www.mediafire.com Open in urlscan Pro
104.16.54.48 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Submission: On May 06 via manual (May 6th 2023, 3:20:37 pm UTC) from AU — Scanned from AU

Summary HTTP 182 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 57 IPs in 8 countries across 47 domains to perform 182 HTTP transactions. The main IP is 104.16.54.48, located in and belongs to CLOUDFLARENET, US. The main domain is www.mediafire.com. The Cisco Umbrella rank of the primary domain is 38384.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 30th 2022. Valid for: a year.

This is the only time www.mediafire.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 19	104.16.54.48 104.16.54.48	13335 (CLOUDFLAR...) (CLOUDFLARENET)
26	142.251.12.113 142.251.12.113	15169 (GOOGLE) (GOOGLE)
21	172.217.194.154 172.217.194.154	15169 (GOOGLE) (GOOGLE)
3	74.125.24.97 74.125.24.97	15169 (GOOGLE) (GOOGLE)
1	52.84.225.46 52.84.225.46	16509 (AMAZON-02) (AMAZON-02)
1	104.26.7.139 104.26.7.139	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.251.12.101 142.251.12.101	15169 (GOOGLE) (GOOGLE)
2	104.19.215.37 104.19.215.37	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.57.101 104.16.57.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	157.240.15.35 157.240.15.35	32934 (FACEBOOK) (FACEBOOK)
1	34.107.148.139 34.107.148.139	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	103.231.98.193 103.231.98.193	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5	52.76.106.12 52.76.106.12	16509 (AMAZON-02) (AMAZON-02)
2	104.26.3.70 104.26.3.70	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.217.194.148 172.217.194.148	15169 (GOOGLE) (GOOGLE)
1	44.239.189.233 44.239.189.233	16509 (AMAZON-02) (AMAZON-02)
4	74.125.24.94 74.125.24.94	15169 (GOOGLE) (GOOGLE)
3	172.253.118.95 172.253.118.95	15169 (GOOGLE) (GOOGLE)
2	74.125.24.138 74.125.24.138	15169 (GOOGLE) (GOOGLE)
2	157.240.235.1 157.240.235.1	32934 (FACEBOOK) (FACEBOOK)
2	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
1	172.253.118.139 172.253.118.139	15169 (GOOGLE) (GOOGLE)
2	142.251.10.94 142.251.10.94	15169 (GOOGLE) (GOOGLE)
1	74.125.130.157 74.125.130.157	15169 (GOOGLE) (GOOGLE)
1	142.250.4.154 142.250.4.154	15169 (GOOGLE) (GOOGLE)
1	142.251.10.132 142.251.10.132	15169 (GOOGLE) (GOOGLE)
2	74.125.130.103 74.125.130.103	15169 (GOOGLE) (GOOGLE)
1	151.101.65.229 151.101.65.229	54113 (FASTLY) (FASTLY)
1	172.67.38.106 172.67.38.106	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	182.161.73.129 182.161.73.129	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	13.33.91.110 13.33.91.110	16509 (AMAZON-02) (AMAZON-02)
1	13.224.250.125 13.224.250.125	16509 (AMAZON-02) (AMAZON-02)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
15	74.125.24.132 74.125.24.132	15169 (GOOGLE) (GOOGLE)
2	35.190.39.111 35.190.39.111	15169 (GOOGLE) (GOOGLE)
1 2	34.120.135.53 34.120.135.53	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	141.95.98.64 141.95.98.64	16276 (OVH) (OVH)
2	13.229.194.156 13.229.194.156	16509 (AMAZON-02) (AMAZON-02)
3	182.161.73.136 182.161.73.136	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
2 9	74.125.24.156 74.125.24.156	15169 (GOOGLE) (GOOGLE)
5	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5 5	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1 1	202.241.208.57 202.241.208.57	4694 (IDCF IDC ...) (IDCF IDC Frontier Inc.)
2 2	13.33.88.71 13.33.88.71	16509 (AMAZON-02) (AMAZON-02)
1	64.233.170.154 64.233.170.154	15169 (GOOGLE) (GOOGLE)
9	23.200.152.26 23.200.152.26	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	23.57.113.186 23.57.113.186	16625 (AKAMAI-AS) (AKAMAI-AS)
1	67.199.150.81 67.199.150.81	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
2 2	198.8.71.130 198.8.71.130	54312 (ROCKETFUEL) (ROCKETFUEL)
1 1	72.34.250.75 72.34.250.75	27630 (AS-XFERNET) (AS-XFERNET)
3	184.86.92.23 184.86.92.23	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	18.142.101.71 18.142.101.71	16509 (AMAZON-02) (AMAZON-02)
1 1	182.161.73.146 182.161.73.146	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
3 3	35.213.12.39 35.213.12.39	15169 (GOOGLE) (GOOGLE)
4 7	74.125.24.157 74.125.24.157	15169 (GOOGLE) (GOOGLE)
2 2	64.202.112.63 64.202.112.63	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 1	104.65.229.32 104.65.229.32	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	3.122.45.137 3.122.45.137	16509 (AMAZON-02) (AMAZON-02)
2 2	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
2 2	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
4	67.199.150.86 67.199.150.86	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3	207.65.33.82 207.65.33.82	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	103.229.206.240 103.229.206.240	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	104.254.151.36 104.254.151.36	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	119.9.108.211 119.9.108.211	45187 (RACKSPACE...) (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong)
1	34.142.175.23 34.142.175.23	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	175.41.152.129 175.41.152.129	16509 (AMAZON-02) (AMAZON-02)
2 2	13.228.126.19 13.228.126.19	16509 (AMAZON-02) (AMAZON-02)
2	67.199.150.85 67.199.150.85	62713 (AS-PUBMATIC) (AS-PUBMATIC)
182	57

19 104.16.54.48 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.mediafire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.mediafire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 142.251.12.113 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f113.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 172.217.194.154 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f154.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 74.125.24.97 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.84.225.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-84-225-46.sin2.r.cloudfront.net

cdn.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.7.139 (None, )

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.12.101 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f101.1e100.net

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.215.37 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.otnolatrnup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
otnolatrnup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.57.101 (None, )

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.15.35 (Singapore)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-03-sin6.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.148.139 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.231.98.193 (Japan)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.76.106.12 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-76-106-12.ap-southeast-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.3.70 (None, )

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.194.148 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f148.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.239.189.233 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-239-189-233.us-west-2.compute.amazonaws.com

api.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 74.125.24.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f94.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.118.95 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f95.1e100.net

translate.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.24.138 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f138.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.235.1 (Singapore)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-04-sin6.fbcdn.net

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.118.139 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f139.1e100.net

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.10.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f94.1e100.net

www.google.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.130.157 (Nashville, United States)

ASN15169 (GOOGLE, US)
PTR: sb-in-f157.1e100.net

adservice.google.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.4.154 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f154.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.10.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f132.1e100.net

63dc4bbfec220aab4af1438a99217a9b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.130.103 (Nashville, United States)

ASN15169 (GOOGLE, US)
PTR: sb-in-f103.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.229 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.38.106 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.73.129 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.91.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-91-110.sin2.r.cloudfront.net

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.250.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-250-125.sin52.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 74.125.24.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f132.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.39.111 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 111.39.190.35.bc.googleusercontent.com

esp.rtbhouse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.135.53 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.64 (France)

ASN16276 (OVH, FR)
PTR: ns3216658.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.229.194.156 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-229-194-156.ap-southeast-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 182.161.73.136 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 74.125.24.156 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: sf-in-f156.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jp-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.71.131.137 (United States) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 202.241.208.57 (Japan) 1 redirects

ASN4694 (IDCF IDC Frontier Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.33.88.71 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-33-88-71.sin2.r.cloudfront.net

cr-p3.ladsp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.170.154 (United States)

ASN15169 (GOOGLE, US)
PTR: sg-in-f154.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.200.152.26 (Kowloon, Hong Kong)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-200-152-26.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.57.113.186 (Central, Hong Kong)

ASN16625 (AKAMAI-AS, US)
PTR: a23-57-113-186.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.150.81 (Singapore)

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.8.71.130 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.34.250.75 (Los Angeles, United States) 1 redirects

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.86.92.23 (Central, Hong Kong)

ASN16625 (AKAMAI-AS, US)
PTR: a184-86-92-23.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c21lg-d.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.142.101.71 (Singapore) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-142-101-71.ap-southeast-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.161.73.146 (Singapore) 1 redirects

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.213.12.39 (Tokyo, Japan) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 39.12.213.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 74.125.24.157 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: sf-in-f157.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.63 (Chicago, United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.65.229.32 (Singapore) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-65-229-32.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.45.137 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-45-137.eu-central-1.compute.amazonaws.com

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.90 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.2.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 67.199.150.86 (Singapore)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 207.65.33.82 (United States)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.229.206.240 (Singapore) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.254.151.36 (Los Angeles, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 897.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 119.9.108.211 (Hong Kong) 1 redirects

ASN45187 (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong, HK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.142.175.23 (Singapore)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 23.175.142.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 175.41.152.129 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-175-41-152-129.ap-southeast-1.compute.amazonaws.com

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.228.126.19 (Singapore) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-13-228-126-19.ap-southeast-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.199.150.85 (Singapore)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	google.com fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1952 translate.google.com — Cisco Umbrella Rank: 1256 analytics.google.com — Cisco Umbrella Rank: 253 adservice.google.com — Cisco Umbrella Rank: 70 www.google.com — Cisco Umbrella Rank: 2	130 KB
26	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 190 ad.doubleclick.net — Cisco Umbrella Rank: 169 stats.g.doubleclick.net — Cisco Umbrella Rank: 74 cm.g.doubleclick.net — Cisco Umbrella Rank: 215 googleads.g.doubleclick.net — Cisco Umbrella Rank: 34	239 KB
25	googlesyndication.com 63dc4bbfec220aab4af1438a99217a9b.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 137 pagead2.googlesyndication.com — Cisco Umbrella Rank: 94	387 KB
19	mediafire.com 1 redirects www.mediafire.com — Cisco Umbrella Rank: 38384 static.mediafire.com — Cisco Umbrella Rank: 63833	265 KB
13	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 477 ads.pubmatic.com — Cisco Umbrella Rank: 493 image6.pubmatic.com — Cisco Umbrella Rank: 699 simage2.pubmatic.com — Cisco Umbrella Rank: 679 image2.pubmatic.com — Cisco Umbrella Rank: 786 image4.pubmatic.com — Cisco Umbrella Rank: 937 simage4.pubmatic.com — Cisco Umbrella Rank: 1206	15 KB
13	media.net prebid.media.net — Cisco Umbrella Rank: 1296 contextual.media.net — Cisco Umbrella Rank: 603 cs.media.net — Cisco Umbrella Rank: 1378 c21lg-d.media.net — Cisco Umbrella Rank: 2012	18 KB
7	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 2433 google-bidout-d.openx.net — Cisco Umbrella Rank: 2838 us-u.openx.net — Cisco Umbrella Rank: 439 jp-u.openx.net — Cisco Umbrella Rank: 12557	2 KB
5	adsrvr.org 5 redirects match.adsrvr.org — Cisco Umbrella Rank: 304	3 KB
5	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 929	791 B
4	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 420 dis.criteo.com — Cisco Umbrella Rank: 707	7 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 188	210 KB
4	gstatic.com www.gstatic.com	9 KB
3	yahoo.com 2 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 428 ups.analytics.yahoo.com — Cisco Umbrella Rank: 265	1 KB
3	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 437	1 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 299	2 KB
3	creativecdn.com 2 redirects invstatic101.creativecdn.com — Cisco Umbrella Rank: 2983 creativecdn.com — Cisco Umbrella Rank: 536	3 KB
3	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1116 bcp.crwdcntrl.net — Cisco Umbrella Rank: 874 sync.crwdcntrl.net — Cisco Umbrella Rank: 790	13 KB
3	google.com.au www.google.com.au — Cisco Umbrella Rank: 25499 adservice.google.com.au — Cisco Umbrella Rank: 108300	1 KB
3	googleapis.com translate.googleapis.com — Cisco Umbrella Rank: 890	75 KB
3	btloader.com btloader.com — Cisco Umbrella Rank: 802 api.btloader.com — Cisco Umbrella Rank: 912	7 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 48	190 KB
2	semasio.net 1 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1193	1 KB
2	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 211	2 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 619	740 B
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com — Cisco Umbrella Rank: 1012	1 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 543	2 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 771	2 KB
2	rfihub.com 2 redirects p.rfihub.com — Cisco Umbrella Rank: 741	1 KB
2	ladsp.com 2 redirects cr-p3.ladsp.com — Cisco Umbrella Rank: 29160	1 KB
2	rtbhouse.com esp.rtbhouse.com — Cisco Umbrella Rank: 3388	335 B
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 887 id5-sync.com — Cisco Umbrella Rank: 431	18 KB
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 810	134 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 30	21 KB
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 889	1 KB
2	otnolatrnup.com cdn.otnolatrnup.com — Cisco Umbrella Rank: 81649 otnolatrnup.com — Cisco Umbrella Rank: 73515	56 KB
2	amplitude.com cdn.amplitude.com — Cisco Umbrella Rank: 2429 api.amplitude.com — Cisco Umbrella Rank: 1442	22 KB
1	simpli.fi um.simpli.fi — Cisco Umbrella Rank: 740	614 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 479	736 B
1	bluekai.com 1 redirects stags.bluekai.com — Cisco Umbrella Rank: 516	1 KB
1	sonobi.com 1 redirects sync.go.sonobi.com — Cisco Umbrella Rank: 855	744 B
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 1020	853 B
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 3332	2 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 650	13 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 2515	8 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 346	896 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 106	15 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 897	7 KB
182	47

	Domain	Requested by
26	fundingchoicesmessages.google.com	www.mediafire.com securepubads.g.doubleclick.net
15	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
15	securepubads.g.doubleclick.net	www.mediafire.com securepubads.g.doubleclick.net www.googletagservices.com
10	static.mediafire.com	www.mediafire.com
9	contextual.media.net	www.mediafire.com contextual.media.net
9	pagead2.googlesyndication.com	www.googletagservices.com securepubads.g.doubleclick.net tpc.googlesyndication.com
9	www.mediafire.com	1 redirects www.mediafire.com static.cloudflareinsights.com
7	cm.g.doubleclick.net	6 redirects google-bidout-d.openx.net
5	match.adsrvr.org	5 redirects
5	btlr.sharethrough.com	www.mediafire.com
4	simage2.pubmatic.com	ads.pubmatic.com www.mediafire.com
4	www.googletagservices.com	securepubads.g.doubleclick.net
4	www.gstatic.com	www.mediafire.com www.gstatic.com
3	pixel.tapad.com	2 redirects www.mediafire.com
3	image2.pubmatic.com	ads.pubmatic.com www.mediafire.com
3	x.bidswitch.net	3 redirects
3	gum.criteo.com	static.criteo.net gum.criteo.com contextual.media.net
3	translate.googleapis.com
3	www.googletagmanager.com	www.mediafire.com www.googletagmanager.com
2	ups.analytics.yahoo.com	2 redirects
2	uipglob.semasio.net	1 redirects www.mediafire.com
2	ib.adnxs.com	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	creativecdn.com	2 redirects
2	rtb.mfadsrvr.com	2 redirects
2	b1sync.zemanta.com	2 redirects
2	pm.w55c.net	2 redirects
2	cs.media.net	contextual.media.net
2	p.rfihub.com	2 redirects
2	ads.pubmatic.com	www.mediafire.com
2	cr-p3.ladsp.com	2 redirects
2	jp-u.openx.net	google-bidout-d.openx.net
2	us-u.openx.net	google-bidout-d.openx.net
2	oajs.openx.net	1 redirects www.mediafire.com
2	esp.rtbhouse.com	invstatic101.creativecdn.com
2	www.google.com	www.mediafire.com tpc.googlesyndication.com
2	www.google.com.au	www.mediafire.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	api.btloader.com	btloader.com
2	static.xx.fbcdn.net	www.facebook.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	ad-delivery.net	www.mediafire.com
1	simage4.pubmatic.com	ads.pubmatic.com
1	image4.pubmatic.com	www.mediafire.com
1	pr-bh.ybp.yahoo.com	www.mediafire.com
1	um.simpli.fi	www.mediafire.com
1	sync.crwdcntrl.net	www.mediafire.com
1	sync.mathtag.com	1 redirects
1	c21lg-d.media.net	contextual.media.net
1	stags.bluekai.com	1 redirects
1	dis.criteo.com	1 redirects
1	sync.go.sonobi.com	1 redirects
1	image6.pubmatic.com	ads.pubmatic.com
1	googleads.g.doubleclick.net	pagead2.googlesyndication.com
1	tg.socdm.com	1 redirects
1	google-bidout-d.openx.net	oa.openxcdn.net
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	id5-sync.com	cdn.id5-sync.com
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	63dc4bbfec220aab4af1438a99217a9b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.com.au	securepubads.g.doubleclick.net
1	analytics.google.com	www.googletagmanager.com
1	otnolatrnup.com	cdn.otnolatrnup.com
1	api.amplitude.com	cdn.amplitude.com
1	ad.doubleclick.net	www.mediafire.com
1	hbopenbid.pubmatic.com	www.mediafire.com
1	prebid.media.net	www.mediafire.com
1	www.facebook.com	www.mediafire.com
1	static.cloudflareinsights.com	www.mediafire.com
1	cdn.otnolatrnup.com	www.mediafire.com
1	translate.google.com	www.mediafire.com
1	btloader.com	www.mediafire.com
1	cdn.amplitude.com	www.mediafire.com
182	80

This site contains links to these domains. Also see Links.

