1b4345e2b548b0afb7ab21b7369b3bc8
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4448e430d3c53bad548a5d135e1c7e2f9593e806ba47892640d430ea752e979e
463a50c874622632e7ee1e142eef03d3e7b4c54743e1f68a786fb4e7198766bb
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46a19e6afa7173785c4f660b8c399fad401c7a19bf6da5a7b734819668d3bc1c
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56d2813e3f6701f83da3ce4b2f4e14490ebc0bbf32594ef3fc899948bcd1a08f
5aee1d976fa6b61dc133d6b5251818cf0b31bfffbe1a3f345e4d720cbe944e9e
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
699ad0977ade1c52eb5f1214e634d7ebb6dfa494c6af475f8bed6acb21154994
6d18e303b9b80d6270ff32553d4b915629dc817f67f82b075336c43e58a85988
6dc7917529ca101209b15752c61816375bbbb8b7b9809efb540ccacf45748d09
6fa04d8b4b07ebd5ebb250e33b532615e80dd02d46afb5cc0654c3c128b1c427
71ac1f412d544231441eabf3f0b2437b769aba569c637a3e9524e6421d781cc9
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3
720671166ac43aba99e3952b0b9341ab4e0fee1fd891db54e2a07f05db653142
7471d5963a40a4971b402353e3719cc69c51f0b415126f861d72d9bd6f2c3cf5
753fa7b04751066160f1f5b44c4d518e839277591836a51da5d0fd614e63c863
7817ee889e9c73351b96c97c740c9dd746ba87ebd6c6fcab3cd77cd021920ce7
78ae55fc0ceb8ac07f56b87f7886371e91a57dafb6ee5154f317b7bb11da12a7
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02
7dd5debdcdebc83e78fea8102c6e49ad1325772e13e65b403aad1d0fcc70c498
8214c1f3ad9620bb788c909e7665cc51d3cd9d75b167cce298aee4fcd3cd4e1f
821da8af52f9abd6ed4c5148caee6e2cf2188c9ca01a0008a5a1ce789ce7d99b
82a607cb2a6b45a892439f07d331f62d3cce32b217a7d11869fb597de74526e9
82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83b4150f43fc1362f85f40b1053a6b77ba9029d44cb696e227834fd8eafe7811
84911a805f4891cc811511525f3ccd331b058dded13462b3cada32a9fa5c7346
8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd
8814e2b4ee6d79159c9bcd9b9f8daba5eb480ec6cefe9e70f6344e6e5bcbe114
8bacb685be7cec7f41a0270e694fa90c0fb448b2c0ded5f1734baf51050d695c
908ca103c389b3b3e0aec9f81afaad9fdfa6893089072d9544e8231992d496e8
915764b0fbaadc5bb713a32b63d79c68fdfbd954887227830968319720d425e7
91a2ede9d7c5aefb0e0ed62a9b14b96c71a34c8c10dc382f20f4686b95398c46
94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423
94adb7d31d80d7ce71e3d37289859f8654941f841c9a49ec7efbbd1120f5a239
980d92896bb47adf7f91d17acfa2a4181ce17137a52bd0c4535c8de098659e72
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9c3e5174a99044d33bc0cc8df359288a2b634d19931873d3520d17a93866f27f
9e4d1218481295ab8c3d101bc64be7a1ee4d776cf5f459fcfef7b6273e29d046
a0ba3c972dd62d270848c042967fa8bc2fc351e72e87d800c221628f33ac7418
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032
a6a542faa22889d6a38c8d2afc411f3779236afc8733c87d9e82428ecfb0928f
a6eda84e469463424ebf458949c409a82ee31d042cf3c8e84978658832f634c5
a78ab9f980b3f928148e24c6954db9a3421cc4e51d31d085d161376ae7fad63b
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b24298549c011bf05619ec71368fe41b468309bbac18ed903cf8caa035a2e6f6
b59fb884e042986638877395f3d08978aa6a7b31458f1d53d188799e4d677a28
b7637a4cc7e15b52376c9dba975683af0b7987a44b3d05200747c035a6852274
b793f5d22ad718abf35ec4c17097402732ca94a52ccc691ba458e81b1a2f4526
c0c2ec1f2d626ab278d81abe34d30681f0007e8c79a890165f27e3e1550e99b7
c235f21017bcc11fcaa31d7dfd9855aaebcbf5f6d7ee9bf9f2e98a910907c391
c51fecf79be3a0b62474bd39943854fb10c2b0083a4491f88a5123d8d1b30bf7
c5d9c9f6bbfd42b7c3c63a20fb54ba49978b53f6b981fbabe4d56dd90b2b44ab
caa2095270962c7a40ad6076d820533997c6661d7a031b7f36a2a34b5aaed1b4
cd41c7b28c43121513d6fbeb9ee363653c4785bc809f86a2703c43d237fe3bed
ce425109a03c7002bc683108e8099a337738f7a4ece040b0cde16621454440b5
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf61260956f612e16d3fec5693ccb3e96c73d4bc8e06e28378a9b93be03cb09e
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
d839b193eba1dd4578cc90dfe2fe6edea552e807f65af9e79780a58d0ad9b1bb
d898a15abf3da3d6feb421e03686f731025bce03f1a7f54c39a06b7af6577693
d8ac15e19dbabaeb6b0021a55be2510845aa063fc367cd4a07425301ec842598
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
dc54b817820f14ce6395ba2a037f37d4bb0af75d5b017336140793fbe2f7f738
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0c750b97759124bffe209a81cfb7a3aa05dd20ca1168314348cb865254f1ce2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e611f58b19c2ff6aba81588e7b0a148e523d8acbadc40092f8de5f50dca2f93c
eab46b72b1ac5ef40b4cc0d994a61b67b01044e3188eab6d0788f54cef20c1e1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff30ddcd65ef8e1034b94d93fd1179456a3286e0d142304718ca7c77ec09a22
f52a0c7d9fa7ae8e45916c491ae7193f9a1e289f128f05264122c53d8da970db
f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061
fa1f876cb70f7a711191b9dab191d9cc1c037ae4f5f5ea032dfe742f51c07f65
fbd1975faea67b7c0671c257dab8194f3a8046e6fe66039d29f4e0788c3cb84b
fd13dc1324628bba618d818720467512006a2157c2e24058f09249e16b89435e

www.mediafire.com Open in urlscan Pro 104.16.53.48 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

182 Requests

85 %HTTPS

0 %IPv6

58 Domains

86 Subdomains

60 IPs

9 Countries

1944 kBTransfer

5270 kBSize

125 Cookies

9 Outgoing links

Page URL History

Redirected requests

182 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.mediafire.com Open in urlscan Pro
104.16.53.48 Public Scan

Screenshot
Live screenshot

Full Image

182
Requests

85 %
HTTPS

0 %
IPv6

58
Domains

86
Subdomains

60
IPs

9
Countries

1944 kB
Transfer

5270 kB
Size

125
Cookies

182 HTTP transactions
5 data transactions