Domain
download2435.mediafire.com
blog.mediafire.com
fast.io
mediafire.zendesk.com
translate.google.com
twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
*.mediafire.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-30` - `2023-09-30`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
cdn.amplitude.com Amazon RSA 2048 M01	`2023-01-12` - `2024-02-11`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-05` - `2023-08-05`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-02-12` - `2023-05-13`	3 months	crt.sh
*.media.net Sectigo RSA Domain Validation Secure Server CA	`2023-04-10` - `2024-05-02`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-02-03` - `2023-11-21`	10 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
*.amplitude.com COMODO RSA Domain Validation Secure Server CA	`2023-01-23` - `2024-02-14`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
api.btloader.com GTS CA 1D4	`2023-04-14` - `2023-07-13`	3 months	crt.sh
*.google.com.au GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-03-30` - `2023-06-28`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-24` - `2023-06-18`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-02-25` - `2023-05-26`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2022-11-07` - `2023-12-06`	a year	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-04-28` - `2023-07-28`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
esp.rtbhouse.com GTS CA 1D4	`2023-03-20` - `2023-06-18`	3 months	crt.sh
*.id5-sync.com R3	`2023-04-18` - `2023-07-17`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-09` - `2023-06-03`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2022-11-07` - `2023-12-08`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-04-04` - `2023-09-27`	6 months	crt.sh

This page contains 21 frames:

Primary Page: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Frame ID: 4015B06A59C7ED513C027BBDFF833765
Requests: 101 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575
Frame ID: 7016EF5BDD7A9171F47393DC1F3CC2FF
Requests: 3 HTTP requests in this frame

Frame: https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js
Frame ID: 937FB4624A947C3C9EBB0BB0F087CB2E
Requests: 3 HTTP requests in this frame

Frame: https://63dc4bbfec220aab4af1438a99217a9b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: AA0171A353BC7229924B2D07F6891AB5
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 3670EF05DE90EFE67955315AE7E808DB
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss_M3vMIPiWuLG6_L74hOCG7QVIsm3reqUqJHIU98-EAMr6bl0j0JGOipRS7xT8sTEVJB4_IJTNHVhgPRhG8Asv4rHpZkJA1mkFnG7qD5_0e7f3xArGgAGyAxZhUIg8WiSqJP30u6tKCdORdE0fF0dMR1Z-B5Z4Jnd4CL1PVeAeFklmjgn8MgRMCYSDhXyb-7V-m0IvY8BQyyV46l7-YUIEnt3V9j5B3Izcjua3lpUCSd3g9GB0q-iQGgc26vVzh7dURAFMDfXrrdEgB6xcJ1S7HNniyp4UYpvfue9lO09VdjIPt0f7ZT7MdsmaniucCCEJRk7v&sai=AMfl-YTzzN4dKTIcGTr1ycY2vRXPnaA1-8e4HNhnmZUGb2m0tUx8poUUH_1GFbpHxKn3YnqtgRoGdIzbQ9Q-V1j6CvXl8ZDSnyB5IgTxVJQSY_R7cSdf7A2NHDSAJg_Qb8vuX38wzOphfSWO5nNgU-8H&sig=Cg0ArKJSzFLM0SfzIH8LEAE&uach_m=[UACH]&adurl=
Frame ID: 6EFFAABE18146C7172A6FC8C18375EA6
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvg17f1CCHW0rJvMZAXp5cgaKoIzARWsYnkEiwE_scPH9OqbsrGipzv37u3_WqFIZMJSHYCWzlMiMriIKcgOR6ujr9TfVIyaGFz-hsHbk6GPL5lagc-Wky4GqQElHVaqNL0RSjKNiwJsH7fGCeEK7PqqwiCKDG7eFOBW4W-SvhLvIgopiXncbtlr6Ljr1RICrQb2zdxPsUJqydcHuG87rmoD0dDo9SFjNOJnXJeb8UbAkOZqB1tp1hDncosVMiNiQSPzkCsZJZutskFGtUvBfCqfJ-SynqE0PAAuEgobOLKIxLdruo-k_NzKeihOxY0Drs7hRS4&sai=AMfl-YTTpgHudfFSJ6EY8hpsuP-suOaHYA3hZLyuLVFYvxxiWUrL0ifUfMNVeiRRZzSop8KrpZiSaIgAhk8QQ_I80ecuDweQ1FFSg3UrtF40cORO&sig=Cg0ArKJSzN7jDRhr_ivcEAE&uach_m=[UACH]&adurl=
Frame ID: A0A5056BBD2F936FCF0B58F0FB10680C
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsthC7R0DRkTVidulx09F2_Rd-x3z5-vetqZ1z3-N9yEpdm8ZqZgLEI8D3PvJn-YMoa2Cje-m36QsVnlMZJwNOtFFgSEr2muFZZya2zTzNZdDQngUh4FinIsMPmnDU2jn0HgTrCBtxSBVpfdxUiLNlj3DUnr5ic4sCKHTv9B3HjxUGowUbYfGKif8tszptwPHBx56xR32yfSWuYUxOytg1ceNkqrBGbeR_Rj0J-5FHUOpSPAzKdVdi5zc4U9QkxP63NsOrEZVik4tX03hmqZY3KqxmF4Oyq9z-3QkXo8SvGK4yNDCrozxcEbHe3K-WLbM2maUfRh&sai=AMfl-YRFCUjEhf-iCA5oYVNLkbaer2Bc9kicXwwprsbp98XbGyzx8EjZgwn3Xd0DWQrJ4E8cxQfMj0PyRZSuHFuwimToofLTtVwAPRxkXq8pGHo&sig=Cg0ArKJSzKkAsg3sUVpWEAE&uach_m=[UACH]&adurl=
Frame ID: 7883F4C904C3899E59958D2FF173FE6F
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuk8Po6rO0qkSCmDnjjsM_s4ocVrO9yRjjCc0fkklHa-Y3Dy4Fl4OdvV6AonzIRH1tX1lCwE-ghkLP-SbUc4aCCGUtfifY9glyRtH7eQeDx1brEBQ_ODWOmU5ng35iDwPzrqopl3iBrOseoy8TIciUoeXHzYj6XtaBIk7DUlsCQcdPFhSyvDyBA71Km_boZNzHsWCCmTbbGGmyVr7bKYMjXll-K3a8_PSJ6dq12h1bohB1aDkuAwGGwVWfyKL_1qWGTOvHjhpN1tCqy7TyMfH1t7vqDRI9yFBga8buwPGx2FuTU4CDb6a8nqVbXVC82snLnHhnV&sai=AMfl-YSWP0PZ-F7pqyKW2Bwf4IJxfCMgDz_jr3OjL3WXyeavf2azP6NzsysdfrzzKT3UcuTmw7yVGf-K0M3Y57hhBoFUfZqGafmh-4UKv-mEVMQaz2bHD9XtdLOXvGMcNKdWtnKZo2NWY1uLcjmwEMY&sig=Cg0ArKJSzEebH8yzLoC4EAE&uach_m=[UACH]&adurl=
Frame ID: F784DB29F093C48B44F5D0754EEF49D3
Requests: 8 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=
Frame ID: A006ECB4C2CF7615A9A2DEDC6299A0D2
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 926F84114CD19FC42927EE892F8944EF
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230502/r20190131/zrt_lookup.html
Frame ID: D79515958FD16623705F9DE4013B62DD
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Frame ID: C0EC74A57D5EEA477ACCDF30030FEA80
Requests: 12 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Frame ID: 5800A3592B0DF940A7158143D4FF6739
Requests: 13 HTTP requests in this frame

Frame: https://contextual.media.net/cksync.html?cs=8&vsid=3263880231539185000V10&type=rkt&refUrl=&vid=33864236363263880231539185000V10&ovsid=1991787316535179537
Frame ID: 795390A01022B38AE9C66A1914297BF5
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZFZwOAAIAvXDeQBS&gdpr=1&gdpr_consent=&_test=ZFZwOAAIAvXDeQBS
Frame ID: B5A1CB33F015A031411614D8D26E40C6
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=1974054392044168008
Frame ID: 5418DC513C1A6950B49E07AFF450097E
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:a50a6456-7038-4a00-87df-168d368260cf&gdpr=0&gdpr_consent=
Frame ID: 490F476AFF25014C05529D6CAC8AA5AC
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3148599032165037369&gdpr=0&gdpr_consent=
Frame ID: 4190034D4C579DFFE68AD8AF0DBB4972
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 129CF24466C5787B28449CBAC070BF18
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C589ACFD59AA282D438C8BC2A2B6EBE2
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Boshy

Detected technologies

Amplitude (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.amplitude\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

182
Requests

88 %
HTTPS

0 %
IPv6

47
Domains

80
Subdomains

57
IPs

8
Countries

1870 kB
Transfer

5062 kB
Size

99
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://download2435.mediafire.com/hn8db3653cqghpvRv0pKyyzaQQnuFy65oJsK_KpF9SFPtikTRNwhAh59SoVsOMUCxyFzfc4ML5G-smAxz8gtXyf0oK9EpmdrZiL-BJjhkGIG7VTpGoyFIG3ruBCmz9I17gGQoBE009C-FekaEu4QNEb-8-V2qP1XLCdL5tTfzPCddhw/nr55aa3lc6x5bi1/Boshy.zip
Title: Download (128.86MB)

Search URL Search Domain Scan URL

URL: http://blog.mediafire.com/
Title: Company Blog

Search URL Search Domain Scan URL

URL: https://fast.io/
Title: Team File Sharing

Search URL Search Domain Scan URL

URL: https://mediafire.zendesk.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://translate.google.com/
Title: Translate

Search URL Search Domain Scan URL

URL: https://twitter.com/#!/mediafire

Search URL Search Domain Scan URL

URL: https://www.facebook.com/mediafire

Search URL Search Domain Scan URL

URL: https://twitter.com/mediafire
Title: Twitter Page

Search URL Search Domain Scan URL

URL: https://blog.mediafire.com/
Title: MediaFire Blog

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js

Request Chain 98

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fnr55aa3lc6x5bi1%2FBoshy.zip&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fnr55aa3lc6x5bi1%2FBoshy.zip&rid=esp&cc=1

Request Chain 122

https://match.adsrvr.org/track/cmf/openx?oxid=b1a6aa26-8fcf-7d38-ea75-fbb24e645878&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmb/openx?oxid=b1a6aa26-8fcf-7d38-ea75-fbb24e645878&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072971&val=ede12718-ad79-44a9-b88b-8e3378b7dcaf&ttd_puid=b1a6aa26-8fcf-7d38-ea75-fbb24e645878&gdpr=0&gdpr_consent=

Request Chain 123

https://tg.socdm.com/rtb/sync_before?proto=openx HTTP 302
https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZFZwNsCo5s8AAO6cBe8AAAAA

Request Chain 124

https://cr-p3.ladsp.com/cookiesender/3 HTTP 302
https://cr-p3.ladsp.com/cookiesender/3?cr=true HTTP 302
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AYwTVMhbSEI-ks8AD4k4dNLLjs8AAAGH8aZXKw

Request Chain 126

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKurJZUoDHSFZxIrT1WSaPE&google_cver=1

Request Chain 149

https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3263880231539185000V10%26type%3Drkt%26refUrl%3D%26vid%3D33864236363263880231539185000V10%26ovsid%3D%7Buserid%7D HTTP 302
https://contextual.media.net/cksync.html?cs=8&vsid=3263880231539185000V10&type=rkt&refUrl=&vid=33864236363263880231539185000V10&ovsid=1991787316535179537

Request Chain 150

https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=8&vsid=3263880231539185000V10&type=son&refUrl=&vid=33864236363263880231539185000V10&ovsid=[UID] HTTP 302
https://contextual.media.net/cksync.php?cs=8&vsid=3263880231539185000V10&type=son&refUrl=&vid=33864236363263880231539185000V10&ovsid=0666983f-8099-47fc-99f3-ff7d9b5dae87

Request Chain 151

https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=MzI2Mzg4MDIzMTUzOTE4NTAwMFYxMA%3D%3D&google_sc=1 HTTP 302
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESELGq2UMX-NwsgzF5ogk3blA&google_cver=1

Request Chain 152

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3263880231539185000V10%26type%3Ddxu%26refUrl%3D%26vid%3D33864236363263880231539185000V10%26ovsid%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3263880231539185000V10%26type%3Ddxu%26refUrl%3D%26vid%3D33864236363263880231539185000V10%26ovsid%3D_wfivefivec_ HTTP 302
https://contextual.media.net/cksync.php?cs=8&vsid=3263880231539185000V10&type=dxu&refUrl=&vid=33864236363263880231539185000V10&ovsid=8lkDthZs1PVjHW5

Request Chain 153

https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40 HTTP 302
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=e0075a65-7976-4676-a21b-7fab1bc769fe

Request Chain 154

https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=medianet&bsw_param=d24ff8cd-47e5-4dd2-b7a0-67618b10a518&google_hm=ZDI0ZmY4Y2QtNDdlNS00ZGQyLWI3YTAtNjc2MThiMTBhNTE4 HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESENsXhis_v59fShYCrYsyjVs&google_cver=1&ssp=medianet&bsw_param=d24ff8cd-47e5-4dd2-b7a0-67618b10a518 HTTP 302
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=d24ff8cd-47e5-4dd2-b7a0-67618b10a518&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 155

https://b1sync.zemanta.com/usersync/medianet/?puid=${VSID}&cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dzem%26ovsid%3D__ZUID__https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3263880231539185000V10%26type%3Dzem%26refUrl%3D%26vid%3D33864236363263880231539185000V10%26ovsid%3D__ZUID__ HTTP 302
https://stags.bluekai.com/site/23178?id=QKkXa7FcPWWBLMov9Exs&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKRJNVVQYJXIZRVAV2XIJGE233WHFCXQ43IOR2HA4ZFGNASKMSGEUZEMY3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIJJSIZRWW43ZNZRS44DIOASTGRTDOMSTGRBYEZXXM43JMQ6V6X22KVEUIX27EZZGKZSVOJWD2JTUPFYGKPL2MVWSM5DZOBST26TFNUTHM2LEHUZTGOBWGQZDGNRTGYZTENRTHA4DAMRTGE2TGOJRHA2TAMBQKYYTAJTWONUWIPJTGI3DGOBYGAZDGMJVGM4TCOBVGAYDAVRRGA HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKRJNVVQYJXIZRVAV2XIJGE233WHFCXQ43IOR2HA4ZFGNASKMSGEUZEMY3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIJJSIZRWW43ZNZRS44DIOASTGRTDOMSTGRBYEZXXM43JMQ6V6X22KVEUIX27EZZGKZSVOJWD2JTUPFYGKPL2MVWSM5DZOBST26TFNUTHM2LEHUZTGOBWGQZDGNRTGYZTENRTHA4DAMRTGE2TGOJRHA2TAMBQKYYTAJTWONUWIPJTGI3DGOBYGAZDGMJVGM4TCOBVGAYDAVRRGA HTTP 302
https://contextual.media.net/cksync.php?cs=1&ovsid=QKkXa7FcPWWBLMov9Exshttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=33864236363263880231539185000V10&vsid=3263880231539185000V10

Request Chain 156

https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=3263880231539185000V10 HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=medianet&ssp_user_id=3263880231539185000V10 HTTP 302
https://contextual.media.net/cksync.php?type=mf&ovsid=ad6f0e6c-6c9a-4f33-9e41-49f670b4acd6&cs=1

Request Chain 157

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=ede12718-ad79-44a9-b88b-8e3378b7dcaf

Request Chain 158

https://creativecdn.com/cm-notify?pi=medianet HTTP 302
https://creativecdn.com/cm-notify?pi=medianet&tc=1 HTTP 302
https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=ElCzVwl279TaTcPhzO3c&pi=medianet&tc=1

Request Chain 160

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZFZwOAAIAvXDeQBS HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZFZwOAAIAvXDeQBS&gdpr=1&gdpr_consent=&_test=ZFZwOAAIAvXDeQBS

Request Chain 161

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=1974054392044168008

Request Chain 162

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:a50a6456-7038-4a00-87df-168d368260cf&gdpr=0&gdpr_consent=

Request Chain 163

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3148599032165037369&gdpr=0&gdpr_consent=

Request Chain 164

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rr3IbIlwQH-KrNcOHBwUIQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 165

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=AEBDC86C-8970-407F-8AAC-D70E1C1C1421 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=AEBDC86C-8970-407F-8AAC-D70E1C1C1421 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=cd9a262d-5849-48a0-b909-6d08bed671a1%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=ede12718-ad79-44a9-b88b-8e3378b7dcaf&ttd_puid=cd9a262d-5849-48a0-b909-6d08bed671a1%2C%2C

Request Chain 167

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=AEBDC86C-8970-407F-8AAC-D70E1C1C1421&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=AEBDC86C-8970-407F-8AAC-D70E1C1C1421&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 168

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QUVCREM4NkMtODk3MC00MDdGLThBQUMtRDcwRTFDMUMxNDIx&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 169

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEmK_deMMDGYt_hyAGlLCmE&google_cver=1

Request Chain 172

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=ede12718-ad79-44a9-b88b-8e3378b7dcaf&gdpr=0&gdpr_consent=

Request Chain 173

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=AEBDC86C-8970-407F-8AAC-D70E1C1C1421&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=AEBDC86C-8970-407F-8AAC-D70E1C1C1421&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-oo.doKJE2uVnSrYid7M6kI6GQl9wpNs-~A&gdpr=0

182 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request Boshy.zip Show response
www.mediafire.com/file/nr55aa3lc6x5bi1/ 319 KB
86 KB 603ms
419ms Document
text/html 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d60ff17f163624203f461d3f0cd19b0ad8e079cc67039fbedbaee1f8866bc6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate, max-age=0 post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 7c3234dac8e05ab0-MEL
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 06 May 2023 15:20:18 GMT
expires: 0
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=0
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-robots-tag: noindex, nofollow

GET
H2 200 AGSKWxXxhCjA0376PEJRKvPbYABIeaqFcJOARWkOOyVBNfrKKqu3hGNujPnDlFLsbJnzVyv6SNOTkimv2wm82c-AdjA= Show response
fundingchoicesmessages.google.com/f/ 130 KB
45 KB 535ms
191ms Script
application/javascript 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXxhCjA0376PEJRKvPbYABIeaqFcJOARWkOOyVBNfrKKqu3hGNujPnDlFLsbJnzVyv6SNOTkimv2wm82c-AdjA=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

a69cbc4800f6bbd0596aee018c28d98265bf0ba9ef5ea945646a2b05fc94637a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-OpHbEulNU-UFCgN4tywHtg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-OpHbEulNU-UFCgN4tywHtg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 prebid5.17.0.js Show response
www.mediafire.com/js/ 263 KB
78 KB 106ms
106ms Script
application/x-javascript 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mediafire.com/js/prebid5.17.0.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6dc7917529ca101209b15752c61816375bbbb8b7b9809efb540ccacf45748d09

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:18 GMT
content-encoding: gzip
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 2325
cf-polished: origSize=269036
etag: W/"62deda56-41aec"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 7c3234ddab505ab0-MEL
expires: Mon, 05 Jun 2023 14:09:47 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 74 KB
25 KB 526ms
177ms Script
text/javascript 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

2460f618f38ac1366442bcddaaa9278f3882af28eeda7d6afe9301e0649944ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24913
x-xss-protection: 0
server: cafe
etag: 639 / 19483 / 31074387 / config-hash: 7620008043783978309
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 06 May 2023 15:20:19 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 115 KB
45 KB 509ms
170ms Script
application/javascript 74.125.24.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-829541-1

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

656efd634e3cf6268cfd2af38853c844862fc6c2a0e113731b6630ceb7899c69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45856
x-xss-protection: 0
last-modified: Sat, 06 May 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 06 May 2023 15:20:19 GMT

GET
H2 200 amplitude-8.5.0-min.gz.js Show response
cdn.amplitude.com/libs/ 68 KB
22 KB 546ms
197ms Script
application/javascript 52.84.225.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.225.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-225-46.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4

Request headers

Referer: https://www.mediafire.com/
Origin: https://www.mediafire.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 18:53:15 GMT
content-encoding: gzip
via: 1.1 57f07f5d6af70b966deb083e1354f6f8.cloudfront.net (CloudFront)
x-amz-version-id: NY8_7uBz3xoXYJBVsMSBAGHOz8ixMBS3
x-amz-cf-pop: SIN2-C1
age: 9491225
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 22154
last-modified: Fri, 13 Aug 2021 22:37:42 GMT
server: AmazonS3
etag: "660c3b546f2a131de50b69b91f26c636"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: HN2CisK3_qVyhgS7-8lgFN4nAIjHpczi7uufyeavSC232SA3mGT2Xw==

GET
H2 200 tag Show response
btloader.com/ 14 KB
7 KB 278ms
97ms Script
application/javascript 104.26.7.139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.139 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 792cc927203c0f990667d3bc779c176005fc90384043b385183cbc1684344709

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 06 May 2023 14:39:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2254
etag: W/"7ae5d0a2ad8592a2d782d9dab8cd8b8c"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AJcoZvlpulzhzZIQB2apQl72OWj1xv7UjjZmkecjON%2FcgyOPiYMLN1rD642lgK2xllxvf3bPxYTn9EiGTwRcpAlV4h8OJFm8Ti20Ucd2PpXWEPW9v8%2F%2F1AWqAcDi5A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
cf-ray: 7c3234dece9f29c5-MEL

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 229 KB
73 KB 749ms
411ms Script
application/javascript 74.125.24.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

fcc266407912bd60b6561a03279f14e6168aca03032825bb28ff35120f5386f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74652
x-xss-protection: 0
last-modified: Sat, 06 May 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 06 May 2023 15:20:19 GMT

GET
H2 200 mf_logo_full_color.svg
static.mediafire.com/images/backgrounds/header/ 3 KB
2 KB 146ms
143ms Image
image/svg+xml 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:18 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 28 Oct 2016 22:22:42 GMT
server: cloudflare
age: 8668
etag: W/"5813cfb2-d1d"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7c3234ddbb5d5ab0-MEL

GET
H2 200 file-zip-v3.png
static.mediafire.com/images/filetype/ 2 KB
2 KB 146ms
143ms Image
image/png 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/filetype/file-zip-v3.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4448e430d3c53bad548a5d135e1c7e2f9593e806ba47892640d430ea752e979e

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:18 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 8556
etag: "62deda56-750"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7c3234ddbb595ab0-MEL
content-length: 1872
expires: Mon, 05 Jun 2023 11:04:31 GMT

GET
H2 200 icons_sprite.svg
www.mediafire.com/images/icons/svg_light/ 36 KB
8 KB 127ms
127ms Image
image/svg+xml 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mediafire.com/images/icons/svg_light/icons_sprite.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:18 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 8312
etag: W/"62deda56-90ab"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7c3234ddbb545ab0-MEL

GET
H2 200 apps_list_sprite-v6.png
static.mediafire.com/images/backgrounds/download/ 8 KB
8 KB 145ms
143ms Image
image/png 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/apps_list_sprite-v6.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc54b817820f14ce6395ba2a037f37d4bb0af75d5b017336140793fbe2f7f738

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:18 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 7608
etag: "62deda56-1fd1"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7c3234ddbb5b5ab0-MEL
content-length: 8145
expires: Mon, 05 Jun 2023 11:07:21 GMT

GET
H2 200 arrow_dropdown.svg
www.mediafire.com/images/icons/svg_dark/ 315 B
314 B 145ms
144ms Image
image/svg+xml 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:18 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 8312
etag: W/"62deda56-13b"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7c3234ddbb555ab0-MEL

GET
H2 200 check_circle_green.svg
static.mediafire.com/images/icons/svg_dark/ 444 B
375 B 144ms
142ms Image
image/svg+xml 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/icons/svg_dark/check_circle_green.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:18 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 12107
etag: W/"62deda56-1bc"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7c3234ddbb5e5ab0-MEL

GET
H2 200 fb_16x16.png
static.mediafire.com/images/backgrounds/download/social/ 181 B
283 B 174ms
174ms Image
image/png 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/social/fb_16x16.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 720671166ac43aba99e3952b0b9341ab4e0fee1fd891db54e2a07f05db653142

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:18 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 11973
etag: "62deda56-b5"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7c3234de2bca5ab0-MEL
content-length: 181
expires: Mon, 05 Jun 2023 11:06:51 GMT

GET
H2 200 element.js Show response
translate.google.com/translate_a/ 77 KB
27 KB 527ms
187ms Script
text/javascript 142.251.12.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=googFooterTranslate

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f101.1e100.net

Software

ESF /

Resource Hash

fc8ce5eaa47b131d33f295963f266b3f5bae7266dc7e31e649a06c556fdddef6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 footerIcons.png
static.mediafire.com/images/backgrounds/footer/social/ 583 B
708 B 170ms
169ms Image
image/png 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:18 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 8582
etag: "62deda56-247"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 7c3234de2bcc5ab0-MEL
content-length: 583
expires: Mon, 05 Jun 2023 11:04:19 GMT

GET
H2 200 infinity.js.aspx Show response
cdn.otnolatrnup.com/Scripts/ 181 KB
54 KB 519ms
341ms Script
application/x-javascript 104.19.215.37
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.215.37 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d11a71f0353c068e6579f10a95d268f0f76b56ef90e138c9195488b91e0ed39a

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sat, 06 May 2023 15:16:59 GMT
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: cloudflare
vary: Accept-Encoding
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
content-type: application/x-javascript; charset=utf-8
cache-control: public, no-transform, max-age=900
cf-ray: 7c3234df4873299f-MEL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 v52afc6f149f6479b8c77fa569edb01181681764108816 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 295ms
116ms Script
text/javascript 104.16.57.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.57.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

Request headers

Referer: https://www.mediafire.com/
Origin: https://www.mediafire.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: gzip
last-modified: Mon, 17 Apr 2023 20:41:48 GMT
server: cloudflare
etag: W/2023.4.2
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7c3234df5d502b38-MEL

GET
H2 200 like.php Show response
www.facebook.com/plugins/ Frame 7016 44 KB
15 KB 714ms
371ms Document
text/html 157.240.15.35
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.15.35 , Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-03-sin6.facebook.com

Software

Resource Hash

2f3d0f38052f4b53e15b482e6203cf25cf7e82ed36d826b444bfa66dad7ba007

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Sat, 06 May 2023 15:20:19 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: ewHjN5PbYYHAfbeUsJbEEQDz9qwlL+5epgyd4E2KHVLvDHZOSM0EyVTE8lsAbuDt/IYyjYdgsPzFVPsfrE+YQg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 world.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 143 KB
53 KB 116ms
116ms Image
image/svg+xml 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/world.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4342feac38021c4fe3069eba0edf1c2e1b4345e2b548b0afb7ab21b7369b3bc8

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 8215
etag: W/"62deda56-23ce2"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7c3234dedc5e5ab0-MEL

GET
H2 200 continent-eu.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 23 KB
9 KB 107ms
106ms Image
image/svg+xml 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/continent-eu.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbb99c4149249b280f1d3d924d9bdd29a4a14cba1e71775fb3bdbdf13ebd5a48

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 2834
etag: W/"62deda56-5ca3"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7c3234df6ce85ab0-MEL

GET
H2 200 dnk.svg
static.mediafire.com/images/flags_svg/ 263 B
237 B 307ms
307ms Image
image/svg+xml 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/flags_svg/dnk.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7acad1a3006d84b408db98d5db926e2aadf436f598212b12977277b72bb2139c

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
etag: W/"62deda56-107"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7c3234dfad0e5ab0-MEL

GET
H2 200 flag.svg
static.mediafire.com/images/backgrounds/download/additional_content/ 234 B
277 B 102ms
102ms Image
image/svg+xml 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.mediafire.com/images/backgrounds/download/additional_content/flag.svg
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f52a0c7d9fa7ae8e45916c491ae7193f9a1e289f128f05264122c53d8da970db

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
server: cloudflare
age: 7975
etag: W/"62deda56-ea"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cf-ray: 7c3234e01d595ab0-MEL

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
1009 B 448ms
269ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUO2689O
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 11944757c364bf2dc0d0afa361692319ca0348e29cade31f66f6820be7b160a2

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 93
alt-svc: clear
expires: Sat, 06 May 2023 15:20:19 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
117 B 560ms
212ms XHR
text/plain 103.231.98.193
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.231.98.193 , Japan, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.mediafire.com
date: Sat, 06 May 2023 15:20:19 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
158 B 735ms
173ms XHR
text/plain 52.76.106.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.76.106.12 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-76-106-12.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.mediafire.com
date: Sat, 06 May 2023 15:20:19 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
158 B 734ms
173ms XHR
text/plain 52.76.106.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.76.106.12 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-76-106-12.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.mediafire.com
date: Sat, 06 May 2023 15:20:19 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 733ms
172ms XHR
text/plain 52.76.106.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.76.106.12 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-76-106-12.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.mediafire.com
date: Sat, 06 May 2023 15:20:19 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
158 B 900ms
339ms XHR
text/plain 52.76.106.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.76.106.12 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-76-106-12.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.mediafire.com
date: Sat, 06 May 2023 15:20:19 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
158 B 900ms
339ms XHR
text/plain 52.76.106.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.76.106.12 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-76-106-12.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.mediafire.com
date: Sat, 06 May 2023 15:20:19 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

GET
H2 200 px.gif
ad-delivery.net/ 43 B
330 B 271ms
93ms Image
image/gif 104.26.3.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 241290
x-guploader-uploadid: ADPycdvp3qZJYmA7yYZAp_7lIV9T9WCXKC8mjulAT9wvcQb80TISjP6zrfWUbUKQuUAHjc2GbhHAbz7Nf9wiyiX3OV6VQD9vkvA_
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QI5NTtG%2FH%2BhsKji69aP5VI0UZQVqKtVff9U%2FikLJt7mrSyG0W0xbP%2BWEjnRrFbctzfiRnhiXESLPQdp9Mj%2Be0a0weLzyyXUhSdJ7w9ELt9%2BEWa0a05z14W5DfFXA3snT%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7c3234e13c2d2b2e-MEL
expires: Wed, 03 May 2023 20:55:35 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
572 B 508ms
168ms Image
image/x-icon 172.217.194.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f148.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 05:15:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36284
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 May 2023 05:15:35 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
924 B 102ms
92ms Image
image/gif 104.26.3.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.870934504113442
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.3.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 241290
x-guploader-uploadid: ADPycdvp3qZJYmA7yYZAp_7lIV9T9WCXKC8mjulAT9wvcQb80TISjP6zrfWUbUKQuUAHjc2GbhHAbz7Nf9wiyiX3OV6VQD9vkvA_
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mWqueGtjryURSikvHyeF%2F5R5y1apTMeCf5awje8iJvwMXghBiIgyjQIj8NMtQ8qyGLTR8%2Fz9cqZ%2Fl6u9fzWXgnVUXkX0YLmAqlkZ8byMfoXRz%2FhqqH3xMIkQNcr0sModDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7c3234e13c2e2b2e-MEL
expires: Wed, 03 May 2023 20:55:35 GMT

GET
H2

200

invisible.js Show response
www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/ Frame 937F
Redirect Chain

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/invisible.js
https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js

25 KB
12 KB

99ms
99ms

Script
application/javascript

104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Server

104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a78ac3d2b2edc63de975db150dd3c39e3e26b8a1e4a743c95e0e37c6b83901b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7c3234e0cdda5ab0-MEL

Redirect headers

date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: gzip
server: cloudflare
vary: accept-encoding
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/b5e45436/invisible.js
cache-control: max-age=300, public
cf-ray: 7c3234e02d6b5ab0-MEL

POST
H2 200 / Show response
api.amplitude.com/ 7 B
206 B 849ms
268ms XHR
text/html 44.239.189.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.amplitude.com/

Requested by

Host: cdn.amplitude.com
URL: https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.239.189.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-239-189-233.us-west-2.compute.amazonaws.com

Software

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 06 May 2023 15:20:20 GMT
strict-transport-security: max-age=15768000
trace-id: Root=1-64567034-41c124594887022433c19e28
content-length: 7
access-control-allow-methods: GET, POST
content-type: text/html;charset=utf-8

GET
H2 200 pica.js
www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame 937F 6 KB
3 KB 96ms
96ms Other
application/javascript 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5071036697f3f545ac7dabb0106e6b66ae9e52caf6103eecb4268d1f06eae38d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7c3234e17e675ab0-MEL

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/ 403 KB
125 KB 170ms
170ms Script
text/javascript 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

77384310d4ffb3b35481ce813a3ef4f3cbcf694e8a7a58f6698c692bdf27de5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 12:40:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9599
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127480
x-xss-protection: 0
server: cafe
etag: 445900462459606666
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sun, 05 May 2024 12:40:20 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 1 KB
885 B 505ms
169ms XHR
application/json 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.mediafire.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

778d4fe92391870c744e4d501e4fde6e47c1a5e1d1ce3b89bba6ef5c239a77c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 342
x-xss-protection: 0
expires: Sat, 06 May 2023 15:20:19 GMT

GET
H2 200 Tag.engine Show response
otnolatrnup.com/ 2 KB
2 KB 713ms
709ms Script
application/json 104.19.215.37
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://otnolatrnup.com/Tag.engine?time=0&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=38342&ver=async&referrerUrl=&fingerPrint=123&abr=false&stdTime=0&fpe=1&bw=1600&bh=1200&res=1600x1200&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fnr55aa3lc6x5bi1%2FBoshy.zip&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone
Requested by: Host: cdn.otnolatrnup.com
URL: https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.215.37 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3bb446c46bd92525dbe82acbea70520ba082eea57c924da55e31a4a5644f1f3

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: cloudflare
vary: Accept-Encoding
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
content-type: application/json; charset=utf-8
cache-control: private, no-transform
cf-ray: 7c3234e22b34299f-MEL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 m=el_main_css
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.69JJaQ5G5xA.L.W.O/d=0/rs=AN8SPfpC36MIoWPngdVwZ4RUzeJYZaC7rg/ 25 KB
5 KB 512ms
172ms Stylesheet
text/css 74.125.24.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.69JJaQ5G5xA.L.W.O/d=0/rs=AN8SPfpC36MIoWPngdVwZ4RUzeJYZaC7rg/m=el_main_css

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_GB.kLxg4hOVQTU.O/d=1/rs=AN8SPfqW8dBLRJphnSf5ASR0tCYF_LgIcw/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f94.1e100.net

Software

sffe /

Resource Hash

7db470720bc87269e9bf81c2da2649d4f59d54eb54ca5ed4547855758d6688a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 00:57:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138176
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4396
x-xss-protection: 0
last-modified: Sun, 12 Mar 2023 00:11:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 04 May 2024 00:57:23 GMT

GET
H2 200 m=el_main Show response
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.kLxg4hOVQTU.O/d=1/exm=el_conf/ed=1/rs=AN8SPfqW8dBLRJphnSf5ASR0tCYF_LgIcw/ 212 KB
75 KB 518ms
170ms Script
text/javascript 172.253.118.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.kLxg4hOVQTU.O/d=1/exm=el_conf/ed=1/rs=AN8SPfqW8dBLRJphnSf5ASR0tCYF_LgIcw/m=el_main

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_GB.kLxg4hOVQTU.O/d=1/rs=AN8SPfqW8dBLRJphnSf5ASR0tCYF_LgIcw/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f95.1e100.net

Software

sffe /

Resource Hash

39e39944dfc14cc87c2635323cd48dc27ac7bb14e0357fdc0855eeb35f8644c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 04 May 2023 20:27:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 154344
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76122
x-xss-protection: 0
last-modified: Wed, 03 May 2023 21:10:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 May 2024 20:27:55 GMT

POST
H2 200 7c3234dac8e05ab0 Show response
www.mediafire.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 937F 2 B
360 B 189ms
188ms XHR
text/plain 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mediafire.com/cdn-cgi/challenge-platform/h/g/cv/result/7c3234dac8e05ab0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 7c3234e368165ab0-MEL
content-type: text/plain; charset=UTF-8

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 509ms
169ms Script
text/javascript 74.125.24.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-829541-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f138.1e100.net

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 06 May 2023 13:40:59 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 5961
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Sat, 06 May 2023 15:40:59 GMT

POST
H3 204 AGSKWxWmBbxPt9VXW3kV_S26OWcF1OuT8Cd-RkHRerqk6-64iRpQwpSP7O92TkFA2qXJ3k2IRBV-j9peqcoVbwcmFWQ= Show response
fundingchoicesmessages.google.com/el/ 0
28 B 522ms
185ms XHR
text/html 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWmBbxPt9VXW3kV_S26OWcF1OuT8Cd-RkHRerqk6-64iRpQwpSP7O92TkFA2qXJ3k2IRBV-j9peqcoVbwcmFWQ=?pvid=C5D563CC-85C4-4A01-9323-1A52FAF01FE7

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.4MMKpR25OkE.es5.O/d=1/rs=AJlcJMw0rrNXG5d2s21CcccCYzHLBy2P9A/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7Pgq3AzPfxMAWfwMyi3VHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
content-security-policy: script-src 'report-sample' 'nonce-7Pgq3AzPfxMAWfwMyi3VHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWmBbxPt9VXW3kV_S26OWcF1OuT8Cd-RkHRerqk6-64iRpQwpSP7O92TkFA2qXJ3k2IRBV-j9peqcoVbwcmFWQ=?pvid=C5D563CC-85C4-4A01-9323-1A52FAF01FE7

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-jzBSH-k5vBK89O7j0v81Iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-jzBSH-k5vBK89O7j0v81Iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxUjgNKboM2E9-9BNoqySPrQrY3W4oI3WdXrfMjRYiehY-OCchtwxd5q3xgk5eFobJoIoV7NrvE8ULBvUMEAo6U= Show response
fundingchoicesmessages.google.com/f/ 13 KB
6 KB 236ms
236ms Script
application/javascript 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUjgNKboM2E9-9BNoqySPrQrY3W4oI3WdXrfMjRYiehY-OCchtwxd5q3xgk5eFobJoIoV7NrvE8ULBvUMEAo6U=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjgzMzg2NDE5LDczODAwMDAwMF0sIkM1RDU2M0NDLTg1QzQtNEEwMS05MzIzLTFBNTJGQUYwMUZFNyIsbnVsbCxudWxsLFtudWxsLFs3XV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9ucjU1YWEzbGM2eDViaTEvQm9zaHkuemlwIixudWxsLFtbOCwiNE1NS3BSMjVPa0UiXSxbOSwiZW4tR0IiXV1d

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

dc80f4fe943f0db1f2e9bbbbdd7ca41c64add4eef1f26bed31c1a798893ee034

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-m1yw8AcNJ8z41MX_SVT1dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-security-policy: script-src 'report-sample' 'nonce-m1yw8AcNJ8z41MX_SVT1dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 199 KB
72 KB 170ms
169ms Script
application/javascript 74.125.24.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

cb1e5b6629746e4dae8f81b033d81a84064f9c84bb6bd4118568623b083f7d50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 73582
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 06 May 2023 15:20:19 GMT

GET
H2 200 -0lC6D4faeA.js Show response
static.xx.fbcdn.net/rsrc.php/v3i7244/yx/l/en_GB/ Frame 7016 512 KB
133 KB 515ms
173ms XHR
application/x-javascript 157.240.235.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3i7244/yx/l/en_GB/-0lC6D4faeA.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?href=http://www.facebook.com/MediaFire&width=193&layout=button_count&action=like&show_faces=false&share=true&height=30&appId=124578887583575

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.235.1 , Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-04-sin6.fbcdn.net

Software

Resource Hash

222bc4d276a864bc43e999b9bbfd8de2da572144bdaacbd1fac47c487d1c3a59

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 70NenItCzlDAe7laVRopPQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 135766
x-fb-rlafr: 0
x-fb-debug: kXcSuXmZyBB0ZAYr31Ly56HWitwAZ1/M58/DI032JVED87M94+qP2T2oIEbutdv37TNrAjHItGYcLlaYn95bwg==
x-fb-trip-id: 1679558926
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sat, 04 May 2024 06:11:04 GMT

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame 7016 299 B
729 B 513ms
171ms Image
image/png 157.240.235.1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.235.1 , Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-04-sin6.fbcdn.net

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
x-fb-rlafr: 0
x-fb-debug: vJsLKosgjC6rFz7KWCv/tVvNoEcaLJSQwWlKeEzRTPYwOdKcUMSF9HU+2y78Iq+NMR8VFpP1g7eIOfLhCAb1KA==
x-fb-trip-id: 1679558926
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sun, 28 Apr 2024 00:46:27 GMT

GET
H2 200 country Show response
api.btloader.com/ 16 B
141 B 454ms
275ms Fetch
application/json 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/country
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: fa1f876cb70f7a711191b9dab191d9cc1c037ae4f5f5ea032dfe742f51c07f65

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16

GET
H2 204 pv Show response
api.btloader.com/ 0
128 B 452ms
275ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=Wdb3bdTVe0&w=5115845767331840&o=5678961798414336&cv=2.1.11-3-gabc8642&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fnr55aa3lc6x5bi1%2FBoshy.zip&sid=eh3EQr9fYN&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5678961798414336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 06 May 2023 15:20:20 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 183096492 Show response
fundingchoicesmessages.google.com/i/ 130 KB
44 KB 192ms
191ms Script
application/javascript 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/183096492?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

43e7bb8dfb305a08e417376b646f774fd234b8f75ecd61df3cad6e526d67b969

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-PqL_VNBi0vs_W3K6rsmF-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-PqL_VNBi0vs_W3K6rsmF-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
246 B 517ms
171ms Ping
text/plain 172.253.118.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je3530&_p=2086174565&_gaz=1&cid=1240375817.1683386420&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1683386420&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fnr55aa3lc6x5bi1%2FBoshy.zip&dt=Boshy&en=page_view&_fv=1&_nsi=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fnr55aa3lc6x5bi1%2FBoshy.zip
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.253.118.139 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sl-in-f139.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:20 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
178 B 170ms
169ms Ping
text/plain 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K68XP6D85D&cid=1240375817.1683386420&gtm=45je3530&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K68XP6D85D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.194.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: si-in-f154.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:20 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com.au/ads/ 42 B
408 B 522ms
178ms Image
image/gif 142.251.10.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.au/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=1240375817.1683386420&gtm=45je3530&aip=1&z=1153883618

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWEHnU7yxKLrOfIIVCul7jJiPFH3g4yiKUlIKAac82ag864E1QogqeoE06eR6AkHwoHXWii7X_25DLEFQq-aIGSUFqu7DLF256MXuXt8DM3wNrCvqUkWqPo0sZgrWYM_IhTgw0I7A== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 183ms
178ms XHR
text/html 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWEHnU7yxKLrOfIIVCul7jJiPFH3g4yiKUlIKAac82ag864E1QogqeoE06eR6AkHwoHXWii7X_25DLEFQq-aIGSUFqu7DLF256MXuXt8DM3wNrCvqUkWqPo0sZgrWYM_IhTgw0I7A==?pvid=C5D563CC-85C4-4A01-9323-1A52FAF01FE7

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-TGouVq1DnyRZqTk3ctL0Cg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
content-security-policy: script-src 'report-sample' 'nonce-TGouVq1DnyRZqTk3ctL0Cg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-CzBZP7eYBaT2iuedRSVpSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
content-security-policy: script-src 'report-sample' 'nonce-CzBZP7eYBaT2iuedRSVpSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
208 B 169ms
169ms XHR
text/plain 74.125.24.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=2086174565&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fnr55aa3lc6x5bi1%2FBoshy.zip&ul=en-us&de=UTF-8&dt=Boshy&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1824571615&gjid=2007174585&cid=1240375817.1683386420&tid=UA-829541-1&_gid=1173533409.1683386420&_r=1&gtm=457e3530&cd1=unregistered&cd7=legacy&cd3=archive&cd4=34&cd5=zip&cd8=%2F1%2F5%2F10%2F20%2F50%2F100%2F&jsscut=1&z=607524437

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f138.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.com.au/adsid/ 107 B
531 B 527ms
174ms Script
application/javascript 74.125.130.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com.au/adsid/integrator.js?domain=www.mediafire.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.130.157 Nashville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

sb-in-f157.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 511ms
171ms Script
application/javascript 142.250.4.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.mediafire.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 53 KB
21 KB 461ms
460ms XHR
text/plain 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3949032260520038&correlator=1805091306090721&eid=31074302%2C31074387&output=ldjh&gdfp_req=1&vrg=202305040101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=183096492%2CMediaFire-Zone4&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=1&adks=215913335&sfv=1-0-40&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121906%26dladtemplate%3D34%26button_delay%3Ddisabled&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1683386420323&dlt=1683386418742&idt=1240&adxs=430&adys=1095&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fnr55aa3lc6x5bi1%2FBoshy.zip&frm=20&vis=1&psz=960x1500&msz=728x-1&fws=0&ohw=0&ga_vid=1240375817.1683386420&ga_sid=1683386420&ga_hid=2086174565&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

75a488dfcd208c25f9f2641236c11c45997dc2fd899b3e385b71840536c5bd6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21255
x-xss-protection: 0
google-lineitem-id: 5967615577
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138387047710
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 51 KB
20 KB 499ms
499ms XHR
text/plain 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3949032260520038&correlator=2890578218353583&eid=31074302%2C31074387&output=ldjh&gdfp_req=1&vrg=202305040101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=183096492%2CMediaFire-Zone1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=2&adks=630197753&sfv=1-0-40&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121906%26dladtemplate%3D34%26button_delay%3Ddisabled&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1683386420330&dlt=1683386418742&idt=1240&adxs=552&adys=10&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fnr55aa3lc6x5bi1%2FBoshy.zip&frm=20&vis=1&psz=960x1500&msz=728x-1&fws=0&ohw=0&ga_vid=1240375817.1683386420&ga_sid=1683386420&ga_hid=2086174565&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

408ac841a8425807e8a6963b40e31157c2fcb88b61b6253a60544b1cc6d73427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20641
x-xss-protection: 0
google-lineitem-id: 5967615577
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138387047710
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 51 KB
20 KB 572ms
571ms XHR
text/plain 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3949032260520038&correlator=1684112269990800&eid=31074302%2C31074387&output=ldjh&gdfp_req=1&vrg=202305040101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=183096492%2CMediaFire-Zone2&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280%7C300x250&ifi=3&adks=3841872593&sfv=1-0-40&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121906%26dladtemplate%3D34%26button_delay%3Ddisabled&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1683386420332&dlt=1683386418742&idt=1240&adxs=320&adys=120&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fnr55aa3lc6x5bi1%2FBoshy.zip&frm=20&vis=1&psz=960x1500&msz=336x-1&fws=0&ohw=0&ga_vid=1240375817.1683386420&ga_sid=1683386420&ga_hid=2086174565&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

b57c6f5bbf70b5cfc8e8dccae82b30ef1f23e40b12f0baced03ea8f6abfec5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20642
x-xss-protection: 0
google-lineitem-id: 5967615577
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138387045472
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 52 KB
21 KB 744ms
743ms XHR
text/plain 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3949032260520038&correlator=3247348141286481&eid=31074302%2C31074387&output=ldjh&gdfp_req=1&vrg=202305040101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=183096492%2CMediaFire-Zone3&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280%7C300x250&ifi=4&adks=1870779098&sfv=1-0-40&prev_scp=dkey_present%3Dfalse%26buildnumber%3D121906%26dladtemplate%3D34%26button_delay%3Ddisabled&eri=5&sc=1&cookie_enabled=1&abxe=1&dt=1683386420334&dlt=1683386418742&idt=1240&adxs=320&adys=420&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fnr55aa3lc6x5bi1%2FBoshy.zip&frm=20&vis=1&psz=960x1500&msz=336x-1&fws=0&ohw=0&ga_vid=1240375817.1683386420&ga_sid=1683386420&ga_hid=2086174565&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

b3bf80656f07d3feb15db9c84737af96f3f6614c080aed231f8493d61d5d9c48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21249
x-xss-protection: 0
google-lineitem-id: 5967615577
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138387047020
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
63dc4bbfec220aab4af1438a99217a9b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AA01 6 KB
3 KB 574ms
173ms Document
text/html 142.251.10.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://63dc4bbfec220aab4af1438a99217a9b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 06 May 2023 15:20:20 GMT
expires: Sun, 05 May 2024 15:20:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated Show response
/ Frame 3670 1 KB
1 KB Document
text/html

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b7637a4cc7e15b52376c9dba975683af0b7987a44b3d05200747c035a6852274

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Content-Type: text/html;charset=UTF-8

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/1x/ 846 B
1 KB 170ms
169ms Image
image/png 74.125.24.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/1x/translate_24dp.png

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f94.1e100.net

Software

sffe /

Resource Hash

5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 01:42:08 GMT
x-content-type-options: nosniff
age: 49092
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 846
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 05 May 2024 01:42:08 GMT

GET
H2 200 googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 910 B
1022 B 173ms
173ms Image
image/png 74.125.24.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f94.1e100.net

Software

sffe /

Resource Hash

6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 14:13:28 GMT
x-content-type-options: nosniff
age: 4012
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 910
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 05 May 2024 14:13:28 GMT

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 2 KB
2 KB 175ms
174ms Image
image/png 74.125.24.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.69JJaQ5G5xA.L.W.O/d=0/rs=AN8SPfpC36MIoWPngdVwZ4RUzeJYZaC7rg/m=el_main_css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f94.1e100.net

Software

sffe /

Resource Hash

4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.69JJaQ5G5xA.L.W.O/d=0/rs=AN8SPfpC36MIoWPngdVwZ4RUzeJYZaC7rg/m=el_main_css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 04:58:12 GMT
x-content-type-options: nosniff
age: 123728
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1842
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 04 May 2024 04:58:12 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 8 B
29 B 170ms
170ms XHR
text/plain 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-829541-1&cid=1240375817.1683386420&jid=1824571615&gjid=2007174585&_gid=1173533409.1683386420&_u=YADAAUAAAAAAACAAI~&z=1421727647

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

Golfe2 /

Resource Hash

7817ee889e9c73351b96c97c740c9dd746ba87ebd6c6fcab3cd77cd021920ce7

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 06 May 2023 15:20:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 522ms
176ms Image
image/gif 74.125.130.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-829541-1&cid=1240375817.1683386420&jid=1824571615&_u=YADAAUAAAAAAACAAI~&z=968012341

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.130.103 Nashville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

sb-in-f103.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com.au/ads/ 42 B
107 B 177ms
176ms Image
image/gif 142.251.10.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.au/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-829541-1&cid=1240375817.1683386420&jid=1824571615&_u=YADAAUAAAAAAACAAI~&z=968012341

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
896 B 265ms
86ms Script
application/javascript 151.101.65.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 06 May 2023 15:20:21 GMT
x-content-type-options: nosniff
content-encoding: br
age: 8409
x-jsd-version: master
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 439
x-served-by: cache-fra-eddf8230042-FRA, cache-mel11240-MEL
x-jsd-version-type: branch
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 59 KB
17 KB 275ms
96ms Script
text/javascript 172.67.38.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.38.106 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d961a31d3d2fdb93a35a4024f9878b2ed896cd86a084ceb8df6af3bc53e29125

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 06 Apr 2023 12:00:04 GMT
server: cloudflare
x-amz-request-id: 622AFCB01RJJ6H1Q
age: 2741
etag: W/"110f0c3c343ee36404c8a2300f4755c3"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 7c3234ebaa7929c5-MEL
x-amz-id-2: jFEPGMdTju0NmuhMnwf2GczGW4UWE/+vxLuhLYvXxaydjsii5JWYBF2OMAfeDUVZkz57+4oCYG7zknYQGBrA5w==

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 262ms
85ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 05:24:15 GMT
content-encoding: gzip
age: 1418166
x-guploader-uploadid: ADPycdvFHpPWY8n27p9USxjRJkGCTUyyXf2sI4i9GXsuqMP7xvcQFzoIRIoPhkdFvPUteNc3REOYOtZBZooXQRMeYeCAvUKC4ISP
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Fri, 19 Apr 2024 05:24:15 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 39 KB
13 KB 556ms
208ms Script
text/javascript 182.161.73.129
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

nginx /

Resource Hash

c7fc8dae04703101d705fac5268f8900d96149d6b2d3fdd6c1fac249ed16cf1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 24 Feb 2023 07:57:32 GMT
server: nginx
etag: W/"63f86dec-9c21"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 07 May 2023 15:20:21 GMT

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 2 KB
2 KB 531ms
169ms Script
text/javascript 13.33.91.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.91.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-91-110.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Fri, 05 May 2023 18:33:31 GMT
Via: 1.1 b238fef36fc101d581d2aebbbc69d9a6.cloudfront.net (CloudFront)
Last-Modified: Thu, 04 May 2023 00:14:06 GMT
Server: AmazonS3
X-Amz-Cf-Pop: SIN2-P2
Age: 74810
ETag: "4d5acbf33f4a0592ac0515db92fe88e6"
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1858
X-Amz-Cf-Id: MZvMZrSC1uBghwVQnZK3FI87VSi2edkrcp7ZeDuDatf642A35ODJ-A==

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 38 KB
12 KB 535ms
185ms Script
text/javascript 13.224.250.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.250.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-250-125.sin52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9cf4fc9350f69e442ebfdf130d4e601377e9273b642282a1ebb4f79d6116e8c5

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 00:30:13 GMT
content-encoding: gzip
via: 1.1 501f8f2b34478d387447d1479e77dfd2.cloudfront.net (CloudFront)
last-modified: Thu, 27 Apr 2023 00:14:05 GMT
server: AmazonS3
x-amz-cf-pop: SIN52-C2
age: 53409
x-amz-server-side-encryption: AES256
etag: W/"37e703da55f96b973658b8e7aeed0e93"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: -n1KgzCazkhM352fZ1eiQ-yBSuU01OkUZyAP5YnZmL8NjVnLaMZA7g==

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 2 KB
2 KB 267ms
86ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 3b89401fea631023de67ae75bf8f246b1af109a9a4247c3862016949eacc462b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:02:20 GMT
via: 1.1 google
age: 1081
x-guploader-uploadid: ADPycdthxXTBArgbt9XpD0n53P1Sm-ZZyrT4_sNTBzRJxoEMBBR6KIHvFIPHM1Lq_K8V8-i_bW9E2zBu9qWqpsrWopMRyRvO_px-
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1938
last-modified: Thu, 27 Apr 2023 19:53:17 GMT
server: UploadServer
etag: "0a4a90264145ed4c5c647dae5dfb0429"
x-goog-generation: 1682625197861193
x-goog-hash: crc32c=jhvysQ==, md5=CkqQJkFF7UxcZH2uXfsEKQ==
content-type: text/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 1938
accept-ranges: bytes
expires: Sat, 06 May 2023 16:02:20 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6EFF 0
0 173ms
173ms Fetch
image/gif 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss_M3vMIPiWuLG6_L74hOCG7QVIsm3reqUqJHIU98-EAMr6bl0j0JGOipRS7xT8sTEVJB4_IJTNHVhgPRhG8Asv4rHpZkJA1mkFnG7qD5_0e7f3xArGgAGyAxZhUIg8WiSqJP30u6tKCdORdE0fF0dMR1Z-B5Z4Jnd4CL1PVeAeFklmjgn8MgRMCYSDhXyb-7V-m0IvY8BQyyV46l7-YUIEnt3V9j5B3Izcjua3lpUCSd3g9GB0q-iQGgc26vVzh7dURAFMDfXrrdEgB6xcJ1S7HNniyp4UYpvfue9lO09VdjIPt0f7ZT7MdsmaniucCCEJRk7v&sai=AMfl-YTzzN4dKTIcGTr1ycY2vRXPnaA1-8e4HNhnmZUGb2m0tUx8poUUH_1GFbpHxKn3YnqtgRoGdIzbQ9Q-V1j6CvXl8ZDSnyB5IgTxVJQSY_R7cSdf7A2NHDSAJg_Qb8vuX38wzOphfSWO5nNgU-8H&sig=Cg0ArKJSzFLM0SfzIH8LEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 06 May 2023 15:20:20 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230502/r20110914/ Frame 6EFF 22 KB
9 KB 533ms
191ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230502/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

cafe /

Resource Hash

7d25d283cffb27454f0defc451d2f1d42ea8ce681aa56a395817871b895420cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 08:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23385
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8767
x-xss-protection: 0
server: cafe
etag: 1250930375877819641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 May 2023 08:50:36 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230502/r20110914/client/ Frame 6EFF 3 KB
1 KB 1162ms
820ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230502/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 07:00:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30003
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 May 2023 07:00:18 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6EFF 169 KB
53 KB 173ms
170ms Script
text/javascript 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

sffe /

Resource Hash

60a1310153b2f271b21004a33c348c2a96f2e096b7f69493ece8807057a7c76d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53484
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683228402947650"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 May 2023 15:20:20 GMT

GET
H2 200 17494115938463050724
tpc.googlesyndication.com/simgad/ Frame 6EFF 57 KB
57 KB 889ms
548ms Image
image/png 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17494115938463050724

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

cee9fd8e304615d5ace755818a222fb75754484b38923463745dfed56bf4e3fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 13:58:33 GMT
x-content-type-options: nosniff
age: 91308
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58527
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 12:57:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 04 May 2024 13:58:33 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A0A5 0
0 200ms
200ms Fetch
image/gif 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvg17f1CCHW0rJvMZAXp5cgaKoIzARWsYnkEiwE_scPH9OqbsrGipzv37u3_WqFIZMJSHYCWzlMiMriIKcgOR6ujr9TfVIyaGFz-hsHbk6GPL5lagc-Wky4GqQElHVaqNL0RSjKNiwJsH7fGCeEK7PqqwiCKDG7eFOBW4W-SvhLvIgopiXncbtlr6Ljr1RICrQb2zdxPsUJqydcHuG87rmoD0dDo9SFjNOJnXJeb8UbAkOZqB1tp1hDncosVMiNiQSPzkCsZJZutskFGtUvBfCqfJ-SynqE0PAAuEgobOLKIxLdruo-k_NzKeihOxY0Drs7hRS4&sai=AMfl-YTTpgHudfFSJ6EY8hpsuP-suOaHYA3hZLyuLVFYvxxiWUrL0ifUfMNVeiRRZzSop8KrpZiSaIgAhk8QQ_I80ecuDweQ1FFSg3UrtF40cORO&sig=Cg0ArKJSzN7jDRhr_ivcEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 06 May 2023 15:20:21 GMT

GET
H2 200 17494115938463050724
tpc.googlesyndication.com/simgad/ Frame A0A5 57 KB
58 KB 650ms
374ms Image
image/png 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17494115938463050724

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

cee9fd8e304615d5ace755818a222fb75754484b38923463745dfed56bf4e3fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 13:58:33 GMT
x-content-type-options: nosniff
age: 91308
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58527
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 12:57:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 04 May 2024 13:58:33 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230502/r20110914/ Frame A0A5 22 KB
9 KB 446ms
171ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230502/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

cafe /

Resource Hash

7d25d283cffb27454f0defc451d2f1d42ea8ce681aa56a395817871b895420cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 08:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23385
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8767
x-xss-protection: 0
server: cafe
etag: 1250930375877819641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 May 2023 08:50:36 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230502/r20110914/client/ Frame A0A5 3 KB
1 KB 1019ms
822ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230502/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 07:00:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30003
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 May 2023 07:00:18 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A0A5 169 KB
52 KB 172ms
172ms Script
text/javascript 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

sffe /

Resource Hash

60a1310153b2f271b21004a33c348c2a96f2e096b7f69493ece8807057a7c76d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53484
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683228402947650"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 May 2023 15:20:21 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7883 0
0 176ms
176ms Fetch
image/gif 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsthC7R0DRkTVidulx09F2_Rd-x3z5-vetqZ1z3-N9yEpdm8ZqZgLEI8D3PvJn-YMoa2Cje-m36QsVnlMZJwNOtFFgSEr2muFZZya2zTzNZdDQngUh4FinIsMPmnDU2jn0HgTrCBtxSBVpfdxUiLNlj3DUnr5ic4sCKHTv9B3HjxUGowUbYfGKif8tszptwPHBx56xR32yfSWuYUxOytg1ceNkqrBGbeR_Rj0J-5FHUOpSPAzKdVdi5zc4U9QkxP63NsOrEZVik4tX03hmqZY3KqxmF4Oyq9z-3QkXo8SvGK4yNDCrozxcEbHe3K-WLbM2maUfRh&sai=AMfl-YRFCUjEhf-iCA5oYVNLkbaer2Bc9kicXwwprsbp98XbGyzx8EjZgwn3Xd0DWQrJ4E8cxQfMj0PyRZSuHFuwimToofLTtVwAPRxkXq8pGHo&sig=Cg0ArKJSzKkAsg3sUVpWEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 06 May 2023 15:20:21 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230502/r20110914/ Frame 7883 22 KB
9 KB 533ms
348ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230502/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

cafe /

Resource Hash

7d25d283cffb27454f0defc451d2f1d42ea8ce681aa56a395817871b895420cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 08:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23385
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8767
x-xss-protection: 0
server: cafe
etag: 1250930375877819641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 May 2023 08:50:36 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230502/r20110914/client/ Frame 7883 3 KB
1 KB 789ms
788ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230502/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 07:00:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30003
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 May 2023 07:00:18 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7883 169 KB
52 KB 205ms
205ms Script
text/javascript 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

sffe /

Resource Hash

60a1310153b2f271b21004a33c348c2a96f2e096b7f69493ece8807057a7c76d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53484
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683228402947650"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 May 2023 15:20:21 GMT

GET
H2 200 13913172449719718510
tpc.googlesyndication.com/simgad/ Frame 7883 85 KB
85 KB 925ms
743ms Image
image/png 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13913172449719718510

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

eff30ddcd65ef8e1034b94d93fd1179456a3286e0d142304718ca7c77ec09a22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86733
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 12:33:47 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 05 May 2024 15:20:21 GMT

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
68 B 178ms
177ms Image
image/gif 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=2.691885693433451

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-F-XNYALmBUT9f9pDdzCPWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-F-XNYALmBUT9f9pDdzCPWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
68 B 183ms
182ms Image
image/gif 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=4.052521804793292

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-oSKY1e2mOC5kF-OIlQuAhA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-oSKY1e2mOC5kF-OIlQuAhA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 encrypt
esp.rtbhouse.com/ Frame 0
0 1529ms
1224ms Preflight
text/plain 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.mediafire.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST, GET
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
content-type: text/plain; charset=utf-8
date: Sat, 06 May 2023 15:20:22 GMT
server: Google Frontend
vary: Origin
via: 1.1 google
x-cloud-trace-context: b357e0dead1a9305d9cf3415eba2df3f

POST
H2 200 encrypt Show response
esp.rtbhouse.com/ 241 B
335 B 380ms
379ms Fetch
application/json 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Requested by: Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 3a51625087eb28a0480adec7f71248ac49bdfdda89ba5985962e6188c88e12cb

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 06 May 2023 15:20:22 GMT
via: 1.1 google
server: Google Frontend
content-type: application/json
access-control-allow-origin: *
x-cloud-trace-context: dd6e9cdb5b06ada33da0213428ef9b45
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 241

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fnr55aa3lc6x5bi1%2FBoshy.zip&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fnr55aa3lc6x5bi1%2FBoshy.zip&rid=esp&cc=1

85 B
203 B

275ms
274ms

Fetch
application/json

34.120.135.53
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fnr55aa3lc6x5bi1%2FBoshy.zip&rid=esp&cc=1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Server: 34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 53.135.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: bdef6728223a15c971792554000d8968800fe13a8a2436428c1a5968152f5ec1

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-JEvuMgOoILwWSgbuPneJh3kxgMU"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Sat, 06 May 2023 15:20:21 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://www.mediafire.com
location: /esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fnr55aa3lc6x5bi1%2FBoshy.zip&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F784 0
0 196ms
196ms Fetch
image/gif 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuk8Po6rO0qkSCmDnjjsM_s4ocVrO9yRjjCc0fkklHa-Y3Dy4Fl4OdvV6AonzIRH1tX1lCwE-ghkLP-SbUc4aCCGUtfifY9glyRtH7eQeDx1brEBQ_ODWOmU5ng35iDwPzrqopl3iBrOseoy8TIciUoeXHzYj6XtaBIk7DUlsCQcdPFhSyvDyBA71Km_boZNzHsWCCmTbbGGmyVr7bKYMjXll-K3a8_PSJ6dq12h1bohB1aDkuAwGGwVWfyKL_1qWGTOvHjhpN1tCqy7TyMfH1t7vqDRI9yFBga8buwPGx2FuTU4CDb6a8nqVbXVC82snLnHhnV&sai=AMfl-YSWP0PZ-F7pqyKW2Bwf4IJxfCMgDz_jr3OjL3WXyeavf2azP6NzsysdfrzzKT3UcuTmw7yVGf-K0M3Y57hhBoFUfZqGafmh-4UKv-mEVMQaz2bHD9XtdLOXvGMcNKdWtnKZo2NWY1uLcjmwEMY&sig=Cg0ArKJSzEebH8yzLoC4EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230502/r20110914/ Frame F784 22 KB
9 KB 275ms
217ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230502/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

cafe /

Resource Hash

7d25d283cffb27454f0defc451d2f1d42ea8ce681aa56a395817871b895420cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 08:50:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23385
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8767
x-xss-protection: 0
server: cafe
etag: 1250930375877819641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 May 2023 08:50:36 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230502/r20110914/client/ Frame F784 3 KB
1 KB 790ms
790ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230502/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 07:00:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30003
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 May 2023 07:00:18 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F784 169 KB
52 KB 171ms
171ms Script
text/javascript 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

sffe /

Resource Hash

60a1310153b2f271b21004a33c348c2a96f2e096b7f69493ece8807057a7c76d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53484
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683228402947650"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 May 2023 15:20:21 GMT

GET
H2 200 5295709221109236883
tpc.googlesyndication.com/simgad/ Frame F784 60 KB
61 KB 664ms
617ms Image
image/png 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5295709221109236883

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

83b4150f43fc1362f85f40b1053a6b77ba9029d44cb696e227834fd8eafe7811

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 05 May 2023 13:58:33 GMT
x-content-type-options: nosniff
age: 91308
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61940
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 12:56:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 04 May 2024 13:58:33 GMT

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
326 B 1001ms
329ms XHR
text/plain 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216658.ip-141-95-98.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.mediafire.com
date: Sat, 06 May 2023 15:20:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWEHnU7yxKLrOfIIVCul7jJiPFH3g4yiKUlIKAac82ag864E1QogqeoE06eR6AkHwoHXWii7X_25DLEFQq-aIGSUFqu7DLF256MXuXt8DM3wNrCvqUkWqPo0sZgrWYM_IhTgw0I7A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-9up95hv_yXryYGkrKbd9Xw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
content-security-policy: script-src 'report-sample' 'nonce-9up95hv_yXryYGkrKbd9Xw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame A0A5 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d16bd5ce2372cf57d0474440716f82ef16dc7d82233c456cd932d68230c34790

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 156 B
614 B 555ms
194ms XHR
application/json 13.229.194.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.229.194.156 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-229-194-156.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 447fc3e3dcad227ce80bc753a969344c3acbe9a59947ac9a7e43d6854431313d

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:21 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache
x-server: 10.42.18.48
access-control-allow-credentials: true
content-length: 156
expires: 0

GET
DATA 200
OK truncated
/ Frame 6EFF 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 01d0013382ed5c8953c684871225722a4f6b29957266647578d58b00d5c7416a

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame A006 15 KB
6 KB 542ms
183ms Document
text/html 182.161.73.136
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.136 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

117ef3d1ce1e9b17d0c9106d6c753959d0dc1703a290646cd7d2d96edd47e838

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 06 May 2023 15:20:20 GMT
server: Kestrel
server-processing-duration-in-ticks: 749654
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame F784 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7c2ccd03bdb617086bc1b5f638666fcbff2747988d7a0f8db7ba4df1fab6db1e

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7883 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1162da5b84b619ead4713ff13712956f887e11698f7e7398cd54b00375e14f48

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame A0A5 0
0 179ms
179ms Fetch
image/gif 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsshmDzV4cCKRoPqrIQqKqdSx8f8rKbDNE2GU6uiyZ9yad9HyDBwTwOC7gNj62z0bb17TCaOk6Een2Vuuzdv2573yM3NVU-0K_tSba7omvk4j7obHNXLF2pdIuQLQjZO1sIfM3CAGP5XH58lxVeUS722qT2dva16fY1Dn1DXSvOtxeAK8fVTMANGxCsoYfgxulKnb0gkmj60kDoyo7EsJ7Zi4YjlR1pQuoE7cdQql1HhyODWS7uYHJogIeokFQjdWMJdkKEmMMB8G49b5d7E8Kz2f325dO4QbnRC1oZNGMUjRh4VRB8C9OjGzSazDfk2A7qSG4aHIpY&sai=AMfl-YRfuO9hLJIMUldeJCqVZsRC6PzixgsyyF9QmHsJRSSLbCZrKkgwmmoS2_I10JCv2tEWLrp_8DfEodWW_jSn8iYFMFaNCl5U-RcD52E21dRV&sig=Cg0ArKJSzFa8XPKLh3VvEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 06 May 2023 15:20:21 GMT

GET
H3 200 468x60--460x68. Show response
fundingchoicesmessages.google.com/f/AGSKWxXy861W3PKa1jOXeFl53MGXN-6vK-Van9hlMASV3BPLE_8WnMCZm3V1RLjnY5Rx9n_pq2mZXmwakp938tAAieuicfQlibRB4eMSQMOCvJfxXrD4QWXUv1q02RfcRrSO4xghLd_XhmrHB0_JofzfFtX-qjXWP... 54 B
109 B 178ms
177ms Script
application/javascript 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXy861W3PKa1jOXeFl53MGXN-6vK-Van9hlMASV3BPLE_8WnMCZm3V1RLjnY5Rx9n_pq2mZXmwakp938tAAieuicfQlibRB4eMSQMOCvJfxXrD4QWXUv1q02RfcRrSO4xghLd_XhmrHB0_JofzfFtX-qjXWPS52MZC9rbKBYUlvFHDDf_3-NY4UETqm/_/adminibanner2./adserverstore./ad_slideout./468x60--460x68.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.4MMKpR25OkE.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMw0rrNXG5d2s21CcccCYzHLBy2P9A/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

dbc3cf4c759cf16556afd900db1be5f1b4a5b2e70616ee83ef10adab3970e1c7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3HDa7jkKyuDZ7eR6Fn0Hpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
content-security-policy: script-src 'report-sample' 'nonce-3HDa7jkKyuDZ7eR6Fn0Hpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 136 KB
47 KB 523ms
183ms Script
text/javascript 74.125.24.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?fcd=true

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.4MMKpR25OkE.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMw0rrNXG5d2s21CcccCYzHLBy2P9A/m=ad_blocking_detection_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f156.1e100.net

Software

cafe /

Resource Hash

53d02bc79c6460b5e37ff8edcecfba43797f2ee84f65340353938a6cd5cb72f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47291
x-xss-protection: 0
server: cafe
etag: 6177400015733591084
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 06 May 2023 15:20:22 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWEHnU7yxKLrOfIIVCul7jJiPFH3g4yiKUlIKAac82ag864E1QogqeoE06eR6AkHwoHXWii7X_25DLEFQq-aIGSUFqu7DLF256MXuXt8DM3wNrCvqUkWqPo0sZgrWYM_IhTgw0I7A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wxfHeFWdk_ZHrga9oNPJZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:21 GMT
content-security-policy: script-src 'report-sample' 'nonce-wxfHeFWdk_ZHrga9oNPJZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6EFF 0
0 174ms
174ms Fetch
image/gif 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvp5t_U3OaILLtkIDpS90in3oloqDZC1fzQJbLCMWMivTjuhG8Lx_U7fZY9lzzmymgDU4GZHTHTDu5HT_4J0xnAL3Dette1U_6E-2k2LPDXZJ9VGoq4DtUkTcQ78mjMhj_KfRHY_IAEOXgekKyMVs2ujGozElDFGrpuGxn0jqGjXK60aG1NWsrQpeLQ322-Lv8tkbEgVRjvBCpCwm90YvmcTkQhF1zWjlnNUiEFn_EmJ2f6qVRbBT9xUbZ1pB6Z2oDb-YTCFBzzn3Po_KqDBKsk9DLxZS8LpgDd9VpR3H8MrKiY6lmSGZuL14WGZsmvTQR73GsvYhk&sai=AMfl-YTVPwxxYAiJfV-seq4zgZ1HbYRacGtt0xnvqdDtug3OJGKGNI3rKkUxs6E2xVjPopxZWomeIH34BGVUnBXefS3mj1f_COGGjZH4TLxAfK_EkjUCvzFCnlvn7Fg7Inv-MucfK98XCG_S5xPmkHSJ&sig=Cg0ArKJSzBCLTu9I1szdEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 06 May 2023 15:20:22 GMT

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 926F 484 B
734 B 360ms
177ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4551fa43ac4766a3ace09bb20e440e11539b2d4a4b5ab055ca5eb79e91810abf

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 307
content-type: text/html
date: Sat, 06 May 2023 15:20:22 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F784 0
0 176ms
176ms Fetch
image/gif 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuiD5q8tEuf9geNxOUb-cxDZFZAGUfejzm1mCmVnHCPb8g8TSV3GrF4DwPBIvlDWvNgiZTMnO91SEU_BizcsRjYriq6Q8VjIDDUW2vf2MOZVz5uzYupLgYQOviLlv80MQvxpXSTPhgqLzGBHpoia-BvRjdF1L2tRmxjsnIXoEPWNutfkSBJXge1FRLYZViQM0i8_kEqdRsvFOKHddZczgO5PziVb5EacgeYp_dxjD4FgpgsmZmBsiiItVdwQLpLVnypBFWB0rlpcUJFbEL8OBR2H2444x5saxzY5VIZVBexPI5zBhBvQwHmjPlk06JZJNfgbq9_2To&sai=AMfl-YTbhHtGICqgigFpIvCsXiRLavAdmQci71nB8mJaQQR57OzzlkYyyQ0-fm5bijv1f3-TMhPh2KRSz9uLA37SK0EkF6_j32KTMtWsXwIH72YsKVMvWqRuEmj4MbT_xYhbZxv5ZxsQ9lXypXhSb9M&sig=Cg0ArKJSzEMnPQEGdSAkEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 06 May 2023 15:20:22 GMT

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame A006 441 B
552 B 172ms
172ms Fetch
application/json 182.161.73.136
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=publishertagids&domain=mediafire.com&sn=ChromeSyncframe&so=0&topUrl=www.mediafire.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.136 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

5a548d85bc3749b08c6edece2b2157c5e48b65e72c5768c57ce27ea69b6fe47a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=0&gdpr_consent=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:21 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1331670
expires: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7883 0
0 174ms
174ms Fetch
image/gif 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss6R0eIBdprSd1lliND2Q_ZJYzrgjDg9bW7T64WE4cNFC7fAF4Zs8JKAFGt5YcuS20m5TfRX7UEuUfev4clukMNnGukne8I-bwv-LlLfu0cCqy2yaR0Y8OFLQPn9UxKL1dJN9PzsOEp0HmYUoYnw9_tqZzL0LUlyGPO4HerjP1ZLeBt5KdAY_TxRGSLlTAt3zei2XKu-TbSF7YvxtGLdYxTIHbjedEv-hEYiIbcgWtAqUjbNuCGLBzJLRya5-w1UvZqKIKOxFCNbokx_2SczIm7M_1FpDIq57m43uj8cFSIRsf-mA9c1Jv_Ipz8BSkmr0D0aN_8O9I&sai=AMfl-YTox3RPhJLZPIRuijai_5z7GyGkYlV3wBgFbMq4u0ifPEIVVF0ibqrC7isLQOBzmYBB7UC5Rgq3ynz6-8RPl02rHM0c3rZBYBe8KEeNd2g&sig=Cg0ArKJSzKZsp8piio7HEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 06 May 2023 15:20:22 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWEHnU7yxKLrOfIIVCul7jJiPFH3g4yiKUlIKAac82ag864E1QogqeoE06eR6AkHwoHXWii7X_25DLEFQq-aIGSUFqu7DLF256MXuXt8DM3wNrCvqUkWqPo0sZgrWYM_IhTgw0I7A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-mG1by3W8eIEgFkdk1Xtv7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:22 GMT
content-security-policy: script-src 'report-sample' 'nonce-mG1by3W8eIEgFkdk1Xtv7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 926F
Redirect Chain

https://match.adsrvr.org/track/cmf/openx?oxid=b1a6aa26-8fcf-7d38-ea75-fbb24e645878&gdpr=0
https://match.adsrvr.org/track/cmb/openx?oxid=b1a6aa26-8fcf-7d38-ea75-fbb24e645878&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072971&val=ede12718-ad79-44a9-b88b-8e3378b7dcaf&ttd_puid=b1a6aa26-8fcf-7d38-ea75-fbb24e645878&gdpr=0&gdpr_consent=

43 B
249 B

174ms
174ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072971&val=ede12718-ad79-44a9-b88b-8e3378b7dcaf&ttd_puid=b1a6aa26-8fcf-7d38-ea75-fbb24e645878&gdpr=0&gdpr_consent=
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:22 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:22 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072971&val=ede12718-ad79-44a9-b88b-8e3378b7dcaf&ttd_puid=b1a6aa26-8fcf-7d38-ea75-fbb24e645878&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 335

GET
H2

200

sd
jp-u.openx.net/w/1.0/ Frame 926F
Redirect Chain

https://tg.socdm.com/rtb/sync_before?proto=openx
https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZFZwNsCo5s8AAO6cBe8AAAAA

43 B
106 B

182ms
176ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZFZwNsCo5s8AAO6cBe8AAAAA
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:22 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

X-SO-Cluster-ID: 0
Date: Sat, 06 May 2023 15:20:22 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/rtb\/sync_before?proto=openx","cluster_id":0,"gdpr":false,"ipv4":"103.209.254.95","key":"ZFZwNsCo5s8AAO6cBe8AAAAA","privacy_sensitive":false,"uid":"","upstream_id":"m-ad279"}
X-SO-Key: ZFZwNsCo5s8AAO6cBe8AAAAA
Server: nginx
X-SO-Upstream-ID: m-ad279
P3P: CP="See also http://www.scaleout.jp/privacy/"
Location: https://jp-u.openx.net/w/1.0/sd?id=537072335&val=ZFZwNsCo5s8AAO6cBe8AAAAA
Cache-Control: private
X-SO-HostName: m-ad279.dc4p.scaleout.jp
Connection: keep-alive
X-SO-Ads-Time: 2
Content-Length: 0
X-SO-LB-Hostname: a-tgng40011.dc2p.scaleout.jp
X-SO-IP: 103.209.254.95

GET
H2

200

sd
jp-u.openx.net/w/1.0/ Frame 926F
Redirect Chain

https://cr-p3.ladsp.com/cookiesender/3
https://cr-p3.ladsp.com/cookiesender/3?cr=true
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AYwTVMhbSEI-ks8AD4k4dNLLjs8AAAGH8aZXKw

43 B
106 B

177ms
176ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AYwTVMhbSEI-ks8AD4k4dNLLjs8AAAGH8aZXKw
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:23 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:23 GMT
via: 1.1 cccd1c02ebcc6a46e3ee52075ec059e8.cloudfront.net (CloudFront)
server: Logicad
x-amz-cf-pop: SIN2-P2
x-cache: Miss from cloudfront
p3p: CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
location: https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AYwTVMhbSEI-ks8AD4k4dNLLjs8AAAGH8aZXKw
cache-control: no-cache
content-length: 0
x-amz-cf-id: 8Qd3eoENybUvEAlkxQCG07Y8uuWh9CdtPeRaLbPULm7sUl9gXcGLxQ==
expires: -1

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 926F 170 B
243 B 334ms
333ms Image
image/png 74.125.24.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OWRjOTc5ZWMtNDZiOC0yMzljLWZmOTUtYTEwYjg0ODY5NjE4

Requested by

Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f156.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 926F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKurJZUoDHSFZxIrT1WSaPE&google_cver=1

43 B
180 B

221ms
175ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKurJZUoDHSFZxIrT1WSaPE&google_cver=1
Requested by: Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://google-bidout-d.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:22 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKurJZUoDHSFZxIrT1WSaPE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230502/r20190131/ Frame D795 10 KB
5 KB 517ms
172ms Document
text/html 64.233.170.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230502/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?fcd=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f154.1e100.net

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

age: 55676
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 05 May 2023 23:52:27 GMT
etag: 15057649708203361565
expires: Fri, 19 May 2023 23:52:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWEHnU7yxKLrOfIIVCul7jJiPFH3g4yiKUlIKAac82ag864E1QogqeoE06eR6AkHwoHXWii7X_25DLEFQq-aIGSUFqu7DLF256MXuXt8DM3wNrCvqUkWqPo0sZgrWYM_IhTgw0I7A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Ei8bqTsnCAt9NfiJ1slIFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:22 GMT
content-security-policy: script-src 'report-sample' 'nonce-Ei8bqTsnCAt9NfiJ1slIFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWEHnU7yxKLrOfIIVCul7jJiPFH3g4yiKUlIKAac82ag864E1QogqeoE06eR6AkHwoHXWii7X_25DLEFQq-aIGSUFqu7DLF256MXuXt8DM3wNrCvqUkWqPo0sZgrWYM_IhTgw0I7A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Bgy6h9TXW-OqB2MOta9fKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:22 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Bgy6h9TXW-OqB2MOta9fKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxWpHiTwPB1NSzRE0C1J4tb5wZSRIgbG_0-64-TnZlay8O2EW9VtgRDBQ1j-snXDt86-0Z6ZeJJV-HVr_kk3x0QPSauOntPqL6kY3cl5k0E0th3aHqNPF1mlUPQ61bFqldkcK0WrhQ== Show response
fundingchoicesmessages.google.com/f/ 4 KB
2 KB 196ms
196ms Script
application/javascript 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWpHiTwPB1NSzRE0C1J4tb5wZSRIgbG_0-64-TnZlay8O2EW9VtgRDBQ1j-snXDt86-0Z6ZeJJV-HVr_kk3x0QPSauOntPqL6kY3cl5k0E0th3aHqNPF1mlUPQ61bFqldkcK0WrhQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjgzMzg2NDIyLDY5MjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9ucjU1YWEzbGM2eDViaTEvQm9zaHkuemlwIixudWxsLFtbOCwiNE1NS3BSMjVPa0UiXSxbOSwiZW4tR0IiXV1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

0aa86963825ed96ee774ed9b19c43654105ad24f2d1a28b389eae5e19b4c7f21

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-oO37wEZZhZqvBSHNwBMYbw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:22 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-oO37wEZZhZqvBSHNwBMYbw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A0A5 42 B
64 B 512ms
172ms Fetch
image/gif 74.125.24.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvDCio-zfnyVuQ4Fp8gD2u8I8htQmcOO0XVnWrSwXtSRFEmfJ7EP49f26vQFJl2BQbPeDzuY0RRpJNse8O5zYvvE45C0LAuCEuV7BZJ8yPf2dZ2WN4U&sig=Cg0ArKJSzM6BWXRJ7XnvEAE&id=lidar2&mcvt=1000&p=10,552,100,1280&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230504&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=630197753&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1683386420915&rpt=836&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f156.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVomMLCSSsktPgNvFzAl8Mr9IHt2_Zsw1qz4tF2VEPjjajLnO5bYBPOmoacoHw__YFG7LygTOEM3XX3YZb-iTEniDGR_UPZDJ3KNLt952ljoUOucQLZ6xHAaarXqK2V4_mgyAODsQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 182ms
181ms XHR
text/html 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVomMLCSSsktPgNvFzAl8Mr9IHt2_Zsw1qz4tF2VEPjjajLnO5bYBPOmoacoHw__YFG7LygTOEM3XX3YZb-iTEniDGR_UPZDJ3KNLt952ljoUOucQLZ6xHAaarXqK2V4_mgyAODsQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-XuSezTjiMzdCC5-PsHDCBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:22 GMT
content-security-policy: script-src 'report-sample' 'nonce-XuSezTjiMzdCC5-PsHDCBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVomMLCSSsktPgNvFzAl8Mr9IHt2_Zsw1qz4tF2VEPjjajLnO5bYBPOmoacoHw__YFG7LygTOEM3XX3YZb-iTEniDGR_UPZDJ3KNLt952ljoUOucQLZ6xHAaarXqK2V4_mgyAODsQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Yc0NcRsU9N991nYRbUVn1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:22 GMT
content-security-policy: script-src 'report-sample' 'nonce-Yc0NcRsU9N991nYRbUVn1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxU2bFhEJzFJ_IDG2H1xQRN5G-dQyyoJgqaGSMKTVnmUbBm9_lLyfyPcZNnkgWttV2P6BXJlOqrjUK-73A6Pytxd_R7kQ83ctGl5kd8oz1ZPf47JKg7mOOFJxJmKDH7kUI8_89edVA== Show response
fundingchoicesmessages.google.com/f/ 3 KB
1 KB 195ms
195ms Script
application/javascript 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxU2bFhEJzFJ_IDG2H1xQRN5G-dQyyoJgqaGSMKTVnmUbBm9_lLyfyPcZNnkgWttV2P6BXJlOqrjUK-73A6Pytxd_R7kQ83ctGl5kd8oz1ZPf47JKg7mOOFJxJmKDH7kUI8_89edVA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjgzMzg2NDIyLDg5NjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxMF0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9ucjU1YWEzbGM2eDViaTEvQm9zaHkuemlwIixudWxsLFtbOCwiNE1NS3BSMjVPa0UiXSxbOSwiZW4tR0IiXV1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

1af0b9a50b716fcf1e4128d57b1575f7c8528a446a88f75a26ac46de9f855444

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jRphO11ykr8WEN5BmnAmvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:23 GMT
content-security-policy: script-src 'report-sample' 'nonce-jRphO11ykr8WEN5BmnAmvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame C0EC 34 KB
12 KB 701ms
245ms Document
text/html 23.200.152.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.152.26 Kowloon, Hong Kong, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-152-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

fd162bf9a4a5b615b214057a07baaa385749b91f573a25b35f66936b1dd6cf72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 11563
content-type: text/html; charset=UTF-8
date: Sat, 06 May 2023 15:20:23 GMT
expires: Mon, 08 May 2023 15:20:23 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 5800 16 KB
6 KB 690ms
226ms Document
text/html 23.57.113.186
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/js/prebid5.17.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.57.113.186 Central, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-57-113-186.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=68417
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sat, 06 May 2023 15:20:23 GMT
expires: Sun, 07 May 2023 10:20:40 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6EFF 42 B
64 B 342ms
171ms Fetch
image/gif 74.125.24.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu6UX7tm3m34sWfcQq4bPXz7p_aHrqQumw-b6mSg_OviEkYEAZbDqt6zAE6r7oMKGqr2wmQCaKbsOWoNIUpNQ7aBQPRDkcQrHrNL-imTdkStuLWCNZt&sig=Cg0ArKJSzEwhCECBhU0AEAE&id=lidar2&mcvt=1002&p=1095,430,1185,1158&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20230504&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=215913335&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1683386420848&rpt=1064&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f156.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F784 42 B
64 B 310ms
171ms Fetch
image/gif 74.125.24.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvHmO4LRX105p28xVCSOq4CNl3UNeGfKfC4KNzVfLsziP46cqnDpKQR7eEGfr9QYOdSMUTKbwABpREReNZyAoausRvHJ8FdPkUexnnPjxyAQWhb-3mi&sig=Cg0ArKJSzNgypGqSGPd9EAE&id=lidar2&mcvt=1000&p=420,320,670,620&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230504&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=1870779098&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1683386421130&rpt=814&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f156.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7883 42 B
64 B 227ms
171ms Fetch
image/gif 74.125.24.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsufk1YjnrGwlnT2KJuBBcjMdUx4iicu2Sup6cNdyldqVOcV9V54BP2MghGWnGfxmJMnsVpm88FsDEHoATHF5f-rzlnfMEBK9DHz7CJFJuyk1HoVFGP3&sig=Cg0ArKJSzC_00NqPhv5VEAE&id=lidar2&mcvt=1000&p=120,320,370,620&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230504&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=3841872593&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1683386421007&rpt=1027&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f156.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWvaFBZovR-wx-gOztH81ixBI-9SCmtJkFcHskqNkkvDJMCw-qpZYggkjdu-wmqMkCLMDQ-A5iLuiO1hnwZhyASXxArTM2BKY2crAEjpr88tVbw_rWRlOYjdgfrv5kAwf0GfilXUA== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 183ms
183ms XHR
text/html 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWvaFBZovR-wx-gOztH81ixBI-9SCmtJkFcHskqNkkvDJMCw-qpZYggkjdu-wmqMkCLMDQ-A5iLuiO1hnwZhyASXxArTM2BKY2crAEjpr88tVbw_rWRlOYjdgfrv5kAwf0GfilXUA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-q4EeVHvPDtm6ONl1Sk--nw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:23 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-q4EeVHvPDtm6ONl1Sk--nw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWvaFBZovR-wx-gOztH81ixBI-9SCmtJkFcHskqNkkvDJMCw-qpZYggkjdu-wmqMkCLMDQ-A5iLuiO1hnwZhyASXxArTM2BKY2crAEjpr88tVbw_rWRlOYjdgfrv5kAwf0GfilXUA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wLGmv1eP79BJwD2SH7_YaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:23 GMT
content-security-policy: script-src 'report-sample' 'nonce-wLGmv1eP79BJwD2SH7_YaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxV_MSSfBXzd9Z2860PME_DMrxJUTf0uT7WDZ2l_ATaHvpZRjrtkyjOJPAnW4xOLgnFrjqtHCZaXXKW0lhxNMjZ1k5IR67ZDXfEo9B9vfq8BTxZA4JZxvdftYSait_CWV9FdGQhNjg== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 192ms
192ms Script
application/javascript 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxV_MSSfBXzd9Z2860PME_DMrxJUTf0uT7WDZ2l_ATaHvpZRjrtkyjOJPAnW4xOLgnFrjqtHCZaXXKW0lhxNMjZ1k5IR67ZDXfEo9B9vfq8BTxZA4JZxvdftYSait_CWV9FdGQhNjg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjgzMzg2NDIzLDk1MDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbNyw2LDEwLDldLG51bGwsMixudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLDFdLCJodHRwczovL3d3dy5tZWRpYWZpcmUuY29tL2ZpbGUvbnI1NWFhM2xjNng1YmkxL0Jvc2h5LnppcCIsbnVsbCxbWzgsIjRNTUtwUjI1T2tFIl0sWzksImVuLUdCIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

6b0ccc770ab3f8289f75954a1be31078c4f13f48f80ef34e610807a038ab36c0

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-Q6C_j7d15F5tiwsKRLyPQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:23 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-Q6C_j7d15F5tiwsKRLyPQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxUN1InAr6AhAOhpIwVHOeWzevKNPvj5mv5VcgjGi1Ed59wk8G9E-qUjcKGFHBD-A-Q2BQYKGbr0B1vgW_w_wwrDJO2hgvVvnpu4XTc_35GySCd_Y6gSJ7pahGEXo5tWGp-Y5JqJNA== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 180ms
180ms XHR
text/html 142.251.12.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUN1InAr6AhAOhpIwVHOeWzevKNPvj5mv5VcgjGi1Ed59wk8G9E-qUjcKGFHBD-A-Q2BQYKGbr0B1vgW_w_wwrDJO2hgvVvnpu4XTc_35GySCd_Y6gSJ7pahGEXo5tWGp-Y5JqJNA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-HrnWj0WpytKF-VW6xamOGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:23 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-HrnWj0WpytKF-VW6xamOGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUN1InAr6AhAOhpIwVHOeWzevKNPvj5mv5VcgjGi1Ed59wk8G9E-qUjcKGFHBD-A-Q2BQYKGbr0B1vgW_w_wwrDJO2hgvVvnpu4XTc_35GySCd_Y6gSJ7pahGEXo5tWGp-Y5JqJNA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-qOcg2xLR9uWWuo8xdsLteA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:23 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-qOcg2xLR9uWWuo8xdsLteA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUN1InAr6AhAOhpIwVHOeWzevKNPvj5mv5VcgjGi1Ed59wk8G9E-qUjcKGFHBD-A-Q2BQYKGbr0B1vgW_w_wwrDJO2hgvVvnpu4XTc_35GySCd_Y6gSJ7pahGEXo5tWGp-Y5JqJNA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-K5H4UqexMU7A1c5vTsHvdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:23 GMT
content-security-policy: script-src 'report-sample' 'nonce-K5H4UqexMU7A1c5vTsHvdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWmBbxPt9VXW3kV_S26OWcF1OuT8Cd-RkHRerqk6-64iRpQwpSP7O92TkFA2qXJ3k2IRBV-j9peqcoVbwcmFWQ=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.12.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f113.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-AHNT0XcQ3MIHJEibBQNbuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 06 May 2023 15:20:23 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-AHNT0XcQ3MIHJEibBQNbuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 5800 2 KB
3 KB 533ms
170ms Script
text/html 67.199.150.81
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=82695303&p=158936&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.199.150.81 , Singapore, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: 728dbf8edf1a70b7cfc5567fc1a429c4d64f2a1d4a93b33ab791c1dc69e9528c

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Sat, 06 May 2023 15:20:24 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 sync Show response
gum.criteo.com/ Frame C0EC 88 B
327 B 173ms
172ms Script
text/javascript 182.161.73.136
CRITEO-AS-AP Crit...

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?r=2&c=321&gdpr=0&gdpr_pd=0&gdpr_consent=&us_privacy=&j=window.advBidxc.mnetRtusId

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.136 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

2592f294c063fb7e4cf11747047e3a4e1311f419073c67bb9507161e379d2019

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:22 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 926425
expires: 60

GET
H2

200

cksync.html Show response
contextual.media.net/ Frame 7953
Redirect Chain

https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D3263880231539185000V10%26type%3Drkt%26refUrl%3D%26vid%3D338642363632638802315391850...
https://contextual.media.net/cksync.html?cs=8&vsid=3263880231539185000V10&type=rkt&refUrl=&vid=33864236363263880231539185000V10&ovsid=1991787316535179537

235 B
668 B

276ms
276ms

Document
text/html

23.200.152.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/cksync.html?cs=8&vsid=3263880231539185000V10&type=rkt&refUrl=&vid=33864236363263880231539185000V10&ovsid=1991787316535179537

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.152.26 Kowloon, Hong Kong, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-152-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

7adfac299561b9d5ab03c88e9d582cf76bd31746a4c0564d7d0d428199c943df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://contextual.media.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: max-age=0, no-cache, no-store
content-length: 235
content-type: text/html;charset=UTF-8
date: Sat, 06 May 2023 15:20:25 GMT
expires: Sat, 06 May 2023 15:20:25 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA" CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
pragma: no-cache
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

Redirect headers

Content-Length: 0
Date: Sat, 06 May 2023 15:20:24 GMT
Location: https://contextual.media.net/cksync.html?cs=8&vsid=3263880231539185000V10&type=rkt&refUrl=&vid=33864236363263880231539185000V10&ovsid=1991787316535179537
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.3.29.v20201019)

GET
H2

200

cksync.php
contextual.media.net/ Frame C0EC
Redirect Chain

https://sync.go.sonobi.com/us?https://contextual.media.net/cksync.php?cs=8&vsid=3263880231539185000V10&type=son&refUrl=&vid=33864236363263880231539185000V10&ovsid=[UID]
https://contextual.media.net/cksync.php?cs=8&vsid=3263880231539185000V10&type=son&refUrl=&vid=33864236363263880231539185000V10&ovsid=0666983f-8099-47fc-99f3-ff7d9b5dae87

61 B
482 B

278ms
278ms

Image
image/gif

23.200.152.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=8&vsid=3263880231539185000V10&type=son&refUrl=&vid=33864236363263880231539185000V10&ovsid=0666983f-8099-47fc-99f3-ff7d9b5dae87

Requested by

Protocol

Server

23.200.152.26 Kowloon, Hong Kong, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-152-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 06 May 2023 15:20:24 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 06 May 2023 15:20:24 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 06 May 2023 15:20:24 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-lax-1-5-69
Content-Type: text/plain; charset=utf8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://contextual.media.net/cksync.php?cs=8&vsid=3263880231539185000V10&type=son&refUrl=&vid=33864236363263880231539185000V10&ovsid=0666983f-8099-47fc-99f3-ff7d9b5dae87
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

cksync
cs.media.net/ Frame C0EC
Redirect Chain

https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=MzI2Mzg4MDIzMTUzOTE4NTAwMFYxMA%3D%3D&google_sc=1
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESELGq2UMX-NwsgzF5ogk3blA&google_cver=1

61 B
626 B

685ms
238ms

Image
image/gif

184.86.92.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESELGq2UMX-NwsgzF5ogk3blA&google_cver=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: HTTP/1.1
Server: 184.86.92.23 Central, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-86-92-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 May 2023 15:20:24 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 61
x-mnet-hl2: E
Expires: Sat, 06 May 2023 15:20:24 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESELGq2UMX-NwsgzF5ogk3blA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame C0EC
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3263880231539185000V10%26type%3Ddxu%26refUrl%3D%26vid%3D33864236363263880231539...
https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D3263880231539185000V10%26type%3Ddxu%26refUrl%3D%26vid%3D33864236363263880...
https://contextual.media.net/cksync.php?cs=8&vsid=3263880231539185000V10&type=dxu&refUrl=&vid=33864236363263880231539185000V10&ovsid=8lkDthZs1PVjHW5

61 B
468 B

257ms
257ms

Image
image/gif

23.200.152.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=8&vsid=3263880231539185000V10&type=dxu&refUrl=&vid=33864236363263880231539185000V10&ovsid=8lkDthZs1PVjHW5

Requested by

Protocol

Server

23.200.152.26 Kowloon, Hong Kong, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-152-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 06 May 2023 15:20:24 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 06 May 2023 15:20:24 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 06 May 2023 15:20:24 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-777-g304ac51#rel-ec2-master i-0692b036e5ab0b5a3@ap-southeast-1b@dxedge-app-ap-southeast-1-prod-asg
Location: https://contextual.media.net/cksync.php?cs=8&vsid=3263880231539185000V10&type=dxu&refUrl=&vid=33864236363263880231539185000V10&ovsid=8lkDthZs1PVjHW5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame C0EC
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=e0075a65-7976-4676-a21b-7fab1bc769fe

61 B
632 B

269ms
268ms

Image
image/gif

23.200.152.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=e0075a65-7976-4676-a21b-7fab1bc769fe

Requested by

Protocol

Server

23.200.152.26 Kowloon, Hong Kong, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-152-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 06 May 2023 15:20:24 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 06 May 2023 15:20:24 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:23 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=e0075a65-7976-4676-a21b-7fab1bc769fe
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1647236
content-length: 0
expires: Sat, 06 May 2023 00:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame C0EC
Redirect Chain

https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=medianet&bsw_param=d24ff8cd-47e5-4dd2-b7a0-67618b10a518&google_hm=ZDI0ZmY4Y2QtNDdlNS00ZGQyLWI3YTAtNjc2MThiMTBhNTE4
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESENsXhis_v59fShYCrYsyjVs&google_cver=1&ssp=medianet&bsw_param=d24ff8cd-47e5-4dd2-b7a0-67618b10a518
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=d24ff8cd-47e5-4dd2-b7a0-67618b10a518&gdpr=&gdpr_consent=&gdpr_pd=

61 B
481 B

268ms
268ms

Image
image/gif

23.200.152.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=d24ff8cd-47e5-4dd2-b7a0-67618b10a518&gdpr=&gdpr_consent=&gdpr_pd=

Requested by

Protocol

Server

23.200.152.26 Kowloon, Hong Kong, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-152-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 06 May 2023 15:20:25 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 06 May 2023 15:20:25 GMT

Redirect headers

Location: //contextual.media.net/cksync.php?cs=1&type=bs&ovsid=d24ff8cd-47e5-4dd2-b7a0-67618b10a518&gdpr=&gdpr_consent=&gdpr_pd=
Date: Sat, 06 May 2023 15:20:24 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

cksync.php
contextual.media.net/ Frame C0EC
Redirect Chain

https://b1sync.zemanta.com/usersync/medianet/?puid=${VSID}&cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dzem%26ovsid%3D__ZUID__https%3A%2F%2Fcontextual.media.net%2Fcksync.php...
https://stags.bluekai.com/site/23178?id=QKkXa7FcPWWBLMov9Exs&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TD...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2MJGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKRJNVVQYJXIZRVAV2XIJGE233WHFCXQ...
https://contextual.media.net/cksync.php?cs=1&ovsid=QKkXa7FcPWWBLMov9Exshttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=338642363632638802315391...

60 B
307 B

241ms
241ms

Image
image/gif

23.200.152.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&ovsid=QKkXa7FcPWWBLMov9Exshttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=33864236363263880231539185000V10&vsid=3263880231539185000V10

Requested by

Protocol

Server

23.200.152.26 Kowloon, Hong Kong, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-152-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0c34dc4de2a524e93b1315788f03ba101b99e22ff50082945e84a00368d73e16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 06 May 2023 15:20:26 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 60
x-mnet-hl2: E
expires: Sat, 06 May 2023 15:20:26 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 06 May 2023 15:20:25 GMT
Content-Type: text/html; charset=utf-8
Location: https://contextual.media.net/cksync.php?cs=1&ovsid=QKkXa7FcPWWBLMov9Exshttps%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8&ovsid=__ZUID__&refUrl=&type=zem&type=zem&vid=33864236363263880231539185000V10&vsid=3263880231539185000V10
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 284
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2

200

cksync.php
contextual.media.net/ Frame C0EC
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=3263880231539185000V10
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=medianet&ssp_user_id=3263880231539185000V10
https://contextual.media.net/cksync.php?type=mf&ovsid=ad6f0e6c-6c9a-4f33-9e41-49f670b4acd6&cs=1

61 B
481 B

270ms
269ms

Image
image/gif

23.200.152.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?type=mf&ovsid=ad6f0e6c-6c9a-4f33-9e41-49f670b4acd6&cs=1

Requested by

Protocol

Server

23.200.152.26 Kowloon, Hong Kong, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-152-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 06 May 2023 15:20:26 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 06 May 2023 15:20:26 GMT

Redirect headers

Location: //contextual.media.net/cksync.php?type=mf&ovsid=ad6f0e6c-6c9a-4f33-9e41-49f670b4acd6&cs=1
Date: Sat, 06 May 2023 15:20:26 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

cksync
cs.media.net/ Frame C0EC
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent=
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=ede12718-ad79-44a9-b88b-8e3378b7dcaf

61 B
637 B

704ms
246ms

Image
image/gif

184.86.92.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=ede12718-ad79-44a9-b88b-8e3378b7dcaf
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: HTTP/1.1
Server: 184.86.92.23 Central, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-86-92-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 May 2023 15:20:24 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 61
x-mnet-hl2: E
Expires: Sat, 06 May 2023 15:20:24 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:23 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=ede12718-ad79-44a9-b88b-8e3378b7dcaf
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 199

GET
H2

200

cksync.php
contextual.media.net/ Frame C0EC
Redirect Chain

https://creativecdn.com/cm-notify?pi=medianet
https://creativecdn.com/cm-notify?pi=medianet&tc=1
https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=ElCzVwl279TaTcPhzO3c&pi=medianet&tc=1

61 B
472 B

275ms
275ms

Image
image/gif

23.200.152.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=ElCzVwl279TaTcPhzO3c&pi=medianet&tc=1

Requested by

Protocol

Server

23.200.152.26 Kowloon, Hong Kong, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-152-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Sat, 06 May 2023 15:20:25 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 61
x-mnet-hl2: E
expires: Sat, 06 May 2023 15:20:25 GMT

Redirect headers

location: https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=ElCzVwl279TaTcPhzO3c&pi=medianet&tc=1
pragma: no-cache
date: Sat, 06 May 2023 15:20:24 GMT, Sat, 06 May 2023 15:20:24 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK log
c21lg-d.media.net/ Frame C0EC 35 B
296 B 852ms
389ms Image
image/gif 184.86.92.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c21lg-d.media.net/log?logid=kfk&evtid=cs&origin=1&pvgid=data-c&ovsid=R8G1WhqxvyVxCEAZfXNObd5_wcP0t-88&cs=15&vsid=3263880231539185000V10
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C273%2C2028%2C2027%2C2025%2C237%2C117%2C359%2C97%2C99%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C338%2C459%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.86.92.23 Central, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-86-92-23.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 06 May 2023 15:20:24 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Sat, 06 May 2023 15:20:24 GMT

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame B5A1
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_con...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZFZwOAAIAvXDeQBS&gdpr=1&gdpr_consent=&_test=ZFZwOAAIAvXDeQBS

0
93 B

179ms
179ms

Document
text/html

67.199.150.86
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZFZwOAAIAvXDeQBS&gdpr=1&gdpr_consent=&_test=ZFZwOAAIAvXDeQBS
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.199.150.86 , Singapore, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sat, 06 May 2023 15:20:24 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ranges: bytes
cache-control: no-cache
content-length: 0
date: Sat, 06 May 2023 15:20:24 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=ZFZwOAAIAvXDeQBS&gdpr=1&gdpr_consent=&_test=ZFZwOAAIAvXDeQBS
pragma: no-cache
retry-after: 0
server: Varnish
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-mel11264-MEL
x-timer: S1683386425.687669,VS0,VE0

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 5418
Redirect Chain

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=1974054392044168008

42 B
273 B

173ms
173ms

Document
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=1974054392044168008
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 06 May 2023 15:20:25 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Content-Length: 0
Date: Sat, 06 May 2023 15:20:24 GMT
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=1974054392044168008
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.3.29.v20201019)

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 490F
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:a50a6456-7038-4a00-87df-168d368260cf&gdpr=0&gdpr_consent=

42 B
326 B

176ms
176ms

Document
image/gif

67.199.150.86
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:a50a6456-7038-4a00-87df-168d368260cf&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.199.150.86 , Singapore, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 06 May 2023 15:20:24 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Sat, 06 May 2023 15:20:24 GMT
Expires: Sat, 06 May 2023 15:20:23 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 851 9bd98ae master hkg-pixel-x8 config_version:"unknown"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:a50a6456-7038-4a00-87df-168d368260cf&gdpr=0&gdpr_consent=

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 4190
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3148599032165037369&gdpr=0&gdpr_consent=

42 B
297 B

172ms
172ms

Document
image/gif

67.199.150.86
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3148599032165037369&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.199.150.86 , Singapore, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 06 May 2023 15:20:25 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

AN-X-Request-Uuid: 49138edd-329e-4f20-94b6-25364cee6718
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Sat, 06 May 2023 15:20:24 GMT
Expires: Sat, 15 Nov 2008 16:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3148599032165037369&gdpr=0&gdpr_consent=
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma: no-cache
Server: nginx/1.21.3
X-Proxy-Origin: 103.209.254.95; 103.209.254.95; 897.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
X-XSS-Protection: 0

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 5800
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rr3IbIlwQH-KrNcOHBwUIQ%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

4 KB
4 KB

225ms
225ms

Image
text/html

23.57.113.186
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Server: 23.57.113.186 Central, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-57-113-186.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:24 GMT
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=68416
accept-ranges: bytes
content-length: 5554
expires: Sun, 07 May 2023 10:20:40 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

receive
pixel.tapad.com/idsync/ex/ Frame 5800
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=AEBDC86C-8970-407F-8AAC-D70E1C1C1421
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=AEBDC86C-8970-407F-8AAC-D70E1C1C1421
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=cd9a262d-5849-48a0-b909-6d08bed671a1%252C%252C&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=ede12718-ad79-44a9-b88b-8e3378b7dcaf&ttd_puid=cd9a262d-5849-48a0-b909-6d08bed671a1%2C%2C

95 B
123 B

225ms
224ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=ede12718-ad79-44a9-b88b-8e3378b7dcaf&ttd_puid=cd9a262d-5849-48a0-b909-6d08bed671a1%2C%2C

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:24 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=ede12718-ad79-44a9-b88b-8e3378b7dcaf&ttd_puid=cd9a262d-5849-48a0-b909-6d08bed671a1%2C%2C
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 359

GET
H2 200 qmap
sync.crwdcntrl.net/ Frame 5800 49 B
265 B 208ms
204ms Image
image/gif 13.229.194.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=AEBDC86C-8970-407F-8AAC-D70E1C1C1421&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.229.194.156 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-229-194-156.ap-southeast-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:24 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.42.24.160
content-length: 49
expires: 0

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 5800
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=AEBDC86C-8970-407F-8AAC-D70E1C1C1421&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=AEBDC86C-8970-407F-8AAC-D70E1C1C1421&sInitiator=external&gdpr=0&gdpr_consent=

42 B
570 B

204ms
204ms

Image
image/gif

119.9.108.211
RACKSPACE-AP Rack...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=AEBDC86C-8970-407F-8AAC-D70E1C1C1421&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: HTTP/1.1
Server: 119.9.108.211 , Hong Kong, ASN45187 (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong, HK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:48 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 42
routing-server-id: 1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:48 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=AEBDC86C-8970-407F-8AAC-D70E1C1C1421&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: 1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 5800
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QUVCREM4NkMtODk3MC00MDdGLThBQUMtRDcwRTFDMUMxNDIx&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
245 B

523ms
170ms

Image
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sat, 06 May 2023 15:20:24 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 5800
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEmK_deMMDGYt_hyAGlLCmE&google_cver=1

42 B
379 B

521ms
171ms

Image
image/gif

207.65.33.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEmK_deMMDGYt_hyAGlLCmE&google_cver=1
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Server: 207.65.33.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sat, 06 May 2023 15:20:24 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEmK_deMMDGYt_hyAGlLCmE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 5800 43 B
614 B 526ms
170ms Image
image/gif 34.142.175.23
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.142.175.23 , Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

23.175.142.34.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:24 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Fri, 05 May 2023 15:20:24 GMT

GET
H2 200 AEBDC86C-8970-407F-8AAC-D70E1C1C1421
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 5800 43 B
603 B 531ms
176ms Image
image/gif 175.41.152.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/AEBDC86C-8970-407F-8AAC-D70E1C1C1421?gdpr=0&gdpr_consent=

Requested by

Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

175.41.152.129 , Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-175-41-152-129.ap-southeast-1.compute.amazonaws.com

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:24 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 5800
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=ede12718-ad79-44a9-b88b-8e3378b7dcaf&gdpr=0&gdpr_consent=

42 B
508 B

516ms
172ms

Image
image/gif

67.199.150.86
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=ede12718-ad79-44a9-b88b-8e3378b7dcaf&gdpr=0&gdpr_consent=
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Server: 67.199.150.86 , Singapore, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sat, 06 May 2023 15:20:24 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 06 May 2023 15:20:24 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=ede12718-ad79-44a9-b88b-8e3378b7dcaf&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 355

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 5800
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=AEBDC86C-8970-407F-8AAC-D70E1C1C1421&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=AEBDC86C-8970-407F-8AAC-D70E1C1C1421&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-oo.doKJE2uVnSrYid7M6kI6GQl9wpNs-~A&gdpr=0

0
260 B

528ms
174ms

Image
text/plain

67.199.150.85
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-oo.doKJE2uVnSrYid7M6kI6GQl9wpNs-~A&gdpr=0
Requested by: Host: www.mediafire.com
URL: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
Protocol: H2
Server: 67.199.150.85 , Singapore, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:25 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-oo.doKJE2uVnSrYid7M6kI6GQl9wpNs-~A&gdpr=0
date: Sat, 06 May 2023 15:20:24 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 5800 0
128 B 184ms
170ms Script
text/plain 67.199.150.85
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158936&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 67.199.150.85 , Singapore, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:26 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 177ms
177ms XHR
application/json 74.125.24.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202305040101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f156.1e100.net

Software

cafe /

Resource Hash

cf15c2f0f3846a4ddf53eb72d02c9c0cc0194cfdc10cb0dae8ff251ece1118e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11140
x-xss-protection: 0

POST
H2 204 rum Show response
www.mediafire.com/cdn-cgi/ 0
183 B 214ms
213ms XHR
text/plain 104.16.54.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mediafire.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.16.54.48 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.mediafire.com/file/nr55aa3lc6x5bi1/Boshy.zip
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
content-type: application/json

Response headers

date: Sat, 06 May 2023 15:20:26 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.mediafire.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 7c32350ebb195ab0-MEL

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 824ms
823ms Script
text/javascript 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305040101/pubads_impl.js?cb=31074387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 06 May 2023 15:20:27 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 129C 13 KB
5 KB 171ms
169ms Document
text/html 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f132.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

accept-ranges: bytes
age: 48249
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 06 May 2023 01:56:18 GMT
expires: Sun, 05 May 2024 01:56:18 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C589 783 B
968 B 178ms
177ms Document
text/html 74.125.130.103
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.130.103 Nashville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

sb-in-f103.1e100.net

Software

GSE /

Resource Hash

0fb43b0dff65716507a4c71481040dcfc8b9bde44f5c57a2427dcdd2100fc0fe

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ZUIC_2_qX0_R1ZrPoLwUag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mediafire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-ZUIC_2_qX0_R1ZrPoLwUag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 06 May 2023 15:20:27 GMT
expires: Sat, 06 May 2023 15:20:27 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C589 0
0 172ms
172ms Image
text/html 74.125.24.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202305040101&jk=3949032260520038&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.24.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sf-in-f157.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

GET
H3 200 WGW0ljRHHlLJrtXsuRq4GtWylHJljqnzeCv2B2VFxAk.js Show response
pagead2.googlesyndication.com/bg/ Frame 129C 37 KB
14 KB 172ms
172ms Script
text/javascript 74.125.24.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WGW0ljRHHlLJrtXsuRq4GtWylHJljqnzeCv2B2VFxAk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f157.1e100.net

Software

sffe /

Resource Hash

5865b49634471e52c9aed5ecb91ab81ad5b29472658ea9f3782bf6076545c409

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 10:11:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18511
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14616
x-xss-protection: 0
last-modified: Mon, 01 May 2023 14:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 05 May 2024 10:11:56 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 129C 0
10 B 169ms
169ms Image
text/plain 74.125.24.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?hIVS8A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.24.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sf-in-f132.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 06 May 2023 15:20:28 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 176ms
176ms Image
text/html 74.125.24.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202305040101&jk=3949032260520038&bg=!T0ylTBjNAAYV_mUANf47ADkAdvg8WqJuYSU1b4BO9CbW-KubVszkFQ5HXiuRiPSU5vlRwXvojsI-mIcjfz4BAYyl4qgj_XolNfwCAAAARFIAAAAEaAEHCgCca2kI4wvSE06-Qa7aZHjFCIscSOLF6PiV0jRqJwWWR1PPQzHQPHByJKcIrwN5NSTnx0NxhxJxv5rFcflVqcw4GtUX4NihONw6hA7qlqC5e8YDHYMt4dhB96rTZdNXwS3El3UzmTxaA8J-E81vWCEAU4zwWiADMi2_4oqXRtoiwGt5asksrlt3LlcUafjIyS0GoZxTmBdOjhR-cAVzmQLN6i1i1USx-FtzsIRRV2XOVS2IabR4s4GYHPgjbMSueRxKB2Zpm03ZbfcTABduQlQ_dbZbkrmFFGhkqLHDU08ATd4jXh9JKoT1XYsjtdevoDiGzjXMjBubbBeRA2JeAecynU5xaWMxX_VuKOFGc1rsYOFEdmF4sZ4-Wlt75hJUKxy8ZLXECun_Y_ZGtsind2qC-48ypgxHKqi1L-6Vekf5BQzLvPSMPYEGWVzVbka5P_yMRHPugmQYc96L21zOYD57mPO2aTr3HmMUQrEGwfiwEFktQ7OXirJ44GoPRueMoM3sIz-ZHVyePrM2ME0vPhiTb-I79DjijdOtU04E_Vpr2BoAEFfjv3cIES397w6V-dqMcQA8qg8ZlSqjgszrYaVKyphziYM46R2OPARjHD1Br8ptOpMeVvfIf23y4O4M4tKtuCD1RtdsSlM2cTU-VVe-GL3Nsy33ksuAzIVK79Tt4mIoxk9nZZ1xyhomXePWX59sUPwFkM6d6l3Ke8sUQnEOabHa08sXKYERAbH9LixcaEX7x3vwMq9teOCGlq-JoGtYvtfKDeSvEb7A_DWQK9fdmEj7JdHFCWx8P4i-NuP9uKRzrNm_yl8ah5TxylK_y3q5KMnMou07Ii9EbjwibFP1dPfVYTVnPZAuGTgKVz06GFt45gHcudgvt_H8JG8aL3UyufTbVKZ0Qyy1kFslaXN0Vf30SG7hY9Y1SqSEk_BoPgYMSg9nO1NrJY2ZXyHIOVCLRg5uKNp7HVK1tOL3c4VlJvshnm8w5vtT7JMbUc-lOtj9RqGXdQofZGdZkWBkKUyMytXtn5aZmR_OcS9ntk-JbcmUfbjkf0ualHF8LR5zrOJTOwMgJcAuBYqIwq7yjKbmPumQ5KbWcoB4DKhxeM7i_fYoCA1i5teZ5vXvNkbxeyfGgpJyLbtOFiY6I8xoFQ9DqNXS4-iyFKKaC0KC
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.24.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sf-in-f157.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.mediafire.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

OPTIONS
H3 200 log
translate.googleapis.com/element/ Frame 0
0 548ms
210ms Preflight
text/plain 172.253.118.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f95.1e100.net

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-encoding,content-type,x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://www.mediafire.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,content-encoding,content-type,x-goog-authuser,origin
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=UTF-8
date: Sat, 06 May 2023 15:20:30 GMT
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
translate.googleapis.com/element/ 131 B
152 B 228ms
228ms XHR
text/plain 172.253.118.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.en_GB.kLxg4hOVQTU.O/d=1/rs=AN8SPfqW8dBLRJphnSf5ASR0tCYF_LgIcw/m=el_conf

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.118.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f95.1e100.net

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Content-Encoding: gzip
Referer: https://www.mediafire.com/
X-Goog-AuthUser: 0
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/binary

Response headers

date: Sat, 06 May 2023 15:20:31 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.mediafire.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Verdicts & Comments Add Verdict or Comment

322 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

99 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.mediafire.com/file/nr55aa3lc6x5bi1	1969-12-31 23:59:59	Name: g36FastPopSessionRequestNumber Value: 1
.mediafire.com/	1970-01-20 21:12:26	Name: ukey Value: 1uaxaidhnka2hzigwnmiihp7neujw706
.mediafire.com/	1970-01-20 11:40:45	Name: nrhn Value: 1
.mediafire.com/	1970-01-20 11:36:28	Name: ad_count Value: 1
.mediafire.com/	1970-01-20 12:19:38	Name: conv_tracking_data-2 Value: %7B%22mf_source%22%3A%22regular_download-34%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FChrome%22%2C%22mf_campaign%22%3A%22nr55aa3lc6x5bi1%22%2C%22mf_term%22%3A%226e52d6ed980dd356ba2d4404fb1d4be7%22%7D
.mediafire.com/	1970-01-20 20:22:02	Name: amp_28916b Value: X2z5DSGZqECKx2TmhOILLD...1gvoqci4o.1gvoqci4p.0.1.1
.mediafire.com/	1970-01-20 11:36:28	Name: __cf_bm Value: eoO4oWnRH1RwjAeEwtJPtDbJ8dHamT7OkcHKtn7oQEg-1683386419-0-AYHD4azBd6FsDKGORc99BoL9DRkLvKcs4nSPTiuR7A3VEUgiAiwiRErNKc4U9gO7NkXh7OU0qzv+GyAfV74XfsusZln2uf4JvnyiWAmik/lwcTqOkIwNf5Tvsn3G1IUMXD2lVAEFinsNAVxK9ispBJE=
.mediafire.com/	1970-01-20 21:12:26	Name: _ga_K68XP6D85D Value: GS1.1.1683386420.1.0.1683386420.60.0.0
otnolatrnup.com/	1969-12-31 23:59:59	Name: IKSR Value: {}
otnolatrnup.com/	1969-12-31 23:59:59	Name: INF_DFL8 Value: false
otnolatrnup.com/	1970-01-20 21:12:26	Name: IUID Value: 7ea05482-18fb-4565-8d57-429a0fac938c
otnolatrnup.com/	1969-12-31 23:59:59	Name: ISSH Value: 6B1494
otnolatrnup.com/	1969-12-31 23:59:59	Name: VMI Value:
otnolatrnup.com/	1970-01-20 21:12:26	Name: CHN Value: #[]
otnolatrnup.com/	1970-01-20 21:12:26	Name: MSSH Value: #{}
otnolatrnup.com/	1970-01-20 21:12:26	Name: MSRH Value: #{}
otnolatrnup.com/	1970-01-20 21:12:26	Name: ILP Value: null
otnolatrnup.com/	1970-01-20 21:12:26	Name: ILPLU Value: #1/1/0001 12:00:00 AM
otnolatrnup.com/	1970-01-20 21:12:26	Name: ILEALC Value: #1/1/0001 12:00:00 AM
otnolatrnup.com/	1970-01-20 11:36:40	Name: ILMPF Value: #False
otnolatrnup.com/	1970-01-20 21:12:26	Name: IPMPLU Value: #
otnolatrnup.com/	1970-01-20 21:12:26	Name: IPMUID Value: #
otnolatrnup.com/	1970-01-20 21:12:26	Name: BSWUID Value: #
otnolatrnup.com/	1970-01-20 21:12:26	Name: IBL Value: #[]
otnolatrnup.com/	1970-01-20 21:12:26	Name: ISH Value: #{"101":[{"SId":"6B1494","D":"23/5/6T8:20:20"}]}
otnolatrnup.com/	1970-01-20 21:12:26	Name: ISH_Q Value: #[101]
.mediafire.com/	1970-01-20 21:12:26	Name: _ga Value: GA1.2.1240375817.1683386420
.mediafire.com/	1970-01-20 11:37:52	Name: _gid Value: GA1.2.1173533409.1683386420
.mediafire.com/	1970-01-20 11:36:26	Name: _gat_gtag_UA_829541_1 Value: 1
.mediafire.com/	1970-01-20 20:58:02	Name: __gads Value: ID=0995969f96617dac:T=1683386420:S=ALNI_MZ3Qu9SFuVnAHmhHhDLeFnur2CdpQ
.mediafire.com/	1970-01-20 20:58:02	Name: __gpi Value: UID=00000c0242d2dedf:T=1683386420:RT=1683386420:S=ALNI_MbnTh-471zo6BB_LlQMGGoLXQWhNA
.doubleclick.net/	1970-01-20 21:12:26	Name: IDE Value: AHWqTUlY__LeTF_wA7zvet4Pqh-1V9SABK2mzs7WcZHkT2k304Iz5KPlXWkZ8WPirjE
.openx.net/	1970-01-20 20:22:02	Name: i Value: 620a957f-2648-42cf-b0a3-335a2a436b85\|1683386421
.crwdcntrl.net/	1970-01-20 18:05:13	Name: _cc_dc Value: 2
.crwdcntrl.net/	1970-01-20 18:05:13	Name: _cc_id Value: ffdee26f6a7aa509e03c5d15c589bad9
.mediafire.com/	1970-01-20 18:05:14	Name: _cc_id Value: ffdee26f6a7aa509e03c5d15c589bad9
.mediafire.com/	1970-01-20 11:37:52	Name: panoramaId_expiry Value: 1683472821881
.criteo.com/	1970-01-20 20:58:02	Name: uid Value: e0075a65-7976-4676-a21b-7fab1bc769fe
.mediafire.com/	1970-01-20 20:58:02	Name: cto_bundle Value: cz6pYl9kUiUyRlhYS1ZRN2wlMkZ6YzV3cGtxcWdnRjJrNzZLd0VVY0ZNdUhoOHRzVm55aEhaNUdGQnNkVVFyJTJCQTElMkZoSE5pZUVHeElwWXZpaGFBVzBuQUxEUExoTmlGRDg1U2lxdlR1eVJQN0JnakV5Y0tBdFkyTkpEMG1saWV2T0kxJTJGJTJCdHpBS1lWd3hUWm01SUFwQXVxYWZsanpaZ0ElM0QlM0Q
.openx.net/	1970-01-20 11:58:02	Name: pd Value: v2\|1683386422\|jElYiuvOhI
.adsrvr.org/	1970-01-20 20:23:28	Name: TDID Value: ede12718-ad79-44a9-b88b-8e3378b7dcaf
.openx.net/	1970-01-20 11:58:02	Name: univ_id Value: 537072971\|ede12718-ad79-44a9-b88b-8e3378b7dcaf\|1683386422785148
.socdm.com/	1970-01-20 21:12:26	Name: SOSYNC Value: anNvbjp7Im9wZW54IjoxNjgzMzg2NDIyfQ
.ladsp.com/	1970-01-20 11:36:30	Name: cr Value: 1
.ladsp.com/	1970-01-20 21:12:26	Name: smn_uid Value: Bcsxp13h8PboJJ4ChH9fUQ-JOHTSy44
.ladsp.com/	1970-01-20 21:12:26	Name: lum Value: CKuumY3_MBIFCAMQ0AU
.mediafire.com/	1970-01-20 20:22:02	Name: FCNEC Value: %5B%5B%22AKsRol_aofbTRb1ettTAB1sN7El3HgS3NlcYCf6nOzlkGnDEXfgq_y1nHyPJTi5OlN9Ou0dgh1DsHigCEKU2jfVlLpZeCO1uPkKwtqskBP-RkEoD7m1dJeLsJ06TXcJbNMKXAIpOESQlaZzxKkDGGPByfJMHSbrisg%3D%3D%22%5D%2Cnull%2C%5B%5D%5D
.media.net/	1970-01-20 20:22:02	Name: visitor-id Value: 3263880231539185000V10
.pubmatic.com/	1970-01-20 20:22:02	Name: KADUSERCOOKIE Value: AEBDC86C-8970-407F-8AAC-D70E1C1C1421
.pubmatic.com/	1970-01-20 13:46:02	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-20 11:37:52	Name: pi Value: 158936:2
.pubmatic.com/	1970-01-20 13:46:02	Name: DPSync3 Value: 1684540800%3A201_245_226%7C1683936000%3A248
.pubmatic.com/	1970-01-20 13:46:02	Name: SyncRTB3 Value: 1683936000%3A223%7C1684540800%3A220_21_13_22_54_46_3_71_7
.bidswitch.net/	1970-01-20 20:22:02	Name: tuuid Value: d24ff8cd-47e5-4dd2-b7a0-67618b10a518
.bidswitch.net/	1970-01-20 20:22:02	Name: c Value: 1683386424
.bidswitch.net/	1970-01-20 20:22:02	Name: tuuid_lu Value: 1683386424
.media.net/	1970-01-20 12:19:38	Name: data-c Value: e0075a65-7976-4676-a21b-7fab1bc769fe~~1
.media.net/	1970-01-20 12:19:38	Name: data-c-ts Value: 1683386424
.media.net/	1970-01-20 11:56:36	Name: data-ttd Value: ede12718-ad79-44a9-b88b-8e3378b7dcaf~~1
.media.net/	1970-01-20 11:56:36	Name: data-g Value: CAESELGq2UMX-NwsgzF5ogk3blA~~8
.tapad.com/	1970-01-20 13:02:50	Name: TapAd_TS Value: 1683386424445
.tapad.com/	1970-01-20 13:02:50	Name: TapAd_DID Value: cd9a262d-5849-48a0-b909-6d08bed671a1
.go.sonobi.com/	1970-01-20 12:19:38	Name: __uis Value: 0666983f-8099-47fc-99f3-ff7d9b5dae87
.creativecdn.com/	1970-01-20 20:22:02	Name: u Value: ElCzVwl279TaTcPhzO3c
.creativecdn.com/	1970-01-20 20:22:02	Name: ts Value: 1683386424
.w55c.net/	1970-01-20 21:08:07	Name: wfivefivec Value: 8lkDthZs1PVjHW5
.everesttech.net/	1970-01-20 20:22:02	Name: everest_g_v2 Value: g_surferid~ZFZwOAAIAvXDeQBS
.simpli.fi/	1970-01-20 20:23:28	Name: suid Value: 4BB8D5DD65FD4B7D9D4FF5E96074F484
.mathtag.com/	1970-01-20 21:02:21	Name: uuid Value: a50a6456-7038-4a00-87df-168d368260cf
.pubmatic.com/	1970-01-20 12:19:38	Name: KRTBCOOKIE_377 Value: 6810-ede12718-ad79-44a9-b88b-8e3378b7dcaf&KRTB&22918-ede12718-ad79-44a9-b88b-8e3378b7dcaf&KRTB&23031-ede12718-ad79-44a9-b88b-8e3378b7dcaf
.zemanta.com/	1970-01-20 20:22:02	Name: zuid Value: QKkXa7FcPWWBLMov9Exs
.w55c.net/	1970-01-20 12:19:38	Name: matchmedianet Value: 5
.adnxs.com/	1970-01-20 13:46:02	Name: uuid2 Value: 3148599032165037369
.media.net/	1970-01-20 12:16:45	Name: data-so Value: 0666983f-8099-47fc-99f3-ff7d9b5dae87~~8
.analytics.yahoo.com/	1970-01-20 20:22:02	Name: IDSYNC Value: 18z8~2bhr
.yahoo.com/	1970-01-20 20:22:24	Name: A3 Value: d=AQABBDhwVmQCEKJVy77ntagIasXXjvmZZwoFEgEBAQHBV2RgZA0BxyMA_eMAAA&S=AQAAAg0AS0C6A_mP_ycys4VM4NU
.pubmatic.com/	1970-01-20 12:19:38	Name: KRTBCOOKIE_80 Value: 16514-CAESEEmK_deMMDGYt_hyAGlLCmE&KRTB&22987-CAESEEmK_deMMDGYt_hyAGlLCmE&KRTB&23025-CAESEEmK_deMMDGYt_hyAGlLCmE&KRTB&23386-CAESEEmK_deMMDGYt_hyAGlLCmE
.adsrvr.org/	1970-01-20 20:23:28	Name: TDCPM Value: CAESFwoIcHVibWF0aWMSCwiS1LWl7pPnOxAFEhQKBXRhcGFkEgsI7Kqpq-6T5zsQBRgBIAEoAjILCOyirNiElOc7EAU4AVoFdGFwYWRgAg..
.semasio.net/	1970-01-20 20:22:02	Name: SEUNCY Value: 4BE0EEBAF6DE6477
.pubmatic.com/	1970-01-20 12:19:38	Name: KRTBCOOKIE_27 Value: 16735-uid:a50a6456-7038-4a00-87df-168d368260cf&KRTB&16736-uid:a50a6456-7038-4a00-87df-168d368260cf&KRTB&23019-uid:a50a6456-7038-4a00-87df-168d368260cf&KRTB&23114-uid:a50a6456-7038-4a00-87df-168d368260cf
.media.net/	1970-01-20 20:20:36	Name: data-xu Value: 8lkDthZs1PVjHW5~~8
.tapad.com/	1970-01-20 13:02:50	Name: TapAd_3WAY_SYNCS Value: 1!3039
.rfihub.com/	1970-01-20 20:58:02	Name: rud Value: H4sIAAAAAAAA_-MSNrQ0NzEwNTG2NDIwMTE0szAwsBDiM9QtcQ-3KCnzdrMMzyoFACTqBX4lAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNrQ0NzEwNTG2NDIwMTE0szAwsBDiM9QtcQ-3KCnzdrMMzyoFACTqBX4lAAAA
.rfihub.com/	1970-01-20 20:58:02	Name: eud Value: H4sIAAAAAAAA_9vEyGtoZmFsbGFmYmRiaWEBANhmKl0QAAAA
.media.net/	1970-01-20 20:20:36	Name: data-bs Value: d24ff8cd-47e5-4dd2-b7a0-67618b10a518~~1
.media.net/	1970-01-20 20:20:36	Name: data-rk Value: 1991787316535179537~~8
.media.net/	1970-01-20 20:22:02	Name: data-rbh Value: ElCzVwl279TaTcPhzO3c~~1
.pubmatic.com/	1970-01-20 12:19:38	Name: KRTBCOOKIE_57 Value: 22776-3148599032165037369&KRTB&23339-3148599032165037369
.pubmatic.com/	1970-01-20 12:19:38	Name: PugT Value: 1683386425
.pubmatic.com/	1970-01-20 12:19:38	Name: KRTBCOOKIE_18 Value: 22947-1974054392044168008
.bluekai.com/	1970-01-20 16:01:24	Name: bku Value: ikG99ekyPZuREwDA
.bluekai.com/	1970-01-20 16:01:24	Name: bkpa Value: KJ0WpfNrtp9Dh4s7DzzWrPE+5QQv0CuFH/ZAHanXtZEjx96fEZW8H5m7nyJAfluZcleIMIFo47yWXgE22rB6KObfz80l4OkY3cg8IF+fdV42zMLKEg477d4fgfDQ+9OK9BXdgKdU8KcFXVVIlrKc84Vk9wbtcZdgIlDoQmXFqX4p4Y39ndwkLoIUXTzMda9xoioGtov8oGNtAXiQ1ZYlRjwtR6i2D2Jq+WkGkVNLKXvD0+WuhlCmmJqPP3gLx93DFAxWP37LxM467bfU6LBmWCv6ZA/f5WRGfXzARorBoh8ivf9sxAne5lWLuSLBBnE1cOVN7qHREfZVddLkCstpYSWAVVPM08vNZk3chMW+wfjv5R8HkAE/zK1lWSep25HstBR8R8K+N0/yWsTSK1JrbWcbRmPUk7PkcVyzP8BgJwHN1tVcrQGTjGqvmWpjNz3TCoS1urmyOG5SZ/SYGf/Sr8xzaKbpUpCLYDB5JSujGHxKjKktrFJ/WbwKsvEdOQYJQJyf
.mfadsrvr.com/	1970-01-20 21:12:26	Name: tuuid Value: ad6f0e6c-6c9a-4f33-9e41-49f670b4acd6
.mfadsrvr.com/	1970-01-20 21:12:26	Name: c Value: 1683386425
.pubmatic.com/	1970-01-20 12:19:38	Name: SPugT Value: 1683386426
.mfadsrvr.com/	1970-01-20 21:12:26	Name: tuuid_lu Value: 1683386426
.mfadsrvr.com/	1970-01-20 21:12:26	Name: ssh Value: !medianet,1683386426
.media.net/	1970-01-20 20:22:02	Name: data-mf Value: ad6f0e6c-6c9a-4f33-9e41-49f670b4acd6~~1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

63dc4bbfec220aab4af1438a99217a9b.safeframe.googlesyndication.com
ad-delivery.net
ad.doubleclick.net
ads.pubmatic.com
adservice.google.com
adservice.google.com.au
analytics.google.com
api.amplitude.com
api.btloader.com
b1sync.zemanta.com
bcp.crwdcntrl.net
btloader.com
btlr.sharethrough.com
c21lg-d.media.net
cdn.amplitude.com
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.otnolatrnup.com
cdn.prod.uidapi.com
cm.g.doubleclick.net
contextual.media.net
cr-p3.ladsp.com
creativecdn.com
cs.media.net
dis.criteo.com
esp.rtbhouse.com
fundingchoicesmessages.google.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
ib.adnxs.com
id5-sync.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
invstatic101.creativecdn.com
jp-u.openx.net
match.adsrvr.org
oa.openxcdn.net
oajs.openx.net
otnolatrnup.com
p.rfihub.com
pagead2.googlesyndication.com
pixel.tapad.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.media.net
rtb.mfadsrvr.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
stags.bluekai.com
static.cloudflareinsights.com
static.criteo.net
static.mediafire.com
static.xx.fbcdn.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.crwdcntrl.net
sync.go.sonobi.com
sync.mathtag.com
tags.crwdcntrl.net
tg.socdm.com
tpc.googlesyndication.com
translate.google.com
translate.googleapis.com
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.com.au
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.mediafire.com
x.bidswitch.net
103.229.206.240
103.231.98.193
104.16.54.48
104.16.57.101
104.19.215.37
104.254.151.36
104.26.3.70
104.26.7.139
104.65.229.32
119.9.108.211
13.224.250.125
13.228.126.19
13.229.194.156
13.33.88.71
13.33.91.110
130.211.23.194
141.95.98.64
142.250.4.154
142.251.10.132
142.251.10.94
142.251.12.101
142.251.12.113
151.101.2.49
151.101.65.229
157.240.15.35
157.240.235.1
172.217.194.148
172.217.194.154
172.253.118.139
172.253.118.95
172.67.38.106
175.41.152.129
18.142.101.71
182.161.73.129
182.161.73.136
182.161.73.146
184.86.92.23
185.184.8.90
198.8.71.130
202.241.208.57
207.65.33.82
23.200.152.26
23.57.113.186
3.122.45.137
34.102.146.192
34.107.148.139
34.111.113.62
34.120.135.53
34.142.175.23
34.96.70.87
34.98.64.218
35.190.39.111
35.213.12.39
35.71.131.137
44.239.189.233
52.76.106.12
52.84.225.46
64.202.112.63
64.233.170.154
67.199.150.81
67.199.150.85
67.199.150.86
72.34.250.75
74.125.130.103
74.125.130.157
74.125.24.132
74.125.24.138
74.125.24.156
74.125.24.157
74.125.24.94
74.125.24.97
01d0013382ed5c8953c684871225722a4f6b29957266647578d58b00d5c7416a
03c8d2dc7d985c3004ff2cd6d8148dd03560f37ed15efdf6c2d7f4d771d0e599
0aa86963825ed96ee774ed9b19c43654105ad24f2d1a28b389eae5e19b4c7f21
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c34dc4de2a524e93b1315788f03ba101b99e22ff50082945e84a00368d73e16
0fb43b0dff65716507a4c71481040dcfc8b9bde44f5c57a2427dcdd2100fc0fe
1162da5b84b619ead4713ff13712956f887e11698f7e7398cd54b00375e14f48
117ef3d1ce1e9b17d0c9106d6c753959d0dc1703a290646cd7d2d96edd47e838
11944757c364bf2dc0d0afa361692319ca0348e29cade31f66f6820be7b160a2
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1af0b9a50b716fcf1e4128d57b1575f7c8528a446a88f75a26ac46de9f855444
222bc4d276a864bc43e999b9bbfd8de2da572144bdaacbd1fac47c487d1c3a59
2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4
2460f618f38ac1366442bcddaaa9278f3882af28eeda7d6afe9301e0649944ee
2592f294c063fb7e4cf11747047e3a4e1311f419073c67bb9507161e379d2019
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f3d0f38052f4b53e15b482e6203cf25cf7e82ed36d826b444bfa66dad7ba007
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
39e39944dfc14cc87c2635323cd48dc27ac7bb14e0357fdc0855eeb35f8644c5
3a51625087eb28a0480adec7f71248ac49bdfdda89ba5985962e6188c88e12cb
3b89401fea631023de67ae75bf8f246b1af109a9a4247c3862016949eacc462b
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
408ac841a8425807e8a6963b40e31157c2fcb88b61b6253a60544b1cc6d73427
4342feac38021c4fe3069eba0edf1c2e1b4345e2b548b0afb7ab21b7369b3bc8
43e7bb8dfb305a08e417376b646f774fd234b8f75ecd61df3cad6e526d67b969
4448e430d3c53bad548a5d135e1c7e2f9593e806ba47892640d430ea752e979e
447fc3e3dcad227ce80bc753a969344c3acbe9a59947ac9a7e43d6854431313d
4551fa43ac4766a3ace09bb20e440e11539b2d4a4b5ab055ca5eb79e91810abf
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
5071036697f3f545ac7dabb0106e6b66ae9e52caf6103eecb4268d1f06eae38d
53d02bc79c6460b5e37ff8edcecfba43797f2ee84f65340353938a6cd5cb72f6
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5865b49634471e52c9aed5ecb91ab81ad5b29472658ea9f3782bf6076545c409
5a548d85bc3749b08c6edece2b2157c5e48b65e72c5768c57ce27ea69b6fe47a
5a78ac3d2b2edc63de975db150dd3c39e3e26b8a1e4a743c95e0e37c6b83901b
5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99
60a1310153b2f271b21004a33c348c2a96f2e096b7f69493ece8807057a7c76d
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
656efd634e3cf6268cfd2af38853c844862fc6c2a0e113731b6630ceb7899c69
6b0ccc770ab3f8289f75954a1be31078c4f13f48f80ef34e610807a038ab36c0
6dc7917529ca101209b15752c61816375bbbb8b7b9809efb540ccacf45748d09
720671166ac43aba99e3952b0b9341ab4e0fee1fd891db54e2a07f05db653142
728dbf8edf1a70b7cfc5567fc1a429c4d64f2a1d4a93b33ab791c1dc69e9528c
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
75a488dfcd208c25f9f2641236c11c45997dc2fd899b3e385b71840536c5bd6c
77384310d4ffb3b35481ce813a3ef4f3cbcf694e8a7a58f6698c692bdf27de5e
778d4fe92391870c744e4d501e4fde6e47c1a5e1d1ce3b89bba6ef5c239a77c9
7817ee889e9c73351b96c97c740c9dd746ba87ebd6c6fcab3cd77cd021920ce7
792cc927203c0f990667d3bc779c176005fc90384043b385183cbc1684344709
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7acad1a3006d84b408db98d5db926e2aadf436f598212b12977277b72bb2139c
7adfac299561b9d5ab03c88e9d582cf76bd31746a4c0564d7d0d428199c943df
7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02
7c2ccd03bdb617086bc1b5f638666fcbff2747988d7a0f8db7ba4df1fab6db1e
7d25d283cffb27454f0defc451d2f1d42ea8ce681aa56a395817871b895420cd
7d60ff17f163624203f461d3f0cd19b0ad8e079cc67039fbedbaee1f8866bc6f
7db470720bc87269e9bf81c2da2649d4f59d54eb54ca5ed4547855758d6688a0
82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26
83b4150f43fc1362f85f40b1053a6b77ba9029d44cb696e227834fd8eafe7811
8539c91ae0a82f8cab27d481ea38ac4e66d1e5b36701fe295bcba4399b9255bd
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9cf4fc9350f69e442ebfdf130d4e601377e9273b642282a1ebb4f79d6116e8c5
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032
a69cbc4800f6bbd0596aee018c28d98265bf0ba9ef5ea945646a2b05fc94637a
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b3bb446c46bd92525dbe82acbea70520ba082eea57c924da55e31a4a5644f1f3
b3bf80656f07d3feb15db9c84737af96f3f6614c080aed231f8493d61d5d9c48
b57c6f5bbf70b5cfc8e8dccae82b30ef1f23e40b12f0baced03ea8f6abfec5fd
b7637a4cc7e15b52376c9dba975683af0b7987a44b3d05200747c035a6852274
bdef6728223a15c971792554000d8968800fe13a8a2436428c1a5968152f5ec1
c7fc8dae04703101d705fac5268f8900d96149d6b2d3fdd6c1fac249ed16cf1b
cb1e5b6629746e4dae8f81b033d81a84064f9c84bb6bd4118568623b083f7d50
cbb99c4149249b280f1d3d924d9bdd29a4a14cba1e71775fb3bdbdf13ebd5a48
cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7
cee9fd8e304615d5ace755818a222fb75754484b38923463745dfed56bf4e3fe
cf15c2f0f3846a4ddf53eb72d02c9c0cc0194cfdc10cb0dae8ff251ece1118e0
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d11a71f0353c068e6579f10a95d268f0f76b56ef90e138c9195488b91e0ed39a
d16bd5ce2372cf57d0474440716f82ef16dc7d82233c456cd932d68230c34790
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
d961a31d3d2fdb93a35a4024f9878b2ed896cd86a084ceb8df6af3bc53e29125
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
dbc3cf4c759cf16556afd900db1be5f1b4a5b2e70616ee83ef10adab3970e1c7
dc54b817820f14ce6395ba2a037f37d4bb0af75d5b017336140793fbe2f7f738
dc80f4fe943f0db1f2e9bbbbdd7ca41c64add4eef1f26bed31c1a798893ee034
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff30ddcd65ef8e1034b94d93fd1179456a3286e0d142304718ca7c77ec09a22
f52a0c7d9fa7ae8e45916c491ae7193f9a1e289f128f05264122c53d8da970db
f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061
fa1f876cb70f7a711191b9dab191d9cc1c037ae4f5f5ea032dfe742f51c07f65
fc8ce5eaa47b131d33f295963f266b3f5bae7266dc7e31e649a06c556fdddef6
fcc266407912bd60b6561a03279f14e6168aca03032825bb28ff35120f5386f5
fd162bf9a4a5b615b214057a07baaa385749b91f573a25b35f66936b1dd6cf72

www.mediafire.com Open in urlscan Pro 104.16.54.48 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

182 Requests

88 %HTTPS

0 %IPv6

47 Domains

80 Subdomains

57 IPs

8 Countries

1870 kBTransfer

5062 kBSize

99 Cookies

9 Outgoing links

Redirected requests

182 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.mediafire.com Open in urlscan Pro
104.16.54.48 Public Scan

Screenshot
Live screenshot

Full Image

182
Requests

88 %
HTTPS

0 %
IPv6

47
Domains

80
Subdomains

57
IPs

8
Countries

1870 kB
Transfer

5062 kB
Size

99
Cookies

182 HTTP transactions
5 data transactions